diff --git a/.github/workflows/codeql-actions.yml b/.github/workflows/codeql-actions.yml
index 2d3bf95bc..fecb95d02 100644
--- a/.github/workflows/codeql-actions.yml
+++ b/.github/workflows/codeql-actions.yml
@@ -7,12 +7,14 @@ on:
   pull_request:
     paths:
       - .github/workflows/*.yml
+  workflow_dispatch:
   schedule:
     - cron: '17 10 * * 2'
 
 jobs:
   analyze-python:
     name: Analyze GitHub Actions
+    if: github.repository_owner == 'mongodb' || github.event_name == 'workflow_dispatch'
     runs-on: "ubuntu-latest"
     timeout-minutes: 360
     permissions:
diff --git a/.github/workflows/codeql-python.yml b/.github/workflows/codeql-python.yml
index a5bc8d2c9..b8964e2a0 100644
--- a/.github/workflows/codeql-python.yml
+++ b/.github/workflows/codeql-python.yml
@@ -11,6 +11,7 @@ on:
       - .github/workflows/*python.yml
   schedule:
     - cron: '17 10 * * 2'
+  workflow_dispatch:
   workflow_call:
     inputs:
       ref:
@@ -20,6 +21,7 @@ on:
 jobs:
   analyze-python:
     name: Analyze Python
+    if: github.repository_owner == 'mongodb' || (github.event_name == 'workflow_dispatch' || github.event_name == 'workflow_call')
     runs-on: "macos-latest"
     timeout-minutes: 360
     permissions:
diff --git a/.github/workflows/dist-python.yml b/.github/workflows/dist-python.yml
index 32b795b62..dd278d4ea 100644
--- a/.github/workflows/dist-python.yml
+++ b/.github/workflows/dist-python.yml
@@ -15,9 +15,6 @@ on:
   workflow_dispatch:
   workflow_call:
     inputs:
-      force:
-        required: true
-        type: boolean
       ref:
         required: true
         type: string
@@ -33,7 +30,7 @@ defaults:
 
 jobs:
   build_dist:
-    if: github.repository_owner == 'mongodb' || inputs.force == true
+    if: github.repository_owner == 'mongodb' || (github.event_name == 'workflow_dispatch' || github.event_name == 'workflow_call')
     runs-on: ${{ matrix.os }}
     strategy:
       matrix:
diff --git a/.github/workflows/release-python.yml b/.github/workflows/release-python.yml
index 047577b9a..b0c2d30fa 100644
--- a/.github/workflows/release-python.yml
+++ b/.github/workflows/release-python.yml
@@ -35,6 +35,7 @@ defaults:
 jobs:
   pre-publish:
     environment: release-python
+    if: github.repository_owner == 'mongodb' || github.event_name == 'workflow_dispatch'
     runs-on: ubuntu-latest
     permissions:
       id-token: write
@@ -65,7 +66,6 @@ jobs:
     needs: [pre-publish]
     uses: ./.github/workflows/dist-python.yml
     with:
-      force: true
       ref: ${{ needs.pre-publish.outputs.version }}
 
   static-scan:
diff --git a/.github/workflows/zizmor.yml b/.github/workflows/zizmor.yml
index 92bd4fb45..36c084aa0 100644
--- a/.github/workflows/zizmor.yml
+++ b/.github/workflows/zizmor.yml
@@ -9,6 +9,7 @@ on:
 jobs:
   zizmor:
     name: zizmor latest via Cargo
+    if: github.repository_owner == 'mongodb'
     runs-on: ubuntu-latest
     permissions:
       security-events: write