release: bump version to 0.3.0

[echarrod]

Fixes #78.

Summary

• Bumps VERSION to 0.3.0 (PyPI has been stuck at 0.0.10 despite tags v0.1.0 and v0.2.0 existing — the version was never bumped in code and nothing was published)
• Adds a Releasing section to CONTRIBUTING.md documenting the end-to-end process
• Adds .github/workflows/publish.yml: builds and publishes to PyPI automatically when a GitHub Release is created, using PyPI Trusted Publishing (OIDC — no stored secrets needed)
• Removes unrecognised B107 bandit skip (was causing pre-commit failures)

Next step after merging

Set up Trusted Publishing on PyPI for this repo, then:

git checkout main && git pull origin main
gh release create v0.3.0 --title "v0.3.0" --generate-notes

Summary by CodeRabbit

• Chores

  • Bumped package version to 0.3.0
  • Added automated publishing workflow for PyPI using trusted publishing

• Documentation

  • Added a “Releasing” section detailing release steps, semantic versioning, and trusted-publishing setup

• Security

  • Re-enabled static-analysis check so hardcoded-password detection runs during scans

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 3d5b2ef8-440d-4efb-8d6b-85db384bb0b7

📥 Commits

Reviewing files that changed from the base of the PR and between f47087b and 0f7bebe.

📒 Files selected for processing (2)

• .github/workflows/publish.yml
• CONTRIBUTING.md

✅ Files skipped from review due to trivial changes (2)

• CONTRIBUTING.md
• .github/workflows/publish.yml

---

📝 Walkthrough

Walkthrough

Adds a GitHub Actions workflow .github/workflows/publish.yml that builds the package on release → published and on manual workflow_dispatch, uploads the dist/ artifact, and publishes to PyPI using pypa/gh-action-pypi-publish with OpenID Connect (trusted publishing). Updates CONTRIBUTING.md with a “Releasing” section describing semantic versioning, bumping VERSION in luno_python/__init__.py, Git/GitHub Release steps, and notes about Trusted Publishing. Bumps luno_python.VERSION from 0.0.10 to 0.3.0. Removes B107 from Bandit skips in pyproject.toml.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐰 I nibbled through CI with a twitch and a grin,
Built tiny wheels and tucked them in.
Version hopped up, a bright little spring,
Releases ready — hear the tinny ring! 🎉🐇

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately and concisely summarises the primary change: bumping the version to 0.3.0 for release, which is the main objective of this pull request.
Description check	✅ Passed	The description is clearly related to the changeset, providing context for version bump, workflow additions, documentation updates, and bandit configuration fix.
Linked Issues check	✅ Passed	The PR successfully addresses issue #78 by bumping VERSION to 0.3.0, adding automated PyPI publishing workflow with Trusted Publishing, and documenting the release process.
Out of Scope Changes check	✅ Passed	All changes are within scope: version bump addresses the outdated PyPI package issue, the publish workflow enables automated publishing, documentation supports the release process, and the bandit fix removes a blocking pre-commit failure.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch echarrod-release-0.3.0

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@CONTRIBUTING.md`:
- Around line 99-103: Replace the phrase "publish workflow" with "publishing
workflow" in the CONTRIBUING.md paragraph describing the PyPI Trusted Publishing
section so the prose reads naturally; update both occurrences that currently
read "publish workflow" (the sentence beginning "This triggers the publish
workflow..." and the later mention in "pointing at this repository's
`publish.yml` workflow") to "publishing workflow" while preserving the reference
to `publish.yml`.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: c9b860e5-40f1-4c1d-9a6f-f898dc18a252

📥 Commits

Reviewing files that changed from the base of the PR and between 002cdde and 743450b.

📒 Files selected for processing (4)

• .github/workflows/publish.yml
• CONTRIBUTING.md
• luno_python/__init__.py
• pyproject.toml

💤 Files with no reviewable changes (1)

• pyproject.toml

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud