While it would be really nice to run this from CI,
The only way to upload a package involves using account-wide credentials.
We can either use a username/password, or an API token.
Both of these credentials have the same privileges,
and that's too much power to give to CI.
For now, we run this from the local machine.
Maybe we can think of another way that's a bit safer.