diff --git a/.github/workflows/poll.yml b/.github/workflows/poll.yml
index 28ffd0b..669b8ba 100644
--- a/.github/workflows/poll.yml
+++ b/.github/workflows/poll.yml
@@ -1,52 +1,108 @@
 ---
-name: Release
+name: Poll
 
 on: # yamllint disable-line rule:truthy
   schedule:
   # wednesday, friday at 00:00
   - cron: 0 0 * * 3,5
   workflow_dispatch:
+    inputs:
+      force:
+        type: boolean
+        default: false
+        description: force PR creation
+      debug:
+        type: boolean
+        default: false
+        description: enable debug output
+      version:
+        type: string
+        required: false
+        description: manually supply openssl version
 
 jobs:
   release:
-    name: Poll OpenSSL Website
+    name: Refresh OpenSSL Version
     runs-on: ubuntu-latest
     steps:
     - name: Checkout
       uses: actions/checkout@v3
-    - name: Create PR
-      env:
-        GITHUB_TOKEN: ${{ secrets.token }}
-        DEBUG: ${{ runner.debug == '1' && '1' || '' }}
+      with:
+        ref: ${{ github.event.repository.default_branch }}
+    - name: Check OpenSSL Website
+      id: site
+      if: inputs.version == ''
       run: |
-        if [ -n "${DEBUG:-}" ]; then
+        if ${{ inputs.debug }} || [ -n "${DEBUG:-}" ]; then
           set -x
         fi
 
+        set -eo pipefail
+
         fresh="$(
           grep -Eo -m1 -i '1\.1\.1.*available' <(
             curl -Ls 'https://www.openssl.org/news/newslog.html'
           ) | cut -d' ' -f1
         )"
 
-        stale="$(cat .env)"
+        echo "fresh=${fresh}" >> $GITHUB_OUTPUT
+    - name: Create PR
+      env:
+        GITHUB_TOKEN: ${{ github.token }}
+        DEBUG: ${{ runner.debug == '1' && '1' || '' }}
+      run: |
+        if ${{ inputs.debug }} || [ -n "${DEBUG:-}" ]; then
+          set -x
+        fi
+
+        if [ -n '${{ inputs.version }}' ]; then
+          fresh='${{ inputs.version }}'
+        else
+          fresh=${{ steps.site.outputs.version }}
+        fi
+
+        source .env
+        stale="$OPENSSL_VERSION"
 
         message="chore(*): update OpenSSL to ${fresh}"
+        branch="chore/openssl-${fresh}"
 
-        if [[ "$fresh" != "$stale" ]] ; then
+        if ${{ inputs.force }} || [[ "$fresh" != "$stale" ]]; then
 
           # PR already created for fresh version
           if gh pr list | grep "$message"; then
             exit 0
           fi
 
-          git checkout -b chore/openssl-${fresh}
+          gh auth setup-git
+
+          git config user.name github-actions
+          git config user.email github-actions@github.com
 
-          echo "$fresh" > .env
+          git checkout -b "$branch"
+
+          echo "OPENSSL_VERSION=${fresh}" > .env
           git add .env
           git commit -m "chore(*): update OpenSSL to ${fresh}"
 
-          pr="$(gh pr create --fill | grep -Eo '\d+$')"
+          git diff
+
+          git push origin "$branch"
+
+          gh pr create \
+            --head "$branch" \
+            --title "$message" \
+            --body "$(
+              echo -e "### Summary\n\nUpdate to ${fresh}. Generated by GitHub Actions."
+            )"
+
+          pr="$(
+            gh pr list | grep "$(
+              # escape asterisk
+              echo "$message" | sed -e 's@\*@\\*@'
+            )" | cut -d$'\t' -f1
+          )"
 
-          gh pr merge --auto "$pr"
+          # enable automerge
+          gh pr merge --auto --rebase "$pr"
         fi