ci: update CI process (#66)

* ci: update CI process

This makes changes to CI and testing for this repo.

* Moves to using Nox to test on multiple python version (3.7, 3.8. 3.9.
  3.10). This is configured via noxfile.py
* Adds pre-commit hooks (.pre-commit-config.yaml) to do linting and
  testing of code at commit time
* Uses pytest-cov to gather coverage info for the repo and upload it to
  codecov.io
* Adds flake8 linting
* Adds bandit security scanning
* Adds safety dependency scanning
* Adds dependabot dependency updates and alerts and a GHA workflow to
  automatically merge dependabot PRs that pass CI.
* Adds a GHA workflow to manage releases using release-please and conventional
  commits (release-please.yml)
* Adds a GHA workflow to upload releases to pypi automatically
  (release.yml)
* Adds a GHA workflow to manage repo settings (repo-manager.yml)
* Documents how to use some of these new features in CONTRIBUTING.rst
  and other docs.

* ci: remove repo-manager workflow

Author: andrewthetechie

.flake8

@@ -0,0 +1,11 @@
+
+[flake8]
+# Eventually would add D and DAR
+select = B,B9,C,E,F,N,RST,S,W
+ignore = E203,E501,RST201,RST203,RST301,W503,B902,N805,DAR402
+max-line-length = 119
+max-complexity = 10
+docstring-convention = google
+per-file-ignores = tests/*:S101
+rst-roles = class,const,func,meth,mod,ref
+rst-directives = deprecated

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,38 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+**Describe the bug**
+A clear and concise description of what the bug is.
+
+**To Reproduce**
+Steps to reproduce the behavior:
+1. Go to '...'
+2. Click on '....'
+3. Scroll down to '....'
+4. See error
+
+**Expected behavior**
+A clear and concise description of what you expected to happen.
+
+**Screenshots**
+If applicable, add screenshots to help explain your problem.
+
+**Desktop (please complete the following information):**
+ - OS: [e.g. iOS]
+ - Browser [e.g. chrome, safari]
+ - Version [e.g. 22]
+
+**Smartphone (please complete the following information):**
+ - Device: [e.g. iPhone6]
+ - OS: [e.g. iOS8.1]
+ - Browser [e.g. stock browser, safari]
+ - Version [e.g. 22]
+
+**Additional context**
+Add any other context about the problem here.

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,20 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+**Is your feature request related to a problem? Please describe.**
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+**Describe the solution you'd like**
+A clear and concise description of what you want to happen.
+
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you've considered.
+
+**Additional context**
+Add any other context or screenshots about the feature request here.

.github/README.md

@@ -0,0 +1,49 @@
+# .github/workflows
+
+## ISSUE_TEMPLATE
+
+Used as templates when creating new issues in the repo
+
+## Workflows
+
+### constraints.txt
+
+Constraints.txt is a pip install file that constrains some python requirements outside of poetry.
+
+### dependabot-auto-merge.yml
+
+A workflow that runs on PRs that will automatically merge dependabot update PRs that pass testing
+
+### release-please.yml
+
+A workflow that manages releases for the repo. On merges to the main branch, it scans them for [conventional commits](https://www.conventionalcommits.org/en/v1.0.0/)
+and will then create or update a release pr with those changes. The [release-please](https://github.com/googleapis/release-please) docs have more info.
+
+When that release pr is merged, it will build and upload to pypi.
+
+### release.yml
+
+A workflow that runs on the creation of releases to upload the package to pypi
+
+### repo-manager.yml
+
+Works with .github/settings.yml and the [repo-manager Github Action](https://github.com/marketplace/actions/yaml-repo-manager) to configure settings for the repo.
+
+Runs as a cron everyday at 00:02 and on demand with workflow dispatch.
+
+### Required Secrets
+
+* THIS_PAT - a personal access token that has access to create releases on this repo and edit the repo's settings. Used with release-please and repo-manager
+* PYPI_TOKEN - a pypi token that can upload to pypi for this package. Used with release
+
+## dependabot.yml
+
+Configures dependabot updates and alerts for this repo
+
+## release-drafter.yml
+
+Configures how release notes are written by release-please
+
+## settings.yaml
+
+repo-manager settings that are configured on the repo

.github/dependabot.yml

@@ -0,0 +1,18 @@
+version: 2
+updates:
+  - package-ecosystem: github-actions
+    directory: "/"
+    schedule:
+      interval: daily
+  - package-ecosystem: pip
+    directory: "/.github/workflows"
+    schedule:
+      interval: daily
+  - package-ecosystem: pip
+    directory: "/docs"
+    schedule:
+      interval: daily
+  - package-ecosystem: pip
+    directory: "/"
+    schedule:
+      interval: daily

.github/release-drafter.yml

@@ -0,0 +1,29 @@
+categories:
+  - title: ":boom: Breaking Changes"
+    label: "breaking"
+  - title: ":rocket: Features"
+    label: "enhancement"
+  - title: ":fire: Removals and Deprecations"
+    label: "removal"
+  - title: ":beetle: Fixes"
+    label: "bug"
+  - title: ":racehorse: Performance"
+    label: "performance"
+  - title: ":rotating_light: Testing"
+    label: "testing"
+  - title: ":construction_worker: Continuous Integration"
+    label: "ci"
+  - title: ":books: Documentation"
+    label: "documentation"
+  - title: ":hammer: Refactoring"
+    label: "refactoring"
+  - title: ":lipstick: Style"
+    label: "style"
+  - title: ":package: Dependencies"
+    labels:
+      - "dependencies"
+      - "build"
+template: |
+  ## Changes
+
+  $CHANGES

.github/workflows/constraints.txt

@@ -0,0 +1,7 @@
+pip==22.2.2
+nox==2022.1.7
+nox-poetry==1.0.1
+poetry==1.1.14
+virtualenv==20.15.1
+poetry-dynamic-versioning==0.17.1
+toml==0.10.2

.github/workflows/dependabot-auto-merge.yml

@@ -0,0 +1,14 @@
+name: Auto Merge Dependabot
+
+on:
+  pull_request:
+
+jobs:
+  auto-merge:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: ahmadnassri/action-dependabot-auto-merge@v2
+        with:
+          target: minor
+          github-token: ${{ secrets.THIS_PAT }}

.github/workflows/release-please.yml

@@ -0,0 +1,14 @@
+on:
+  push:
+    branches:
+      - main
+name: release-please
+jobs:
+  release-please:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: google-github-actions/release-please-action@v3
+        with:
+          token: ${{ secrets.THIS_PAT }}
+          release-type: python
+          package-name: ducks

.github/workflows/release.yml

@@ -0,0 +1,40 @@
+name: Release to pypi
+
+on:
+  release:
+    types: [released]
+
+jobs:
+  release:
+    name: Release
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out the repository
+        uses: actions/[email protected]
+        with:
+          fetch-depth: 2
+
+      - name: Set up Python
+        uses: actions/[email protected]
+        with:
+          python-version: "3.10"
+
+      - name: Upgrade pip
+        run: |
+          pip install --constraint=.github/workflows/constraints.txt pip
+          pip --version
+
+      - name: Install Poetry
+        run: |
+          pip install --constraint=.github/workflows/constraints.txt poetry poetry-dynamic-versioning
+          poetry --version
+
+      - name: Build package
+        run: |
+          poetry build --ansi
+
+      - name: Publish package on PyPI
+        uses: pypa/[email protected]
+        with:
+          user: __token__
+          password: ${{ secrets.PYPI_TOKEN }}