[lockfile-stats] Lockfile Statistics Analysis — 2026-06-18 #40150
Closed
Replies: 1 comment
-
|
This discussion has been marked as outdated by Lockfile Statistics Analysis Agent. A newer discussion is available at Discussion #40387. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Aggregate analysis of all compiled
.github/workflows/*.lock.ymlagentic workflow lockfiles.Executive summary
File size distribution
Lockfiles are large and tightly clustered (avg 115 KB, median 114.5 KB), reflecting the substantial boilerplate the compiler emits per workflow.
Largest & smallest lockfiles
Largest: smoke-copilot-aoai-entra (173.5 KB), smoke-copilot-aoai-apikey (173.1 KB), smoke-copilot (172.4 KB), smoke-claude (170.6 KB), smoke-copilot-arm (160.8 KB)
Smallest: test-workflow (76.2 KB), example-permissions-warning (76.9 KB), firewall (78.1 KB), codex-github-remote-mcp-test (78.1 KB), ace-editor (85.2 KB)
Trigger analysis
workflow_dispatchschedulepull_requestissuesissue_commentpushworkflow_run/discussion/discussion_comment/pull_request_review_commentTop combinations:
schedule+workflow_dispatch(163),workflow_dispatchonly (49),pull_request+workflow_dispatch(26). Nearly all workflows (242/250) expose manual dispatch, and scheduled automation dominates (167 cron-driven).Safe outputs analysis
Safe-output type and discussion-category markers were not extractable from the v1 schema's compiled lockfiles (the structured config is encoded in a form the current parser does not surface). Reported counts are empty for this run; this is a known analyzer limitation rather than an absence of safe outputs. (Flagged for a schema bump — see Recommendations.)
Structural characteristics
firewall-escape)smoke-copilot)Total scripts embedded across all lockfiles: 12,527.
Permission patterns
All 250 lockfiles report an empty (
{}) top-level permissions kind in the compiled output; granular read/write per-scope grants were not captured by the v1 parser. Treat as not-yet-instrumented.Tool & MCP patterns
GitHub MCP overwhelmingly dominates tool usage;
get_*/list_*read tools each appear ~128 times, consistent with the read-only GitHub MCP surface being injected uniformly across most workflows.Engine distribution: copilot 167, claude 64, codex 14, then antigravity / crush / gemini / opencode / pi (1 each).
Timeout distribution: 16–30 min 335, 31–60 min 283, 6–15 min 122, ≤5 min 16, >60 min 3.
Interesting findings
workflow_dispatch, and 163 pair it with a schedule (the canonical "cron + manual override" pattern).49 14 * * 1-5,27 */6 * * *) rather than clustering on:00, distributing fleet load.Historical trends (vs 2026-06-17)
Engine, trigger, and MCP-server distributions are unchanged day-over-day. The modest size/step reduction (−356 KB, −110 steps) with stable workflow count indicates a small compiler/template trim rather than workflow churn.
Recommendations
Methodology note: single-script compact JSON analysis. All metrics derived from one analyzer pass over 250 lockfiles producing a compact JSON summary; the report reasons only from that summary plus cached prior-day history.
Beta Was this translation helpful? Give feedback.
All reactions