From 1a0c7a78e484855e71c3fc930df27cd4e698356f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=F0=9F=8E=96=EF=B8=8FDigital=20Warrior=F0=9F=8E=96?=
 =?UTF-8?q?=EF=B8=8F?= <236178676+asrar-mared@users.noreply.github.com>
Date: Sun, 15 Feb 2026 10:18:23 +0400
Subject: [PATCH] Update create_staging_branch.yaml

---
 .github/workflows/create_staging_branch.yaml | 56 ++++++++++----------
 1 file changed, 27 insertions(+), 29 deletions(-)

diff --git a/.github/workflows/create_staging_branch.yaml b/.github/workflows/create_staging_branch.yaml
index a40796ad7302c..431a260f90da0 100644
--- a/.github/workflows/create_staging_branch.yaml
+++ b/.github/workflows/create_staging_branch.yaml
@@ -1,30 +1,28 @@
-name: Create PR staging branch
+name: 'Attest Build Provenance'
+description: 'Generate provenance attestations for build artifacts'
+author: 'GitHub'
+branding:
+  color: 'blue'
+  icon: 'lock'
 
-on:
-  pull_request_target:
-    branches: [main]
-    types: [opened, synchronize, reopened, edited]
-    paths:
-      - "advisories/**"
-  workflow_dispatch:
-
-permissions:
-  contents: write        # Required to create and push branches
-  pull-requests: write   # Required to edit PR base branch
-
-jobs:
-  ensure-base-is-staging:
-    runs-on: ubuntu-latest
-    steps:
-     - uses: actions/checkout@v2
-     - name: ensure base is staging
-       env:
-         PR_AUTHOR: ${{ github.event.pull_request.user.login }}
-         PR_NUMBER: ${{ github.event.pull_request.number }}
-         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-       run: |
-         set -xeo pipefail
-         BRANCH_NAME="$PR_AUTHOR"/advisory-improvement-"$PR_NUMBER"
-         git checkout -b "$BRANCH_NAME"
-         git push origin "$BRANCH_NAME"
-         gh pr edit --repo ${{ github.repository }} $PR_NUMBER --base "$BRANCH_NAME"
+inputs:
+  subject-path:
+    description: >
+      Path to the artifact serving as the subject of the attestation. Must
+      specify exactly one of "subject-path", "subject-digest", or
+      "subject-checksums". May contain a glob pattern or list of paths
+      (total subject count cannot exceed 1024).
+    required: false
+  subject-digest:
+    description: >
+      Digest of the subject for which provenance will be generated. Must be in
+      the form "algorithm:hex_digest" (e.g. "sha256:abc123..."). Must specify
+      exactly one of "subject-path", "subject-digest", or "subject-checksums".
+    required: false
+  subject-name:
+    description: >
+      Subject name as it should appear in the attestation. Required when
+      identifying the subject with the "subject-digest" input.
+  subject-checksums:
+    description: >
+      Path to checksums file containing digest and name of subjects for