Add lockfile statistics analysis workflow for nightly audits

[Copilot]

This PR adds a new agentic workflow that performs comprehensive statistical and structural analysis of all .lock.yml files in the repository, publishing insights to the "audits" discussion category.

Overview

The workflow automatically analyzes agentic workflow lock files to identify usage patterns, popular triggers, safe outputs, file sizes, and interesting structural characteristics. This provides valuable visibility into how workflows are structured and evolving over time.

Features

Automated Analysis

• Schedule: Runs nightly at 3am UTC via cron schedule
• Manual Trigger: Supports on-demand execution via workflow_dispatch
• Scope: Analyzes all .lock.yml files in .github/workflows/

Statistical Insights

The workflow generates comprehensive statistics including:

1. File Size Analysis

   • Distribution histogram (< 10KB, 10-50KB, 50-100KB, > 100KB)
   • Average, minimum, and maximum sizes
   • Size trends over time

2. Trigger Patterns

   • Most popular trigger types (issues, PRs, schedule, workflow_dispatch)
   • Common trigger combinations
   • Cron schedule pattern analysis

3. Safe Outputs Usage

   • Distribution of safe output types (create-discussion, create-issue, add-comment, create-pull-request, etc.)
   • Category distribution for discussions
   • Multi-output workflow patterns

4. Structural Metrics

   • Average jobs per workflow
   • Average steps per job
   • Job complexity distribution
   • Permission patterns (read-only vs. write)

5. Tool & MCP Analysis

   • Most commonly used MCP servers
   • Common tool configurations
   • Timeout patterns
   • Engine distribution (Claude, Copilot, Codex, Custom)

Persistent Knowledge with Cache-Memory

The workflow uses the cache-memory tool to build persistent knowledge:

• Stores successful analysis scripts in /tmp/gh-aw/cache-memory/scripts/ for reuse
• Maintains historical data in /tmp/gh-aw/cache-memory/history/ for trend analysis
• Builds a pattern library for efficient future runs

Output

Results are published as a comprehensive markdown report to the "audits" discussion category, including:

• Executive summary with key metrics
• Detailed tables for each statistical category
• Average lock file structure breakdown
• Interesting findings and patterns
• Historical trends (when available)
• Actionable recommendations

Implementation Details

• Engine: Claude (AI-powered analysis)
• Timeout: 15 minutes
• Tools: cache-memory, bash
• Permissions: Minimal (contents: read, actions: read)
• Safe Outputs: create-discussion (category: "audits", max: 1)

Files Added

• .github/workflows/lockfile-stats.md - Workflow definition with detailed AI agent instructions
• .github/workflows/lockfile-stats.lock.yml - Compiled GitHub Actions workflow (auto-generated)

Testing

• ✅ Workflow compiles successfully (180.3 KB)
• ✅ All unit tests pass
• ✅ YAML validation passes
• ✅ Ready for immediate use

This workflow provides valuable insights into workflow patterns and helps track the evolution of agentic workflows in the repository over time.

Original prompt

Add an agentic workflow that does a statistical/size analysis of the agentic workflow lock files (.lock.yml)

Runs nightly at 3am, or from workflow_dispatch, publishes result to "audits" discussion category.

The agent should look for popular triggers and safe outputs, sizes of steps, interesting usage patterns.

Generate a table that explains the general average structure of .lock.yml files.

Use cache-memory tool to remember successful plans or scripts used to generate the reports.

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

[github-actions]

Agentic Changeset Generator triggered by this pull request