From 45490de27e45ec9c4395d90b4463bad19a12f96b Mon Sep 17 00:00:00 2001
From: Jeremiah Russell <jerry@jrussell.ie>
Date: Tue, 23 Jun 2026 07:49:37 +0100
Subject: [PATCH] ci: run sonarcloud security on main
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The 'security with sonarcloud' job ignored main (and audit-only ran on main), so SonarCloud never scanned main — GitHub flags main's code-scanning results as out of date even though the code passed scanning as a PR. Move main out of both security filters: audit-only is now forked-PRs-only (/pull/N); with-sonarcloud now covers main, so main is scanned and results stay current.

Signed-off-by: Jeremiah Russell <jerry@jrussell.ie>
---
 .circleci/config.yml | 2 --
 1 file changed, 2 deletions(-)

diff --git a/.circleci/config.yml b/.circleci/config.yml
index e0becaa..fe130c3 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -51,7 +51,6 @@ workflows:
           filters:
             branches:
               only:
-                - main
                 - /pull\/[0-9]+/
       - toolkit/security:
           name: security with sonarcloud
@@ -60,7 +59,6 @@ workflows:
             branches:
               ignore:
                 - /pull\/[0-9]+/
-                - main
       - toolkit/code_coverage:
           package: lambda_sqs
           filters: