deploy from CI #1
Description
We should be able to avoid any secrets in the repo by using oidc like PyPI trusted publisher: https://docs.github.com/en/actions/how-tos/secure-your-work/security-harden-deployments/oidc-in-google-cloud-platform
deployments currently automated via nox locally