[fahrradflucht]

The argument for automated releases is always that it is quite easy to do silly mistakes like forgetting a build step while doing manual releases. This also happened to high profile npm packages in the past and people complained that there was no automation.

[psychrometer]

I think they are suggesting a mostly automated build process and then a manual entering of a the second factor OTP at the deploy stage. The entering of the 2FA isn't something that will be hard to easy to mess up and you still receive the benefits of automated builds for the most part.