feat(ci): implement official python-semantic-release GitHub Action

[jbdevprimary]

Summary

Complete rewrite using official python-semantic-release GitHub Action following best practices from the official documentation.

Research Findings

Used ddgr to research best practices:

• ✅ Official python-semantic-release action is the recommended approach
• ✅ Works properly with GitHub's permissions model
• ✅ Handles branch protection correctly via GitHub API
• ✅ Supports PyPI Trusted Publishing

Key Changes

1. Official Action (python-semantic-release@v9.14.0)

- uses: python-semantic-release/python-semantic-release@v9.14.0
  with:
    github_token: ${{ secrets.GITHUB_TOKEN }}
    root_options: "-vv"

2. Proper Permissions

permissions:
  contents: write      # Create commits and tags
  id-token: write      # PyPI Trusted Publishing  
  pull-requests: write # Good practice

3. Updated pyproject.toml

• Added [tool.semantic_release.remote] configuration
• Added commit_parser_options for conventional commits
• Configured changelog generation properly

4. Uses New PYPI_TOKEN

• Leverages the newly synced token
• Verbose output for debugging
• Skip-existing for safety

Why This Works

The official action:

• ✅ Uses GitHub API instead of git push (bypasses branch protection)
• ✅ Properly handles GITHUB_TOKEN permissions
• ✅ Follows semantic versioning and conventional commits
• ✅ No manual workflows - fully automated
• ✅ No workarounds - uses official tooling

Testing

This commit itself is a feat: commit, so:

1. When merged, will trigger release workflow
2. Should detect this as minor version bump
3. Will create tag, publish to PyPI, create GitHub release
4. Fully automated end-to-end

References

• https://python-semantic-release.readthedocs.io/en/latest/configuration/automatic-releases/github-actions.html
• Bypass protected branches with deploy keys python-semantic-release/python-semantic-release#1343

---

Note

Modernizes the release pipeline to use the official action and centralizes configuration.

• Replaces manual semantic-release scripting with python-semantic-release@v9.14.0 in ci.yml; adds Python/UV setup and keeps checkout with persisted credentials
• Sets explicit job permissions (contents, id-token, pull-requests write) and uses GITHUB_TOKEN; gates PyPI and GitHub Releases steps on action outputs
• Updates pyproject.toml: adds [tool.semantic_release.remote], changelog configuration, and commit_parser_options while retaining build/version settings

^{Written by Cursor Bugbot for commit 9476780. This will update automatically on new commits. Configure here.}

[cursor]

Changelog template_dir references non-existent directory

The template_dir = "templates" configuration points to a templates directory that doesn't exist in the repository. Python-semantic-release uses this path to locate Jinja2 templates for changelog generation. When the release workflow runs, it will fail trying to access this non-existent directory. Either remove the template_dir line to use default templates, or create the templates directory with the appropriate changelog template files.