[lockfile-stats] Lockfile Statistics Report — 2026-06-03

[github-actions[bot]]

Executive Summary

Analysis of 239 compiled .lock.yml workflows in .github/workflows as of 2026-06-03. All files parsed successfully (0 skipped).

Metric	Value
Lockfiles	239 (+1 vs. prior day)
Total size	23.7 MB (24,865,869 bytes)
Average size	101.6 KB (104,041 bytes)
Median size	101.4 KB (103,813 bytes)
Smallest	test-workflow.lock.yml — 65.5 KB
Largest	smoke-claude.lock.yml — 184.9 KB
Total jobs / steps / scripts	1,911 / 25,285 / 12,131

The corpus grew by one workflow since 2026-06-02 — a scheduled, workflow_dispatch-enabled Copilot-engine workflow contributing ~7 jobs, ~100 steps, and ~50 inline scripts.

File Size Distribution

Lockfiles are large and tightly clustered (compiled output, not source). No file is below 50 KB.

Bucket	Count
50–100 KB	90
100–250 KB	149

Top 10 largest lockfiles

Workflow	Size
smoke-claude	184.9 KB
smoke-copilot	160.0 KB
smoke-copilot-arm	148.2 KB
smoke-codex	135.9 KB
mcp-inspector	132.1 KB
issue-monster	130.1 KB
deep-report	129.9 KB
cloclo	127.8 KB
daily-news	125.0 KB
daily-performance-summary	123.1 KB

Trigger Analysis

workflow_dispatch is near-universal (231/239, 96.7%) and schedule drives the majority (161/239, 67.4%) — consistent with a fleet of mostly autonomous, cron-driven agents that also retain manual-run capability.

Trigger	Count
workflow_dispatch	231
schedule	161
pull_request	33
issues	4
issue_comment	2
push	2
workflow_run / discussion / discussion_comment / pr_review_comment	1 each

Top trigger combinations

Combination	Count
schedule + workflow_dispatch	157
workflow_dispatch (only)	44
pull_request + workflow_dispatch	26
pull_request (only)	3

The dominant pattern (schedule + workflow_dispatch, 65.7% of all workflows) confirms the "scheduled agent with manual override" archetype.

Schedule cadence notes

30 distinct cron expressions in use. Most are once-daily at randomized minutes/hours (jitter to avoid API thundering-herd). A few run more frequently: 23 * * * * (hourly), several */6/*/4-hour cadences, and weekday-only business-hours schedules (* * 1-5).

Structural Characteristics

Compiled workflows are highly uniform in shape.

Dimension	Min	Avg	Max	Max workflow
Jobs / workflow	5	8.0	12	firewall-escape
Steps / workflow	69	105.8	145	smoke-copilot

Totals: 1,911 jobs, 25,285 steps, 12,131 inline scripts across the corpus. The narrow job range (5–12) reflects the shared compiler scaffold; variation comes mostly from engine and safe-output plumbing.

Timeout Patterns

Timeout (min)	Job count
≤5	14
6–15	355
16–30	317
31–60	32
>60	3

The vast majority of jobs cap at 30 minutes or less — sensible bounding for agentic runs.

Engine Distribution

Engine	Workflows
copilot	157
claude	63
codex	14
antigravity / crush / gemini / opencode / pi	1 each

Copilot is the default engine for ~66% of workflows; Claude is the clear second at ~26%.

Tool & MCP Patterns

The GitHub MCP server dominates tool wiring with 6,552 tool references — roughly 27 GitHub tools enabled per workflow on average. Many GitHub read tools appear in exactly 126 workflows, indicating a shared read-only GitHub toolset template.

MCP server	References
github	6,552
playwright	168
sentry	96
ruflo	16
grafana	14
arxiv	6
deepwiki	6

Note on safe-output & permission extraction

The cached v1 analyzer reports empty safe_output_types, discussion_categories, and top-level permissions maps (all 239 workflows show a {} top-level permissions kind). Because the compiled lockfiles embed these as job-level GitHub Actions constructs rather than the source-level safe-outputs: keys, the current regex-based pass does not resolve them. This is a known limitation of the v1 schema and a candidate for a v2 bump — flagged under Recommendations rather than reported as zero usage.

Interesting Findings

1. Extreme structural uniformity — every workflow has 5–12 jobs and 69–145 steps despite wildly different purposes. The compiler scaffold, not the agent logic, dominates lockfile shape and size.
2. The "126" fingerprint — dozens of distinct GitHub MCP read tools each appear in exactly 126 workflows, revealing a shared read-only GitHub toolset preset applied to roughly half the fleet.
3. Compiled bloat is real — the smallest possible workflow still weighs 65.5 KB; the corpus totals 23.7 MB of generated YAML for what is largely boilerplate.
4. Smoke tests are the heavyweights — the four largest files are all smoke-* engine matrix workflows, the natural consequence of exercising multiple engine paths in one lockfile.
5. Manual override is the norm, not the exception — 96.7% of workflows keep workflow_dispatch, so even fully autonomous scheduled agents remain hand-runnable.

Historical Trends (2026-06-02 → 2026-06-03)

Metric	06-02	06-03	Δ
Lockfiles	238	239	+1
Total bytes	24,722,577	24,865,869	+143,292 (+0.6%)
Avg size (B)	103,876	104,041	+165
Jobs	1,904	1,911	+7
Steps	25,185	25,285	+100
Scripts	12,081	12,131	+50
schedule triggers	160	161	+1
copilot engine	156	157	+1

The single net-new workflow is scheduled + dispatch-enabled and Copilot-powered, matching the corpus's dominant archetype. 15 days of history are retained (2026-05-20 onward).

Recommendations

1. Bump the analyzer to lockfile_stats_v2.py to resolve safe-output types, discussion categories, and effective permissions from the compiled job structure (current v1 reports these as empty due to regex limits).
2. Investigate the GitHub MCP toolset size — ~27 GitHub tools per workflow and a 126-workflow shared preset suggest most agents enable far more read tools than they use; trimming presets would shrink lockfiles and tighten least-privilege.
3. Track lockfile size growth — at +0.6%/day from a single added workflow, monitor whether compiled-YAML size becomes a repo-weight concern over time.

Methodology

Single-script compact JSON analysis: one cached Python analyzer (lockfile_stats_v1.py) parsed all 239 lockfiles in a single pass, emitting a compact summary JSON (4.7 KB); all insights and deltas were derived from that summary and the prior day's cached summary. No per-file content was re-read during reporting.

References: §26913585542

Generated by 📊 Lockfile Statistics Analysis Agent · opus48 3.3M · ◷

• expires on Jun 4, 2026, 9:22 PM UTC

[github-actions[bot]]

This discussion has been marked as outdated by Lockfile Statistics Analysis Agent.

A newer discussion is available at Discussion #36994.