fix(ci): remove workflow-level env block exposing secrets

[hexqi]

Summary

• 参照 fix(ci): remove workflow-level env block exposing secrets tiny-engine#1799，排查并修复所有 GitHub Actions workflow 中 HUAWEI_CLOUD_* 环境变量安全问题
• 移除 4 个 workflow 文件中顶层 env: 块对 secrets 的映射，改为直接使用 ${{ secrets.HUAWEI_CLOUD_* }}
• 涉及文件：deploy-obs-docs.yml、deploy-obs-tech-college.yml、deploy-obs-tiny-engine.yml、deploy-obs.yml

Why

将 secrets 映射到 workflow 级别的 env: 会使敏感凭据暴露在环境上下文中（可通过 debug logs 等方式泄露）。直接引用 ${{ secrets.* }} 更安全，GitHub Actions 会自动在日志中遮盖 secrets 值。

Test plan

• 确认 4 个 workflow 文件中不再有 env.HUAWEI_CLOUD_* 引用
• 手动触发任一 workflow 验证 secrets 引用正常工作

🤖 Generated with Claude Code

Summary by CodeRabbit

• Chores
  • Updated deployment workflow configurations for improved credential management
  • Refined build configuration settings

[coderabbitai]

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Free

Run ID: 9f32c822-209f-4552-8763-d0b4ed4a2a58

📥 Commits

Reviewing files that changed from the base of the PR and between 846f264 and 8cd151d.

📒 Files selected for processing (5)

• .github/workflows/deploy-obs-docs.yml
• .github/workflows/deploy-obs-tech-college.yml
• .github/workflows/deploy-obs-tiny-engine.yml
• .github/workflows/deploy-obs.yml
• packages/tiny-engine-portal/vite.config.js

---

Walkthrough

This PR refactors credential handling in GitHub Actions workflows and modifies environment variable bundling in the Vite configuration. Four OBS deployment workflows now reference Huawei Cloud secrets directly in commands instead of through workflow-level environment variables. The Vite configuration changes how process.env is resolved during the build process.

Changes

Cohort / File(s)	Summary
OBS Deployment Workflows .github/workflows/deploy-obs.yml, deploy-obs-docs.yml, deploy-obs-tech-college.yml, deploy-obs-tiny-engine.yml	Removed workflow-level env declarations for Huawei Cloud credentials (HUAWEI_CLOUD_AK, HUAWEI_CLOUD_SK, HUAWEI_CLOUD_ENDPOINT, HUAWEI_CLOUD_BUCKET). Updated deployment steps to reference these values directly via ${{ secrets.* }} in obsutil config and obsutil cp commands instead of ${{ env.* }}.
Vite Build Configuration packages/tiny-engine-portal/vite.config.js	Changed the Vite define replacement for process.env from the actual runtime environment object to an empty object ({}), affecting how environment variable references are resolved during bundling.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Poem

🐰 Secrets now flow straight from vault to hand,
No env middlemen, our workflows stand
Cleaner and tighter, credentials in sight—
And vite's process.env now bundled just right! ✨

---

Note

🎁 Summarized by CodeRabbit Free

Your organization is on the Free plan. CodeRabbit will generate a high-level summary and a walkthrough for each pull request. For a comprehensive line-by-line review, please upgrade your subscription to CodeRabbit Pro by visiting https://app.coderabbit.ai/login.

_{Comment @coderabbitai help to get the list of available commands and usage tips.}