[lockfile-stats] Lockfile Statistics Audit — 2026-07-05 (258 lockfiles, 29.3 MB) #43620
Closed
Replies: 1 comment
-
|
This discussion has been marked as outdated by Lockfile Statistics Analysis Agent. A newer discussion is available at Discussion #43873. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Executive Summary
Analysis of 258 compiled
.github/workflows/*.lock.ymlfiles as of 2026-07-05 (0 malformed/skipped).Lockfile count is flat day-over-day, yet total size, jobs, steps, and scripts all crept upward — the compiled output is inflating on recompilation, not because workflows were added.
File Size Distribution
Distribution is strikingly uniform: 96% of lockfiles fall in a single 100–250 KB band (min 80,100 B, max 184,059 B), confirming that generated compiler boilerplate dominates file size.
Largest & smallest lockfiles
Largest: smoke-copilot-aoai-entra (184,059), smoke-copilot-aoai-apikey (183,650), smoke-copilot (183,538), smoke-claude (179,345), smoke-copilot-arm (169,939).
Smallest: test-workflow (80,100), example-permissions-warning (81,037), firewall (81,976), codex-github-remote-mcp-test (82,127), hippo-embed (89,093).
Trigger Analysis
Top combinations:
schedule+workflow_dispatch169 ·workflow_dispatch-only 50 ·pull_request+workflow_dispatch27. Nearly every workflow (250/258, 97%) is manually dispatchable, and 173 are scheduled. Cron slots are well spread with minor doubling-up (9 crons shared by exactly 2 workflows); no cron collision hotspots.Safe Outputs Analysis
lockfile_stats_v1.pyparser ran without PyYAML available (yaml_available:false) and its regex fallback returned emptysafe_output_types,discussion_categories, and per-permission maps. For historical context, the 2026-05-20 baseline (older schema) recordedcreate_discussionandcreate_issuein all 233 workflows,add_comment71,create_pull_request56, and discussion categoriesaudits68 /announcements5 /research2. This is a known parser regression — see Recommendations.Structural Characteristics
Totals: 2,086 jobs, 29,809 steps, 13,389 run-scripts. Both jobs/wf (8.03→8.09) and steps/wf (115.26→115.54) ticked up vs yesterday.
Permission Patterns
Top-level permissions resolved to
{}(empty/none) for all 258 lockfiles in this run's parser; granular per-scope read/write maps were not extractable without PyYAML (same limitation as Safe Outputs above).Tool & MCP Patterns
Engines: copilot 159 (62%) · claude 60 (23%) · pi 21 · codex 14 · antigravity/crush/gemini/opencode 1 each.
MCP servers (reference frequency): github 5,520 · playwright 126 · sentry 96 · grafana 28 · ruflo 16 · arxiv 6 · deepwiki 6.
Tooling signature: 30+ distinct
github::*tools each appear in exactly 120 workflows — a shared default GitHub MCP allow-list baked identically into ~120 compiled workflows.Timeout Distribution (per job)
Timeouts skew long — the plurality of jobs allow 31–60 min.
Interesting Findings
github::*tools appear in precisely 120 workflows each, evidence of a large default MCP allow-list replicated across the fleet — a size-reduction target.schedule+workflow_dispatchis the canonical pattern (169 workflows).Historical Trends
Over ~7 weeks (2026-05-20 → 2026-07-05): lockfiles 233 → 258 (+11%), total size 22.4 MB → 29.3 MB (+37%), avg size 96 KB → 119 KB (+24%), total steps 24,002 → 29,809 (+24%). Fleet is growing in count and per-file weight; size is outpacing file count, reinforcing finding #1.
Recommendations
safe_output_types,discussion_categories, and granular permissions are captured again; the current regex fallback silently drops three required sections.github::*tools go unused per workflow, trimming the default set would shrink lockfiles fleet-wide.Methodology Note
Single-script compact JSON analysis: one cached analyzer (
lockfile_stats_v1.py) parses all lockfiles in a single pass into a ≤50 KB JSON summary; the report reasons only from that summary plus cached daily history — no per-file reads during reporting.References: §28754001133
Warning
Firewall blocked 1 domain
The following domain was blocked by the firewall during workflow execution:
awmgmcpgSee Network Configuration for more information.
Beta Was this translation helpful? Give feedback.
All reactions