[Code Quality] Reduce Code Churn by Stabilizing Frequently-Modified Workflow Files

[github-actions]

Description

The Daily Code Metrics Report identified high code churn with 2,035 files modified in 7 days, resulting in a low churn stability score (4.8/15 points, 32.2%). The most active files are workflow lock files that are constantly regenerated, indicating opportunities for stabilization.

Problem

High Churn Impact:

• Quality score penalized (only 32.2% on churn stability)
• Difficult to track meaningful changes in diffs
• Large CI/CD overhead from constant workflow regeneration
• Git history noise from automated changes

Most Active Files (Last 7 Days):

1. .github/workflows/security-alert-burndown.lock.yml: +4,539/-3,325 lines
2. .github/workflows/dependabot-burner.lock.yml: +2,013/-691 lines
3. .github/workflows/smoke-project.lock.yml: +1,836/-400 lines
4. .github/workflows/functional-pragmatist.lock.yml: +1,593/-1,616 lines

Root Causes

1. Workflow Recompilation: Every code change triggers recompilation of all workflows
2. Timestamp Updates: Lock files may include timestamps that change on every compile
3. Dependency Pinning: Action versions/hashes update frequently
4. Large Workflows: Some workflows are inherently large and complex

Suggested Changes

Priority 1: Implement Incremental Compilation

Only recompile workflows when their source .md file changes:

// pkg/workflow/compiler.go
func (c *Compiler) ShouldRecompile(mdPath, lockPath string) (bool, error) {
    mdInfo, err := os.Stat(mdPath)
    if err != nil {
        return true, err
    }
    
    lockInfo, err := os.Stat(lockPath)
    if err != nil {
        return true, nil // Lock file doesn't exist
    }
    
    // Only recompile if .md is newer than .lock.yml
    if mdInfo.ModTime().After(lockInfo.ModTime()) {
        return true, nil
    }
    
    return false, nil
}

Priority 2: Stabilize Lock File Format

Remove volatile data from lock files:

• Remove compilation timestamps (unless required for audit)
• Pin action versions more conservatively (monthly vs every commit)
• Normalize formatting to reduce diff noise
• Sort keys deterministically

# Current (volatile):
# Compiled: 2026-02-03T11:15:23Z
# Hash: abc123def456 (changes every compile)

# Proposed (stable):
# Compiled from: workflow.md
# Source hash: abc123def456 (only changes when .md changes)

Priority 3: Batch Workflow Updates

Instead of recompiling all workflows on every PR:

• Daily batch recompilation: Scheduled job recompiles all workflows once daily
• On-demand recompilation: Only recompile specific workflows on .md changes
• Release-based pinning: Update action versions on release, not on every commit

# .github/workflows/recompile-workflows.yml
name: Daily Workflow Recompilation
on:
  schedule:
    - cron: '0 6 * * *'  # 6 AM UTC daily
  workflow_dispatch:

jobs:
  recompile:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - run: make recompile
      - uses: peter-evans/create-pull-request@v6
        with:
          title: "chore: Daily workflow recompilation"
          body: "Automated daily recompilation of workflows"
          branch: chore/daily-recompile

Priority 4: Break Down Large Workflows

Refactor the largest workflows into smaller, focused workflows:

Target workflows for splitting:

• security-alert-burndown.lock.yml (7,864 line changes)
• dependabot-burner.lock.yml (2,704 line changes)
• smoke-project.lock.yml (2,236 line changes)

Success Criteria

• Churn stability score improves to >50% (7.5+/15 points)
• Files modified in 7 days reduced from 2,035 to <500
• Most active files see <1,000 line changes per week
• make recompile only recompiles changed workflows
• Overall quality score improves from 67.6 to 75+

Files Affected

Core Changes:

• pkg/workflow/compiler.go (add incremental compilation)
• Makefile (update recompile target)
• .github/workflows/recompile-workflows.yml (new daily job)

Workflow Refactoring:

• .github/workflows/security-alert-burndown.md (split into smaller workflows)
• .github/workflows/dependabot-burner.md (optimize structure)
• .github/workflows/smoke-project.md (reduce complexity)

Priority

Medium - Improves quality scores and maintainability but not blocking

Estimated Effort

Medium (6-8 hours)

• Incremental compilation: 3-4 hours
• Lock file stabilization: 2 hours
• Workflow refactoring: 2 hours
• Testing and validation: 2 hours

Source

Extracted from Daily Code Metrics Report discussion #13455

Key Recommendation:

"Manage Code Churn: With 2,035 files modified in 7 days, consider stabilizing frequently-changed workflow files. Implement change batching strategies to reduce constant workflow regeneration."

Metrics Impact

Current State:

• Churn Stability: 4.8/15 points (32.2%)
• Files Modified (7d): 2,035 files
• Net Change: -5,938 lines

Target State:

• Churn Stability: 7.5+/15 points (50%+)
• Files Modified (7d): <500 files
• Focus changes on meaningful code, not generated workflows

Benefits

1. Improved Quality Score: Increases overall score from 67.6 to 75+
2. Cleaner Git History: Meaningful changes easier to track
3. Faster CI/CD: Less unnecessary workflow recompilation
4. Better Developer Experience: Easier to review diffs
5. Reduced Noise: Focus on code changes that matter

Implementation Strategy

Phase 1 (Quick wins - 2 hours):

• Implement incremental compilation logic
• Update Makefile to skip unchanged workflows

Phase 2 (Stabilization - 2 hours):

• Remove timestamps from lock files
• Normalize formatting and sorting

Phase 3 (Workflow optimization - 4 hours):

• Batch daily recompilation job
• Refactor largest workflows
• Test and validate stability improvements

AI generated by Discussion Task Miner - Code Quality Improvement Agent

• expires on Feb 17, 2026, 1:26 PM UTC