From bc33041cc228a614067213cf318b63741b5a9561 Mon Sep 17 00:00:00 2001
From: Henry Mercer <henrymercer@github.com>
Date: Wed, 11 Aug 2021 18:42:29 +0100
Subject: [PATCH] Always run `codeql (latest)` job on PRs so we can make it
 required

---
 .github/workflows/codeql.yml | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 3d5ccade2..320a790e8 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -46,13 +46,19 @@ jobs:
         CODEQL_VERSION_LATEST="$("$CODEQL_LATEST" version --format terse)"
         echo "Default CodeQL bundle version is $CODEQL_VERSION_DEFAULT"
         echo "Latest CodeQL bundle version is $CODEQL_VERSION_LATEST"
-        if [[ "$CODEQL_VERSION_DEFAULT" == "$CODEQL_VERSION_LATEST" ]]; then
-          # Just use `tools: null` to avoid duplication in the analysis job.
+
+        # If we're running on a pull request, run with both bundles, even if `tools: latest` would
+        # be the same as `tools: null`. This allows us to make the job for each of the bundles a
+        # required status check.
+        #
+        # If we're running on push, then we can skip running with `tools: latest` when it would be
+        # the same as running with `tools: null`.
+        if [[ "$GITHUB_EVENT_NAME" != "pull_request" && "$CODEQL_VERSION_DEFAULT" == "$CODEQL_VERSION_LATEST" ]]; then
           VERSIONS_JSON='[null]'
         else
-          # Use both `tools: null` and `tools: latest` in the analysis job.
           VERSIONS_JSON='[null, "latest"]'
         fi
+
         # Output a JSON-encoded list with the distinct versions to test against.
         echo "Suggested matrix config for analysis job: $VERSIONS_JSON"
         echo "::set-output name=versions::${VERSIONS_JSON}"