Tn improve GitHub actions

[tanguyNaets]

(NOTE: test pipeline is currently failing because the previous PR to fix flake8-bandit is not part of main yet.)

• Implement github action workflows with similar evolved behavior to the gitlab ci
  • Dockerise the application for testing
  • Cache the docker images for faster rebuild
  • Use same tagging strategy as in the gitlab ci, both for CI and App docker images
  • Upload mypy and pytest results as artifacts only on testing failure as in gitlab ci instead of not uploading those artifacts at all
  • Upload coverage result as an artifact (previously, the purpose was apparently to send the coverage result to Codecov, but failed because Codecov requires a priced account and tokens to connect to it)
  • Enforce successful Test workflow before manual triggering of Deploy workflow
  • Set-up feature, test, development, acceptance, production environments that get integrated with github web interface (similarly to what we achieve in gitlab ci)
  • Prevent Deploy workflow from running on acceptance and production environments if not tagged (similarly to what we achieve in gitlab ci)
  • Prevent Publish workflow from running if Test workflow failed in github actions
  • Run Publish workflow poetry commands in the docker image
• Put emphasis on one tricky part of the readme installation steps
• Refactor DOCKER_PUSH variable into more understandable DOCKER_BUILD_PUSH
• Ensure DOCKER_BUILD_PUSH is set to 1 when deploying so App image building, tagging and pushing gets triggered.
• Remove pip dependabot, as it doesn't follow the allowed bumping strategy defined for each package in the pyproject.toml. For instance, it will try to major version a package, even if the package strategy in the pyproject.toml is set to not bump, bump patch or bump minor

[lsorber]

Hey @tanguyNaets, thanks for this PR! It's a pretty big one, so it will take some time to go through this in detail. Are there any smaller parts you could spin out into a separate PR so that we can get those improvements merged quicker already?

[tanguyNaets]

In addition to the main goal of the PR (improve github actions), I could have the following PRs:

1. Small edit of the readme to put emphasis on an easily missed step (1 line change)
2. Remove pip from github's dependabot (3 lines removed)
3. Leverage properly sentry: I can probably remove that one now that you are tackling it in your sentry PR. I'll need a bit of refactoring to remove the changes related to that bit of the PR.

Apart for the 3rd one, is it really worth it for you having 1 and 2 in separate PRs? If so, I'll split them. LMK

[tanguyNaets]

I removed the 3rd one since sentry is now a generic feature. RFR

[tanguyNaets]

I removed the 3rd one since sentry is now a generic feature. RFR

[lsorber]

Related: #63

[lsorber]

Closing this PR as we've recently reworked the CI/CD pipelines in #206.