From 2e8797ce1d81386cd7d3074a8d8fa8a760127544 Mon Sep 17 00:00:00 2001
From: Michael Schiemer <kontakt@michaelschiemer.de>
Date: Sat, 1 Nov 2025 00:29:34 +0100
Subject: [PATCH] fix: Correct branch detection in security-scan.yml

- Handle pull_request events correctly (use head_ref)
- Support staging branch in security scans
- Add workflow_dispatch input for branch selection
- Fix REF_NAME extraction for all event types
---
 .gitea/workflows/security-scan.yml | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/.gitea/workflows/security-scan.yml b/.gitea/workflows/security-scan.yml
index c6d66cdb..99a8a4fe 100644
--- a/.gitea/workflows/security-scan.yml
+++ b/.gitea/workflows/security-scan.yml
@@ -2,13 +2,18 @@ name: Security Vulnerability Scan
 
 on:
   push:
-    branches: [ main, develop ]
+    branches: [ main, develop, staging ]
   pull_request:
-    branches: [ main, develop ]
+    branches: [ main, develop, staging ]
   schedule:
     # Daily security scan at 2 AM UTC
     - cron: '0 2 * * *'
   workflow_dispatch:
+    inputs:
+      branch:
+        description: 'Branch to scan'
+        required: false
+        default: 'main'
 
 jobs:
   security-audit: