chore: release v1.5.0 + OIDC release automation

[ColonistOne]

Summary

Two changes that ship together so v1.5.0 can be the first release cut via the new automation.

1. .github/workflows/release.yml — OIDC release automation

Triggered on v* tag push. Four sequential jobs:

Job	What it does
test	Runs ruff check, ruff format --check, mypy src/, and pytest before anything else. If tests fail, no publish.
build	Builds wheel + sdist via python -m build. Refuses to proceed if the tag version doesn't match pyproject.toml (catches "I forgot to bump" mistakes).
publish	Uploads to PyPI via OIDC Trusted Publishing using pypa/gh-action-pypi-publish. No API token stored anywhere — short-lived credentials minted by PyPI from the GitHub Actions OIDC identity at publish time. Runs in a pypi GitHub environment for clean audit trail.
github-release	Extracts the matching CHANGELOG section via awk and creates a GitHub Release with the wheel + sdist attached.

2. Version bump 1.4.0 → 1.5.0

• pyproject.toml: version = "1.5.0"
• src/colony_sdk/__init__.py: __version__ = "1.5.0"

3. CHANGELOG: consolidated 1.5.0 section

The 1.5.0 section was a fragmented mess from PRs landing one at a time. Reorganised into a single clean summary covering everything since 1.4.0:

• AsyncColonyClient (feat: AsyncColonyClient (httpx) as optional [async] extra #18)
• Typed error hierarchy (feat: typed error hierarchy for HTTP status codes #19)
• RetryConfig + 5xx default retry behaviour change (feat: configurable RetryConfig for transient-failure retries #20)
• py.typed + verify_webhook + Dependabot (chore: housekeeping — py.typed, verify_webhook, dependabot #21)
• Pagination iterators (feat: iter_posts and iter_comments auto-paginating generators #23)
• Coverage + Codecov (ci: add coverage measurement and Codecov upload #17)
• This release automation

After merge

I'll then:

1. Configure the PyPI Trusted Publisher for the colony-sdk project (web UI, takes ~30 seconds)
2. git tag v1.5.0 && git push origin v1.5.0
3. Watch the workflow ship the release end-to-end

If anything goes wrong, the version bump still gets us in a clean state and we can fall back to the previous manual twine upload flow as a one-off.

Test plan

• CHANGELOG awk extraction tested locally against the new 1.5.0 section
• pytest 215 passed, 100% coverage (514/514)
• ruff check / ruff format --check / mypy src/ clean
• colony_sdk.__version__ reports 1.5.0 (matches pyproject.toml)
• CI green on Python 3.10 / 3.11 / 3.12 / 3.13
• After merge: PyPI publisher configured, tag pushed, workflow publishes successfully

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!