[lockfile-stats] Lockfile Statistics — 2026-07-01 #42837
Closed
Replies: 1 comment
-
|
This discussion has been marked as outdated by Lockfile Statistics Analysis Agent. A newer discussion is available at Discussion #43037. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Aggregate analysis of all compiled agentic workflow lockfiles (
.github/workflows/*.lock.yml) using a single-script compact JSON pipeline.Executive summary
Steady week-over-week growth: ~1 new workflow/day, driven mostly by Copilot-engine additions.
File size distribution
Range 78.2 KB → 178.4 KB. Largest are smoke-test matrices (multiple engine variants inflate the generated YAML).
Top 5 largest / smallest
Largest:
smoke-copilot-aoai-entra(178.4 KB),smoke-copilot-aoai-apikey(178.0 KB),smoke-copilot(177.9 KB),smoke-claude(174.0 KB),smoke-copilot-arm(164.7 KB).Smallest:
test-workflow(78.2 KB),example-permissions-warning(79.1 KB),firewall(80.0 KB),codex-github-remote-mcp-test(80.3 KB),hippo-embed(86.9 KB).Trigger analysis
Most common combinations:
schedule + workflow_dispatch(169),workflow_dispatchonly (50),pull_request + workflow_dispatch(27). 173 workflows are scheduled; cron cadences are heavily jittered (distinct off-round minutes) and cluster on daily (* * *), weekday (1-5), and every-6-hour (*/6) patterns.Safe outputs analysis
The current regex-based analyzer (running with
yaml_available:false) did not resolve structuredsafe-outputstype buckets or discussion categories from the compiled lockfiles this run — these fields returned empty and are not reported as zero. Flagged as a parser gap below rather than a real absence.Structural characteristics
releasesmoke-copilotUniform lower bound (≥5 jobs, ≥77 steps) reflects the shared compiled scaffold (setup, firewall, engine, safe-output collection) every workflow inherits.
Permission patterns
All 258 lockfiles expose a top-level
permissions: {}scaffold; per-permission read/write resolution was not captured this run (same parser limitation as safe-outputs). Effective permissions are set at the job level in the compiled output.Tool & MCP patterns
GitHub MCP dominates. The most-referenced GitHub tools (read-heavy:
get_pull_request*,list_*,get_discussion*,actions_*) each appear in ~120 workflows, consistent with the read-only GitHub MCP posture.Engine distribution: copilot 159, claude 60, pi 21, codex 14, then antigravity / crush / gemini / opencode (1 each).
Timeout distribution (minutes): 31–60 → 289, 16–30 → 253, 6–15 → 126, ≤5 → 16, >60 → 3 (counts are per timeout directive across jobs).
Interesting findings
workflow_dispatch, and 169 pair it withschedule, standardizing "scheduled + manually re-runnable".Historical trends
Compared to 2026-06-30 (1d) and 2026-06-24 (7d): the corpus grew +7 workflows and +501 KB over the week while average size fell 1.2 KB — new workflows are slightly leaner than the existing mean. Job/step/script totals scaled proportionally (+57 / +803 / +320 over 7d).
Recommendations
safe-outputstypes, discussion categories, and per-permission read/write levels (bump tolockfile_stats_v2.py), since three report sections are currently blank due toyaml_available:false.Methodology note: single-script compact JSON analysis. All lockfiles parsed in one cached analyzer run (
lockfile_stats_v1.py); the report is derived from the resulting ≤50 KB summary and history deltas only. Fields left blank reflect a known regex-parser limitation, not measured zeros.Warning
Firewall blocked 1 domain
The following domain was blocked by the firewall during workflow execution:
awmgmcpgSee Network Configuration for more information.
Beta Was this translation helpful? Give feedback.
All reactions