feat: deploy server certificate or intermedia certificate

2025-10-06 06:24:54 +00:00 · 2025-05-15 01:40:37 +08:00
parent 178c62512d
commit 6c6bb78568
12 changed files with 210 additions and 70 deletions
--- a/ui/src/components/workflow/node/DeployNodeConfigFormLocalConfig.tsx
+++ b/ui/src/components/workflow/node/DeployNodeConfigFormLocalConfig.tsx
@@ -11,14 +11,16 @@ import { CERTIFICATE_FORMATS } from "@/domain/certificate";
 type DeployNodeConfigFormLocalConfigFieldValues = Nullish<{
  format: string;
  certPath: string;
-  keyPath?: string | null;
-  pfxPassword?: string | null;
-  jksAlias?: string | null;
-  jksKeypass?: string | null;
-  jksStorepass?: string | null;
-  shellEnv?: string | null;
-  preCommand?: string | null;
-  postCommand?: string | null;
+  certPathForServerOnly?: string;
+  certPathForIntermediaOnly?: string;
+  keyPath?: string;
+  pfxPassword?: string;
+  jksAlias?: string;
+  jksKeypass?: string;
+  jksStorepass?: string;
+  shellEnv?: string;
+  preCommand?: string;
+  postCommand?: string;
 }>;

 export type DeployNodeConfigFormLocalConfigProps = {
@@ -160,6 +162,16 @@ const DeployNodeConfigFormLocalConfig = ({ form: formInst, formName, disabled, i
      .min(1, t("workflow_node.deploy.form.local_cert_path.tooltip"))
      .max(256, t("common.errmsg.string_max", { max: 256 }))
      .trim(),
+    certPathForServerOnly: z
+      .string()
+      .max(256, t("common.errmsg.string_max", { max: 256 }))
+      .trim()
+      .nullish(),
+    certPathForIntermediaOnly: z
+      .string()
+      .max(256, t("common.errmsg.string_max", { max: 256 }))
+      .trim()
+      .nullish(),
    keyPath: z
      .string()
      .max(256, t("common.errmsg.string_max", { max: 256 }))
@@ -326,6 +338,24 @@ const DeployNodeConfigFormLocalConfig = ({ form: formInst, formName, disabled, i
        >
          <Input placeholder={t("workflow_node.deploy.form.local_key_path.placeholder")} />
        </Form.Item>
+
+        <Form.Item
+          name="certPathForServerOnly"
+          label={t("workflow_node.deploy.form.local_servercert_path.label")}
+          rules={[formRule]}
+          tooltip={<span dangerouslySetInnerHTML={{ __html: t("workflow_node.deploy.form.local_servercert_path.tooltip") }}></span>}
+        >
+          <Input placeholder={t("workflow_node.deploy.form.local_servercert_path.placeholder")} />
+        </Form.Item>
+
+        <Form.Item
+          name="certPathForIntermediaOnly"
+          label={t("workflow_node.deploy.form.local_intermediacert_path.label")}
+          rules={[formRule]}
+          tooltip={<span dangerouslySetInnerHTML={{ __html: t("workflow_node.deploy.form.local_intermediacert_path.tooltip") }}></span>}
+        >
+          <Input placeholder={t("workflow_node.deploy.form.local_intermediacert_path.placeholder")} />
+        </Form.Item>
      </Show>

      <Show when={fieldFormat === FORMAT_PFX}>
--- a/ui/src/components/workflow/node/DeployNodeConfigFormSSHConfig.tsx
+++ b/ui/src/components/workflow/node/DeployNodeConfigFormSSHConfig.tsx
@@ -13,13 +13,15 @@ import { initPresetScript } from "./DeployNodeConfigFormLocalConfig";
 type DeployNodeConfigFormSSHConfigFieldValues = Nullish<{
  format: string;
  certPath: string;
-  keyPath?: string | null;
-  pfxPassword?: string | null;
-  jksAlias?: string | null;
-  jksKeypass?: string | null;
-  jksStorepass?: string | null;
-  preCommand?: string | null;
-  postCommand?: string | null;
+  certPathForServerOnly?: string;
+  certPathForIntermediaOnly?: string;
+  keyPath?: string;
+  pfxPassword?: string;
+  jksAlias?: string;
+  jksKeypass?: string;
+  jksStorepass?: string;
+  preCommand?: string;
+  postCommand?: string;
  useSCP?: boolean;
 }>;

@@ -61,6 +63,16 @@ const DeployNodeConfigFormSSHConfig = ({ form: formInst, formName, disabled, ini
      .trim()
      .nullish()
      .refine((v) => fieldFormat !== FORMAT_PEM || !!v?.trim(), { message: t("workflow_node.deploy.form.ssh_key_path.tooltip") }),
+    certPathForServerOnly: z
+      .string()
+      .max(256, t("common.errmsg.string_max", { max: 256 }))
+      .trim()
+      .nullish(),
+    certPathForIntermediaOnly: z
+      .string()
+      .max(256, t("common.errmsg.string_max", { max: 256 }))
+      .trim()
+      .nullish(),
    pfxPassword: z
      .string()
      .max(64, t("common.errmsg.string_max", { max: 256 }))
@@ -207,6 +219,24 @@ const DeployNodeConfigFormSSHConfig = ({ form: formInst, formName, disabled, ini
        >
          <Input placeholder={t("workflow_node.deploy.form.ssh_key_path.placeholder")} />
        </Form.Item>
+
+        <Form.Item
+          name="certPathForServerOnly"
+          label={t("workflow_node.deploy.form.ssh_servercert_path.label")}
+          rules={[formRule]}
+          tooltip={<span dangerouslySetInnerHTML={{ __html: t("workflow_node.deploy.form.ssh_servercert_path.tooltip") }}></span>}
+        >
+          <Input placeholder={t("workflow_node.deploy.form.ssh_servercert_path.placeholder")} />
+        </Form.Item>
+
+        <Form.Item
+          name="certPathForIntermediaOnly"
+          label={t("workflow_node.deploy.form.ssh_intermediacert_path.label")}
+          rules={[formRule]}
+          tooltip={<span dangerouslySetInnerHTML={{ __html: t("workflow_node.deploy.form.ssh_intermediacert_path.tooltip") }}></span>}
+        >
+          <Input placeholder={t("workflow_node.deploy.form.ssh_intermediacert_path.placeholder")} />
+        </Form.Item>
      </Show>

      <Show when={fieldFormat === FORMAT_PFX}>
@@ -249,10 +279,6 @@ const DeployNodeConfigFormSSHConfig = ({ form: formInst, formName, disabled, ini
        </Form.Item>
      </Show>

-      <Form.Item label={t("workflow_node.deploy.form.ssh_shell_env.label")}>
-        <Select options={[{ value: t("workflow_node.deploy.form.ssh_shell_env.value") }]} value={t("workflow_node.deploy.form.ssh_shell_env.value")} />
-      </Form.Item>
-
      <Form.Item className="mb-0" htmlFor="null">
        <label className="mb-1 block">
          <div className="flex w-full items-center justify-between gap-4">
--- a/ui/src/i18n/locales/en/nls.access.json
+++ b/ui/src/i18n/locales/en/nls.access.json
@@ -377,7 +377,7 @@
  "access.form.webhook_default_data.errmsg.json_invalid": "Please enter a valiod JSON string",
  "access.form.webhook_default_data_for_deployment.label": "Webhook data for deployment (Optional)",
  "access.form.webhook_default_data_for_deployment.placeholder": "Please enter Webhook data",
-  "access.form.webhook_default_data_for_deployment.guide": "Tips: The Webhook data should be in JSON format. <br><br>The values in JSON support template variables, which will be replaced by actual values when sent to the Webhook URL. Supported variables: <br><ol style=\"margin-left: 1.25em; list-style: disc;\"><li><strong>${DOMAIN}</strong>: The primary domain of the certificate (<i>CommonName</i>).</li><li><strong>${DOMAINS}</strong>: The domain list of the certificate (<i>SubjectAltNames</i>).</li><li><strong>${CERTIFICATE}</strong>: The PEM format content of the certificate file.</li><li><strong>${PRIVATE_KEY}</strong>: The PEM format content of the private key file.</li></ol><br>When the request method is GET, the data will be passed as query string. Otherwise, the data will be encoded in the format indicated by the Content-Type in the request headers. Supported formats: <br><ol style=\"margin-left: 1.25em; list-style: disc;\"><li>application/json (default).</li><li>application/x-www-form-urlencoded: Nested data is not supported.</li><li>multipart/form-data: Nested data is not supported.</li>",
+  "access.form.webhook_default_data_for_deployment.guide": "Tips: The Webhook data should be in JSON format. <br><br>The values in JSON support template variables, which will be replaced by actual values when sent to the Webhook URL. Supported variables: <br><ol style=\"margin-left: 1.25em; list-style: disc;\"><li><strong>${DOMAIN}</strong>: The primary domain of the certificate (<i>CommonName</i>).</li><li><strong>${DOMAINS}</strong>: The domain list of the certificate (<i>SubjectAltNames</i>).</li><li><strong>${CERTIFICATE}</strong>: The PEM format content of the certificate file.</li><li><strong>${SERVER_CERTIFICATE}</strong>: The PEM format content of the server certificate file.</li><li><strong>${INTERMEDIA_CERTIFICATE}</strong>: The PEM format content of the intermedia certificate file.</li><li><strong>${PRIVATE_KEY}</strong>: The PEM format content of the private key file.</li></ol><br>When the request method is GET, the data will be passed as query string. Otherwise, the data will be encoded in the format indicated by the Content-Type in the request headers. Supported formats: <br><ol style=\"margin-left: 1.25em; list-style: disc;\"><li>application/json (default).</li><li>application/x-www-form-urlencoded: Nested data is not supported.</li><li>multipart/form-data: Nested data is not supported.</li>",
  "access.form.webhook_default_data_for_notification.label": "Webhook data for notification (Optional)",
  "access.form.webhook_default_data_for_notification.placeholder": "Please enter Webhook data",
  "access.form.webhook_default_data_for_notification.guide": "Tips: The Webhook data should be in JSON format. <br><br>The values in JSON support template variables, which will be replaced by actual values when sent to the Webhook URL. Supported variables: <br><ol style=\"margin-left: 1.25em; list-style: disc;\"><li><strong>${SUBJECT}</strong>: The subject of notification.</li><li><strong>${MESSAGE}</strong>: The message of notification.</li></ol><br>When the request method is GET, the data will be passed as query string. Otherwise, the data will be encoded in the format indicated by the Content-Type in the request headers. Supported formats: <br><ol style=\"margin-left: 1.25em; list-style: disc;\"><li>application/json (default).</li><li>application/x-www-form-urlencoded: Nested data is not supported.</li><li>multipart/form-data: Nested data is not supported.</li>",
--- a/ui/src/i18n/locales/en/nls.workflow.nodes.json
+++ b/ui/src/i18n/locales/en/nls.workflow.nodes.json
@@ -449,9 +449,15 @@
  "workflow_node.deploy.form.local_cert_path.label": "Certificate file saving path",
  "workflow_node.deploy.form.local_cert_path.placeholder": "Please enter saving path for certificate file",
  "workflow_node.deploy.form.local_cert_path.tooltip": "Note that the path should include the complete file name, not just the directory.",
-  "workflow_node.deploy.form.local_key_path.label": "Private key file saving path",
-  "workflow_node.deploy.form.local_key_path.placeholder": "Please enter saving path for private key file",
+  "workflow_node.deploy.form.local_key_path.label": "Certificate's private key file saving path",
+  "workflow_node.deploy.form.local_key_path.placeholder": "Please enter saving path for certificate's private key file",
  "workflow_node.deploy.form.local_key_path.tooltip": "Note that the path should include the complete file name, not just the directory.",
+  "workflow_node.deploy.form.local_servercert_path.label": "Server certificate file saving path (Optional)",
+  "workflow_node.deploy.form.local_servercert_path.placeholder": "Please enter saving path for server certificate file",
+  "workflow_node.deploy.form.local_servercert_path.tooltip": "Note that the path should include the complete file name, not just the directory.",
+  "workflow_node.deploy.form.local_intermediacert_path.label": "Intermedia certificate file saving path (Optional)",
+  "workflow_node.deploy.form.local_intermediacert_path.placeholder": "Please enter saving path for intermedia certificate file",
+  "workflow_node.deploy.form.local_intermediacert_path.tooltip": "Note that the path should include the complete file name, not just the directory.",
  "workflow_node.deploy.form.local_pfx_password.label": "PFX password",
  "workflow_node.deploy.form.local_pfx_password.placeholder": "Please enter PFX password",
  "workflow_node.deploy.form.local_pfx_password.tooltip": "For more information, see <a href=\"https://learn.microsoft.com/en-us/windows-hardware/drivers/install/personal-information-exchange---pfx--files\" target=\"_blank\">https://learn.microsoft.com/en-us/windows-hardware/drivers/install/personal-information-exchange---pfx--files</a>",
@@ -514,9 +520,15 @@
  "workflow_node.deploy.form.ssh_cert_path.label": "Certificate file uploading path",
  "workflow_node.deploy.form.ssh_cert_path.placeholder": "Please enter uploading path for certificate file",
  "workflow_node.deploy.form.ssh_cert_path.tooltip": "Note that the path should include the complete file name, not just the directory.",
-  "workflow_node.deploy.form.ssh_key_path.label": "Private key file uploading path",
-  "workflow_node.deploy.form.ssh_key_path.placeholder": "Please enter uploading path for private key file",
+  "workflow_node.deploy.form.ssh_key_path.label": "Certificate's private key file uploading path",
+  "workflow_node.deploy.form.ssh_key_path.placeholder": "Please enter uploading path for certificate's private key file",
  "workflow_node.deploy.form.ssh_key_path.tooltip": "Note that the path should include the complete file name, not just the directory.",
+  "workflow_node.deploy.form.ssh_servercert_path.label": "Server certificate file uploading path (Optional)",
+  "workflow_node.deploy.form.ssh_servercert_path.placeholder": "Please enter uploading path for server certificate file",
+  "workflow_node.deploy.form.ssh_servercert_path.tooltip": "Note that the path should include the complete file name, not just the directory.",
+  "workflow_node.deploy.form.ssh_intermediacert_path.label": "Intermedia certificate file uploading path (Optional)",
+  "workflow_node.deploy.form.ssh_intermediacert_path.placeholder": "Please enter uploading path for intermedia certificate file",
+  "workflow_node.deploy.form.ssh_intermediacert_path.tooltip": "Note that the path should include the complete file name, not just the directory.",
  "workflow_node.deploy.form.ssh_pfx_password.label": "PFX password",
  "workflow_node.deploy.form.ssh_pfx_password.placeholder": "Please enter PFX password",
  "workflow_node.deploy.form.ssh_pfx_password.tooltip": "For more information, see <a href=\"https://learn.microsoft.com/en-us/windows-hardware/drivers/install/personal-information-exchange---pfx--files\" target=\"_blank\">https://learn.microsoft.com/en-us/windows-hardware/drivers/install/personal-information-exchange---pfx--files</a>",
@@ -529,8 +541,6 @@
  "workflow_node.deploy.form.ssh_jks_storepass.label": "JKS store password",
  "workflow_node.deploy.form.ssh_jks_storepass.placeholder": "Please enter JKS store password",
  "workflow_node.deploy.form.ssh_jks_storepass.tooltip": "For more information, see <a href=\"https://docs.oracle.com/cd/E19509-01/820-3503/ggfen/index.html\" target=\"_blank\">https://docs.oracle.com/cd/E19509-01/820-3503/ggfen/index.html</a>",
-  "workflow_node.deploy.form.ssh_shell_env.label": "Shell",
-  "workflow_node.deploy.form.ssh_shell_env.value": "POSIX Bash (on Linux / macOS)",
  "workflow_node.deploy.form.ssh_pre_command.label": "Pre-command (Optional)",
  "workflow_node.deploy.form.ssh_pre_command.placeholder": "Please enter command to be executed before uploading files",
  "workflow_node.deploy.form.ssh_post_command.label": "Post-command (Optional)",
@@ -718,7 +728,7 @@
  "workflow_node.deploy.form.webhook_data.label": "Webhook data (Optional)",
  "workflow_node.deploy.form.webhook_data.placeholder": "Please enter Webhook data to override the default value",
  "workflow_node.deploy.form.webhook_data.tooltip": "Leave it blank to use the default Webhook data provided by the authorization.",
-  "workflow_node.deploy.form.webhook_data.guide": "Supported variables: <br><ol style=\"margin-left: 1.25em; list-style: disc;\"><li><strong>${DOMAIN}</strong>: The primary domain of the certificate (<i>CommonName</i>).</li><li><strong>${DOMAINS}</strong>: The domain list of the certificate (<i>SubjectAltNames</i>).</li><li><strong>${CERTIFICATE}</strong>: The PEM format content of the certificate file.</li><li><strong>${PRIVATE_KEY}</strong>: The PEM format content of the private key file.</li></ol><br>Please visit the authorization management page for addtional notes.",
+  "workflow_node.deploy.form.webhook_data.guide": "Supported variables: <br><ol style=\"margin-left: 1.25em; list-style: disc;\"><li><strong>${DOMAIN}</strong>: The primary domain of the certificate (<i>CommonName</i>).</li><li><strong>${DOMAINS}</strong>: The domain list of the certificate (<i>SubjectAltNames</i>).</li><li><strong>${CERTIFICATE}</strong>: The PEM format content of the certificate file.</li><li><strong>${SERVER_CERTIFICATE}</strong>: The PEM format content of the server certificate file.</li><li><strong>${INTERMEDIA_CERTIFICATE}</strong>: The PEM format content of the intermedia certificate file.</li><li><strong>${PRIVATE_KEY}</strong>: The PEM format content of the private key file.</li></ol><br>Please visit the authorization management page for addtional notes.",
  "workflow_node.deploy.form.webhook_data.errmsg.json_invalid": "Please enter a valiod JSON string",
  "workflow_node.deploy.form.strategy_config.label": "Strategy settings",
  "workflow_node.deploy.form.skip_on_last_succeeded.label": "Repeated deployment",
--- a/ui/src/i18n/locales/zh/nls.access.json
+++ b/ui/src/i18n/locales/zh/nls.access.json
@@ -377,7 +377,7 @@
  "access.form.webhook_default_data.errmsg.json_invalid": "请输入有效的 JSON 格式字符串",
  "access.form.webhook_default_data_for_deployment.label": "默认的 Webhook 部署证书回调数据（可选）",
  "access.form.webhook_default_data_for_deployment.placeholder": "请输入默认的 Webhook 回调数据",
-  "access.form.webhook_default_data_for_deployment.guide": "小贴士：回调数据是一个 JSON 格式的数据。<br><br>其中值支持模板变量，将在被发送到指定的 Webhook URL 时被替换为实际值；其他内容将保持原样。支持的变量：<br><ol style=\"margin-left: 1.25em; list-style: disc;\"><li><strong>${DOMAIN}</strong>：证书的主域名（即 <i>CommonName</i>）。</li><li><strong>${DOMAINS}</strong>：证书的多域名列表（即 <i>SubjectAltNames</i>）。</li><li><strong>${CERTIFICATE}</strong>：证书文件 PEM 格式内容。</li><li><strong>${PRIVATE_KEY}</strong>：私钥文件 PEM 格式内容。</li></ol><br>当请求谓词为 GET 时，回调数据将作为查询参数；否则，回调数据将按照请求标头中 Content-Type 所指示的格式进行编码。支持的格式：<br><ol style=\"margin-left: 1.25em; list-style: disc;\"><li>application/json（默认）。</li><li>application/x-www-form-urlencoded：不支持嵌套数据。</li><li>multipart/form-data：不支持嵌套数据。</li>",
+  "access.form.webhook_default_data_for_deployment.guide": "小贴士：回调数据是一个 JSON 格式的数据。<br><br>其中值支持模板变量，将在被发送到指定的 Webhook URL 时被替换为实际值；其他内容将保持原样。支持的变量：<br><ol style=\"margin-left: 1.25em; list-style: disc;\"><li><strong>${DOMAIN}</strong>：证书的主域名（即 <i>CommonName</i>）。</li><li><strong>${DOMAINS}</strong>：证书的多域名列表（即 <i>SubjectAltNames</i>）。</li><li><strong>${CERTIFICATE}</strong>：证书文件 PEM 格式内容。</li><li><strong>${SERVER_CERTIFICATE}</strong>：证书文件（仅含服务器证书）PEM 格式内容。</li><li><strong>${INTERMEDIA_CERTIFICATE}</strong>：证书文件（仅含中间证书）PEM 格式内容。</li><li><strong>${PRIVATE_KEY}</strong>：私钥文件 PEM 格式内容。</li></ol><br>当请求谓词为 GET 时，回调数据将作为查询参数；否则，回调数据将按照请求标头中 Content-Type 所指示的格式进行编码。支持的格式：<br><ol style=\"margin-left: 1.25em; list-style: disc;\"><li>application/json（默认）。</li><li>application/x-www-form-urlencoded：不支持嵌套数据。</li><li>multipart/form-data：不支持嵌套数据。</li>",
  "access.form.webhook_default_data_for_notification.label": "默认的 Webhook 推送通知回调数据（可选）",
  "access.form.webhook_default_data_for_notification.placeholder": "请输入默认的 Webhook 回调数据",
  "access.form.webhook_default_data_for_notification.guide": "小贴士：回调数据是一个 JSON 格式的数据。<br><br>其中值支持模板变量，将在被发送到指定的 Webhook URL 时被替换为实际值；其他内容将保持原样。支持的变量：<br><ol style=\"margin-left: 1.25em; list-style: disc;\"><li><strong>${SUBJECT}</strong>：通知主题。</li><li><strong>${MESSAGE}</strong>：通知内容。</ol><br>当请求谓词为 GET 时，回调数据将作为查询参数；否则，回调数据将按照请求标头中 Content-Type 所指示的格式进行编码。支持的格式：<br><ol style=\"margin-left: 1.25em; list-style: disc;\"><li>application/json（默认）。</li><li>application/x-www-form-urlencoded：不支持嵌套数据。</li><li>multipart/form-data：不支持嵌套数据。</li>",
--- a/ui/src/i18n/locales/zh/nls.workflow.nodes.json
+++ b/ui/src/i18n/locales/zh/nls.workflow.nodes.json
@@ -448,9 +448,15 @@
  "workflow_node.deploy.form.local_cert_path.label": "证书文件保存路径",
  "workflow_node.deploy.form.local_cert_path.placeholder": "请输入证书文件保存路径",
  "workflow_node.deploy.form.local_cert_path.tooltip": "注意，路径需包含完整的文件名，而不是仅目录。",
-  "workflow_node.deploy.form.local_key_path.label": "私钥文件保存路径",
-  "workflow_node.deploy.form.local_key_path.placeholder": "请输入私钥文件保存路径",
+  "workflow_node.deploy.form.local_key_path.label": "证书私钥文件保存路径",
+  "workflow_node.deploy.form.local_key_path.placeholder": "请输入证书私钥文件保存路径",
  "workflow_node.deploy.form.local_key_path.tooltip": "注意，路径需包含完整的文件名，而不是仅目录。",
+  "workflow_node.deploy.form.local_servercert_path.label": "服务器证书文件保存路径（可选）",
+  "workflow_node.deploy.form.local_servercert_path.placeholder": "请输入服务器证书文件保存路径",
+  "workflow_node.deploy.form.local_servercert_path.tooltip": "不填写时将不会保存服务器证书。<br><br>注意，路径需包含完整的文件名，而不是仅目录。",
+  "workflow_node.deploy.form.local_intermediacert_path.label": "中间证书文件保存路径（可选）",
+  "workflow_node.deploy.form.local_intermediacert_path.placeholder": "请输入中间证书文件保存路径",
+  "workflow_node.deploy.form.local_intermediacert_path.tooltip": "不填写时将不会保存服务器证书。<br><br>注意，路径需包含完整的文件名，而不是仅目录。",
  "workflow_node.deploy.form.local_pfx_password.label": "PFX 导出密码",
  "workflow_node.deploy.form.local_pfx_password.placeholder": "请输入 PFX 导出密码",
  "workflow_node.deploy.form.local_pfx_password.tooltip": "这是什么？请参阅 <a href=\"https://learn.microsoft.com/zh-cn/windows-hardware/drivers/install/personal-information-exchange---pfx--files\" target=\"_blank\">https://learn.microsoft.com/zh-cn/windows-hardware/drivers/install/personal-information-exchange---pfx--files</a>",
@@ -513,10 +519,16 @@
  "workflow_node.deploy.form.ssh_cert_path.label": "证书文件上传路径",
  "workflow_node.deploy.form.ssh_cert_path.placeholder": "请输入证书文件上传路径",
  "workflow_node.deploy.form.ssh_cert_path.tooltip": "注意，路径需包含完整的文件名，而不是仅目录。",
-  "workflow_node.deploy.form.ssh_key_path.label": "私钥文件上传路径",
-  "workflow_node.deploy.form.ssh_key_path.placeholder": "请输入私钥文件上传路径",
+  "workflow_node.deploy.form.ssh_key_path.label": "证书私钥文件上传路径",
+  "workflow_node.deploy.form.ssh_key_path.placeholder": "请输入证书私钥文件上传路径",
  "workflow_node.deploy.form.ssh_key_path.tooltip": "注意，路径需包含完整的文件名，而不是仅目录。",
  "workflow_node.deploy.form.ssh_pfx_password.label": "PFX 导出密码",
+  "workflow_node.deploy.form.ssh_servercert_path.label": "服务器证书文件上传路径（可选）",
+  "workflow_node.deploy.form.ssh_servercert_path.placeholder": "请输入服务器证书文件上传路径",
+  "workflow_node.deploy.form.ssh_servercert_path.tooltip": "不填写时将不上传服务器证书。<br><br>注意，路径需包含完整的文件名，而不是仅目录。",
+  "workflow_node.deploy.form.ssh_intermediacert_path.label": "中间证书文件上传路径（可选）",
+  "workflow_node.deploy.form.ssh_intermediacert_path.placeholder": "请输入中间证书文件上传路径",
+  "workflow_node.deploy.form.ssh_intermediacert_path.tooltip": "不填写时将不上传服务器证书。<br><br>注意，路径需包含完整的文件名，而不是仅目录。",
  "workflow_node.deploy.form.ssh_pfx_password.placeholder": "请输入 PFX 导出密码",
  "workflow_node.deploy.form.ssh_pfx_password.tooltip": "这是什么？请参阅 <a href=\"https://learn.microsoft.com/zh-cn/windows-hardware/drivers/install/personal-information-exchange---pfx--files\" target=\"_blank\">https://learn.microsoft.com/zh-cn/windows-hardware/drivers/install/personal-information-exchange---pfx--files</a>",
  "workflow_node.deploy.form.ssh_jks_alias.label": "JKS 别名",
@@ -528,8 +540,6 @@
  "workflow_node.deploy.form.ssh_jks_storepass.label": "JKS 密钥库存储口令",
  "workflow_node.deploy.form.ssh_jks_storepass.placeholder": "请输入 JKS 密钥库存储口令",
  "workflow_node.deploy.form.ssh_jks_storepass.tooltip": "这是什么？请参阅 <a href=\"https://docs.oracle.com/cd/E19509-01/820-3503/ggfen/index.html\" target=\"_blank\">https://docs.oracle.com/cd/E19509-01/820-3503/ggfen/index.html</a>",
-  "workflow_node.deploy.form.ssh_shell_env.label": "命令执行环境",
-  "workflow_node.deploy.form.ssh_shell_env.value": "POSIX Bash（Linux / macOS）",
  "workflow_node.deploy.form.ssh_pre_command.label": "前置命令（可选）",
  "workflow_node.deploy.form.ssh_pre_command.placeholder": "请输入上传文件前执行的命令",
  "workflow_node.deploy.form.ssh_post_command.label": "后置命令（可选）",
@@ -715,9 +725,9 @@
  "workflow_node.deploy.form.wangsu_cdnpro_webhook_id.placeholder": "请输入网宿云 CDN Pro 部署任务 Webhook ID",
  "workflow_node.deploy.form.wangsu_cdnpro_webhook_id.tooltip": "这是什么？请参阅 <a href=\"https://cdnpro.console.wangsu.com/v2/index/#/certificate\" target=\"_blank\">https://cdnpro.console.wangsu.com/v2/index/#/certificate</a>",
  "workflow_node.deploy.form.webhook_data.label": "Webhook 回调数据（可选）",
-  "workflow_node.deploy.form.webhook_data.placeholder": "请输入 Webhook 回调数据",
+  "workflow_node.deploy.form.webhook_data.placeholder": "请输入 Webhook 回调数据以覆盖默认值",
  "workflow_node.deploy.form.webhook_data.tooltip": "不填写时，将使用所选部署目标授权的默认 Webhook 回调数据。",
-  "workflow_node.deploy.form.webhook_data.guide": "支持的变量：<br><ol style=\"margin-left: 1.25em; list-style: disc;\"><li><strong>${DOMAIN}</strong>：证书的主域名（即 <i>CommonName</i>）。</li><li><strong>${DOMAINS}</strong>：证书的多域名列表（即 <i>SubjectAltNames</i>）。</li><li><strong>${CERTIFICATE}</strong>：证书文件 PEM 格式内容。</li><li><strong>${PRIVATE_KEY}</strong>：私钥文件 PEM 格式内容。</li></ol><br>其他注意事项请前往授权管理页面查看。",
+  "workflow_node.deploy.form.webhook_data.guide": "支持的变量：<br><ol style=\"margin-left: 1.25em; list-style: disc;\"><li><strong>${DOMAIN}</strong>：证书的主域名（即 <i>CommonName</i>）。</li><li><strong>${DOMAINS}</strong>：证书的多域名列表（即 <i>SubjectAltNames</i>）。</li><li><strong>${CERTIFICATE}</strong>：证书文件 PEM 格式内容。</li><li><strong>${SERVER_CERTIFICATE}</strong>：证书文件（仅含服务器证书）PEM 格式内容。</li><li><strong>${INTERMEDIA_CERTIFICATE}</strong>：证书文件（仅含中间证书）PEM 格式内容。</li><li><strong>${PRIVATE_KEY}</strong>：私钥文件 PEM 格式内容。</li></ol><br>其他注意事项请前往授权管理页面查看。",
  "workflow_node.deploy.form.webhook_data.errmsg.json_invalid": "请输入有效的 JSON 格式字符串",
  "workflow_node.deploy.form.strategy_config.label": "执行策略",
  "workflow_node.deploy.form.skip_on_last_succeeded.label": "重复部署",