From 8d577aaa93c73a76182d79763dca97f848c47f5e Mon Sep 17 00:00:00 2001
From: Nick Bolton <nick@symless.com>
Date: Mon, 13 Oct 2025 12:32:08 +0100
Subject: [PATCH] fix: Always rune code scanning, even if draft PR

---
 .github/workflows/codeql-analysis.yml     | 2 --
 .github/workflows/sonarcloud-analysis.yml | 4 +++-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 22d3ece1f..8f72511f7 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -19,8 +19,6 @@ on:
 
 jobs:
   analyze:
-    if: ${{ !github.event.pull_request.draft }}
-
     runs-on: ubuntu-latest
     container: debian:trixie-slim
     timeout-minutes: 20
diff --git a/.github/workflows/sonarcloud-analysis.yml b/.github/workflows/sonarcloud-analysis.yml
index 2000e89c2..10c5260cc 100644
--- a/.github/workflows/sonarcloud-analysis.yml
+++ b/.github/workflows/sonarcloud-analysis.yml
@@ -18,7 +18,9 @@ on:
     branches: [master]
 
 jobs:
-  sonarcloud-analysis:
+  analyze:
+    # This job would fail for contributors who open PRs as the workflow runs outside of our repo
+    # in this scenario. Having a var that only we set to true prevents this job from running.
     if: ${{ vars.SONAR_SCANNER_ENABLED }}
 
     runs-on: ubuntu-latest