fix(ci): Remove env variable indirection for secrets in deploy-playground-to-cdn workflow

[hexqi]

Huawei Cloud credentials (AK, SK, ENDPOINT, BUCKET) were being routed through env: blocks before use — first as workflow-level env, then as step-level env — adding unnecessary indirection and exposure surface.

Changes

• Removed step-level env: block from "Configure and Upload to OBS"
• Secrets are now referenced directly via ${{ secrets.* }} at the point of use

# Before
env:
  HUAWEI_CLOUD_AK: ${{ secrets.HUAWEI_CLOUD_AK }}
  ...
run: |
  obsutil config -i=$HUAWEI_CLOUD_AK ...

# After
run: |
  obsutil config -i=${{ secrets.HUAWEI_CLOUD_AK }} ...

Summary by CodeRabbit

• Chores
  • Refactored deployment workflow to enhance credential handling practices. Updated how sensitive authentication parameters are accessed during the build and upload process to maintain security best practices.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 8bc15d12-16cd-4901-bd70-f204755c2f41

📥 Commits

Reviewing files that changed from the base of the PR and between a240c7d and 07e6831.

📒 Files selected for processing (1)

• .github/workflows/deploy-playground-to-cdn.yml

---

Walkthrough

Removed workflow-level environment variables that exposed Huawei Cloud credentials to the job environment scope. Updated deployment commands to reference secrets directly via ${{ secrets.* }} expressions, reducing unnecessary credential exposure.

Changes

Cohort / File(s)	Summary
Security & Workflow Configuration .github/workflows/deploy-playground-to-cdn.yml	Removed top-level env declarations for Huawei Cloud credentials (access key, secret key, endpoint, bucket). Updated OBS configuration and upload commands to access secrets directly without intermediate environment variables.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐰 Secrets kept close, not spread in the breeze,
No env vars dancing where all eyes can see,
Direct from the vault, safe and sound,
Credentials protected all around,
Better security practices are found! 🔐

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and accurately summarizes the main change: removing environment variable indirection in favor of direct secret references in the CI workflow.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

✅ Preview build completed successfully!

Click the image above to preview.
Preview will be automatically removed when this PR is closed.

[github-actions]

📦 Package Preview

pnpm add https://pkg.pr.new/@opentiny/tiny-robot@07e6831

pnpm add https://pkg.pr.new/@opentiny/tiny-robot-kit@07e6831

pnpm add https://pkg.pr.new/@opentiny/tiny-robot-svgs@07e6831

commit: 07e6831

[github-actions]

🧹 Preview Cleaned Up

The preview deployment has been removed.