fix(ci): remove workflow-level env block exposing secrets

[hexqi]

Summary

• 移除 deploy-obs.yml 中顶层 env: 块对 HUAWEI_CLOUD_* secrets 的环境变量映射
• 将所有 ${{ env.HUAWEI_CLOUD_* }} 引用替换为 ${{ secrets.HUAWEI_CLOUD_* }} 直接引用

安全问题： 顶层 env: 会将 secrets 暴露为整个 workflow 的环境变量，任何 step 都可通过 printenv 读取。改为直接引用 ${{ secrets.* }} 后，secrets 仅在使用处临时展开。

参照: opentiny/tiny-engine#1799

Test plan

• 确认 workflow 文件 YAML 语法正确
• 下次发布 tag 触发 deploy-obs workflow 时验证 OBS 上传功能正常

🤖 Generated with Claude Code

Summary by CodeRabbit

• Chores
  • Updated continuous integration deployment configuration to streamline credential handling within the build pipeline.

[coderabbitai]

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Free

Run ID: 1b0a948f-f75f-4948-99f7-281cf113e280

📥 Commits

Reviewing files that changed from the base of the PR and between a6ea9d2 and 3799fc4.

📒 Files selected for processing (1)

• .github/workflows/deploy-obs.yml

---

Walkthrough

The workflow file removes intermediate environment variables for Huawei Cloud credentials and updates the deployment step to read GitHub secrets directly, reducing indirection and configuration overhead in the GitHub Actions pipeline.

Changes

Cohort / File(s)	Summary
Secrets Access Refactoring .github/workflows/deploy-obs.yml	Removed workflow-level env variables that mapped secrets (HUAWEI_CLOUD_AK, HUAWEI_CLOUD_SK, HUAWEI_CLOUD_ENDPOINT, HUAWEI_CLOUD_BUCKET). Updated deploy step to access secrets directly via ${{ secrets.VAR }} syntax instead of through ${{ env.VAR }}, eliminating the intermediate mapping layer.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Poem

A rabbit hops through secrets' flow,
No winding paths, just straight we go! 🐰
Direct from vault to deploy's hand,
Simpler pipelines, oh how grand!
Fewer layers, more we gain—
Efficiency burrows through the code again! 🥕

---

Note

🎁 Summarized by CodeRabbit Free

Your organization is on the Free plan. CodeRabbit will generate a high-level summary and a walkthrough for each pull request. For a comprehensive line-by-line review, please upgrade your subscription to CodeRabbit Pro by visiting https://app.coderabbit.ai/login.

_{Comment @coderabbitai help to get the list of available commands and usage tips.}