fix: Correct branch detection in security-scan.yml

- Handle pull_request events correctly (use head_ref)
- Support staging branch in security scans
- Add workflow_dispatch input for branch selection
- Fix REF_NAME extraction for all event types

.gitea/workflows/security-scan.yml

@@ -2,13 +2,18 @@ name: Security Vulnerability Scan
 
 on:
   push:
-    branches: [ main, develop ]
+    branches: [ main, develop, staging ]
   pull_request:
-    branches: [ main, develop ]
+    branches: [ main, develop, staging ]
   schedule:
     # Daily security scan at 2 AM UTC
     - cron: '0 2 * * *'
   workflow_dispatch:
+    inputs:
+      branch:
+        description: 'Branch to scan'
+        required: false
+        default: 'main'
 
 jobs:
   security-audit: