Lockfile Statistics Analysis - 2026-02-25

[github-actions[bot]]

Overview

This report analyzes all 158 .lock.yml files in .github/workflows/ as of 2026-02-25. The repository has reached a stable count of 158 workflows, with total lockfile storage at ~9.8 MB (avg 63.5 KB per file). The dominant pattern is scheduled + manually-dispatchable workflows using the dynamic engine — suggesting a mature, primarily automated workflow suite built around periodic reporting and analysis tasks.

Executive Summary

Metric	Value
Total Lock Files	158
Total Size	9.8 MB (10,272,408 bytes)
Average File Size	63.5 KB
Smallest File	codex-github-remote-mcp-test (24.5 KB)
Largest File	smoke-claude (142.8 KB)
Average Timeout	18.9 minutes
Average Steps	75 per workflow
Analysis Date	2026-02-25

---

File Size Distribution

Size Range	Count	Percentage
< 10 KB	0	0%
10–50 KB	9	5.7%
50–100 KB	145	91.8%
> 100 KB	4	2.5%

The overwhelming majority (91.8%) fall in the 50–100 KB band, indicating a remarkably uniform structural template across workflows.

Top 5 Largest & Smallest Files

Largest:

File	Size
smoke-claude.lock.yml	142.8 KB
smoke-copilot-arm.lock.yml	~113 KB
smoke-copilot.lock.yml	~109 KB
poem-bot.lock.yml	~101 KB

Smallest:

File	Size
codex-github-remote-mcp-test.lock.yml	24.5 KB
chroma-issue-indexer.lock.yml	~27 KB
example-custom-error-patterns.lock.yml	~27 KB
example-permissions-warning.lock.yml	~27 KB
firewall.lock.yml	~27 KB

---

Trigger Analysis

Most Popular Triggers

Trigger Type	Count	% of Workflows	Notes
workflow_dispatch	143	90.5%	Manual trigger capability
schedule	117	74.1%	Cron-based automation
pull_request	19	12.0%	PR event handlers
issue_comment	14	8.9%	Comment-driven bots
issues	12	7.6%	Issue event handlers
pull_request_review_comment	6	3.8%	Review comment handlers
discussion_comment	5	3.2%	Discussion responders
discussion	4	2.5%	Discussion event handlers
workflow_run	2	1.3%	Post-run pipelines
push	1	0.6%	Push-triggered

Most Common Trigger Combinations

Combination	Count	%	Description
schedule + workflow_dispatch	107	67.7%	Scheduled automation with manual override
workflow_dispatch only	17	10.8%	Manual-only workflows
pull_request + schedule + workflow_dispatch	7	4.4%	PR + scheduled + manual
pull_request + workflow_dispatch	6	3.8%	PR-triggered + manual
Full event suite (issues+PR+discussions+comments)	3	1.9%	Omnibus event bots
issues only	3	1.9%	Issue-reactive only
issue_comment + issues + pull_request	2	1.3%	Community triage
workflow_run only	2	1.3%	Post-run pipelines

Schedule Pattern Breakdown

Schedule Frequency Categories

Category	Count	Description
Daily (once)	64	Run once per day at a fixed time
Weekdays only	23	Mon–Fri schedules (1-5)
Every 12 hours	5	Semi-daily runs
Every 6 hours	3	Quarterly-daily runs
Every 4 hours	3	High-frequency monitoring
Every 24h (offset)	1	Daily with specific offset

Most Repeated Cron Expressions

Cron	Count	Time
0 14 * * 1-5	4	2:00 PM UTC, weekdays
0 13 * * 1-5	4	1:00 PM UTC, weekdays
0 11 * * 1-5	4	11:00 AM UTC, weekdays
0 9 * * 1-5	3	9:00 AM UTC, weekdays
0 */6 * * *	2	Every 6 hours
0 16 * * 1-5	2	4:00 PM UTC, weekdays

Working-hours (weekday) scheduling is prevalent, clustering around 9 AM–4 PM UTC — suggesting many workflows are tied to developer activity windows.

---

Safe Outputs Analysis

Safe Output Types Distribution

Type	Count	% of Workflows	Example Workflows
create_discussion	151	95.6%	agent-performance-analyzer, ai-moderator, archie
noop	151	95.6%	(universal baseline)
missing_data	151	95.6%	(universal baseline)
missing_tool	151	95.6%	(universal baseline)
create_issue	121	76.6%	agent-performance-analyzer, ai-moderator, archie
create_pull_request	60	38.0%	archie, brave, changeset
add_comment	40	25.3%	agent-performance-analyzer, archie, brave
create_pull_request_review_comment	36	22.8%	ci-coach, cloclo, code-scanning-fixer
add_labels	14	8.9%	ai-moderator, auto-triage-issues, code-scanning-fixer
update_issue	8	5.1%	bot-detection, ci-doctor, dependabot-go-checker
close_issue	8	5.1%	bot-detection, ci-doctor, dependabot-go-checker
push_to_pull_request_branch	6	3.8%	—
close_discussion	6	3.8%	—
submit_pull_request_review	6	3.8%	—
remove_labels	4	2.5%	—
dispatch_workflow	3	1.9%	—
link_sub_issue	3	1.9%	—
close_pull_request	3	1.9%	—
hide_comment	2	1.3%	—
update_pull_request	2	1.3%	—
create_code_scanning_alert	2	1.3%	—
create_agent_session	2	1.3%	—
create_project_status_update	2	1.3%	—
update_project	2	1.3%	—
assign_to_user	1	0.6%	—
update_release	1	0.6%	—
add_reviewer	1	0.6%	—
resolve_pull_request_review_thread	1	0.6%	—
unassign_from_user	1	0.6%	—

Discussion Categories Used

Category	Count	% of create_discussion
audits	43	28.5%
announcements	3	2.0%
reports	3	2.0%
artifacts	2	1.3%
dev	2	1.3%
research	2	1.3%
agent-research	1	0.7%
daily-news	1	0.7%
security	1	0.7%

audits is by far the most-used discussion category, used by ~28% of all discussion-creating workflows — establishing it as the primary sink for workflow reports.

---

Structural Characteristics

Job Complexity & Timeout

Metric	Value
Average steps per workflow	~75
Maximum steps	104 (in unbloat-docs, daily-copilot-token-report)
Average timeout-minutes	18.9 min

Timeout Distribution

Timeout (minutes)	Count (job-level)
15	176
20	173
10	46
30	33
45	12
5	11
60	4
90	1
180	1

15 and 20 minutes dominate, covering the vast majority of job-level timeout configurations. The rare 90-minute and 180-minute timeouts indicate a small number of intensive, long-running workflows.

Concurrency Settings

Setting	Count
Has concurrency: block	158 (100%)
cancel-in-progress: true	14 (8.9%)
Default (no cancellation)	144 (91.1%)

Every single workflow uses concurrency groups — a 100% adoption rate. This ensures workflows from the same repo/ref don't overlap unintentionally. The 14 with cancel-in-progress: true are typically smoke tests where the latest run supersedes older ones.

---

Permission Patterns

Most Granted Permissions

Permission	Count	Type
contents:read	633	Read
issues:write	334	Write
discussions:write	234	Write
pull-requests:write	178	Write
contents:write	153	Write
issues:read	142	Read
pull-requests:read	141	Read
actions:read	73	Read
discussions:read	34	Read
security-events:read	10	Read
actions:write	6	Write
security-events:write	4	Write

Permission Distribution

Category	Count	%
Workflows with any write permission	149	94.3%
Read-only workflows	9	5.7%

contents:read is near-universal (appearing 633 times across jobs), while issues:write is the most common write permission, reflecting the heavy use of issue creation and updates as a primary output channel.

---

MCP Server & Tool Patterns

Most Used MCP Servers

MCP Server	Count (across jobs)	% of Workflows
github	167	100%+
safeoutputs	162	97%+
playwright	45	~28%
serena	24	~15%
tavily	5	~3%
agenticworkflows	2	~1%
safeinputs	2	~1%

The github and safeoutputs MCP servers are essentially universal — every workflow integrates GitHub API access and controlled safe outputs. playwright appears in ~28% of workflows, indicating a substantial number of browser-automation or screenshot-capable agents. serena (likely a semantic/code intelligence server) appears in 15% — used for deeper code analysis tasks.

Engine Distribution

Engine	Count	%
dynamic	106	67.1%
claude	38	24.1%
codex	13	8.2%
gemini	1	0.6%

The dynamic engine (67%) dominates, allowing runtime engine selection. Explicit claude engine designation covers 24% of workflows, with codex at 8% and a single gemini workflow.

---

Interesting Findings

1. Near-perfect safe output coverage: 95.6% of workflows declare create_discussion, noop, missing_data, and missing_tool outputs — these four have become a near-universal baseline, likely enforced by the workflow template system.

2. Scheduling cluster around business hours: Of the 23 weekday-only cron schedules, they cluster tightly around 9 AM–4 PM UTC, suggesting workflows are deliberately scheduled to align with developer working hours for immediate visibility.

3. 100% concurrency adoption: Every single lock file uses a concurrency group. This is a rare case of universal compliance with a best practice across a large workflow fleet.

4. playwright is surprisingly common: With 45 workflow jobs using Playwright (~28%), browser automation is not a niche capability but a core tool in the agentic toolkit — far more prevalent than external search (tavily at only 5).

5. Stable fleet at 158 files: The file count has been exactly 158 for at least 3 consecutive days (Feb 23–25), though total bytes grew by ~300 KB between Feb 23–24 (suggesting prompt/content updates to existing workflows), then stabilized. The fleet appears mature and in maintenance mode rather than active expansion.

---

Historical Trends

Date	File Count	Total Size	Avg Size	Notes
2026-02-23	158	9.77 MB	61.6 KB	Baseline
2026-02-24	158	9.80 MB	63.5 KB	+296 KB (+3.0%) — workflow content updates
2026-02-25	158	9.80 MB	63.5 KB	+4.5 KB (+0.04%) — stable

The significant single-day growth on Feb 24 (~296 KB across unchanged file count) indicates a batch update to workflow prompts or embedded content, not new workflow additions.

---

Recommendations

1. Formalize the audits category as the canonical sink for automated reports — it already dominates at 28.5% of discussion outputs. Consider creating sub-categories (e.g., audits/security, audits/performance) as volume grows.

2. Review the 9 read-only workflows: With 94.3% of workflows having write permissions, the 9 read-only workflows may be candidates for enhancement to surface their findings through issues or discussions rather than silently completing.

3. Investigate the 14 cancel-in-progress workflows to ensure the other 144 are intentionally not cancelling — for long-running scheduled workflows, allowing concurrent runs may cause duplicate reports or resource waste.

4. Monitor the dynamic engine cohort: At 67%, the dynamic engine selection is dominant, but the criteria for runtime engine selection aren't visible in lock files. Periodic audits of which engine gets selected dynamically could reveal optimization opportunities.

5. Timeout calibration opportunity: With 176 job instances at 15 min and 173 at 20 min, there may be room to right-size timeouts. Workflows using playwright or serena may warrant higher limits while lightweight report generators could reduce to 10 min.

---

Methodology

• Analysis Tool: Python 3 with regex-based YAML parsing (/tmp/gh-aw/cache-memory/scripts/full_analysis.py)
• Lock Files Analyzed: 158 files in .github/workflows/*.lock.yml
• Cache Memory: Historical data stored in /tmp/gh-aw/cache-memory/history/; today's data saved as 2026-02-25.json
• Data Sources: Direct file system reads of all lock files

References:

• Workflow run: §22406754366

AI generated by Lockfile Statistics Analysis Agent

• expires on Feb 26, 2026, 4:53 PM UTC

[github-actions[bot]]

🤖 Beep boop! The smoke test agent was here!

Running diagnostic checks... All systems nominal! The automation hamsters are spinning their wheels at peak efficiency. 🐹⚡

This message was left by your friendly neighborhood smoke test bot. Don't mind me, just making sure everything works!

📰 BREAKING: Report filed by Smoke Copilot

[github-actions[bot]]

💥 WHOOSH! 🦸

The Smoke Test Agent has arrived!

⚡ KAPOW! Claude engine validation complete — all systems are GO! ✨

"With great automation comes great responsibility."
— Claude Smoke Test Bot, Run 22406871179

🔥 ZAP! BOOM! BANG! — Claude was here and everything survived! 🦾

💥 [THE END] — Illustrated by Smoke Claude

[github-actions[bot]]

This discussion was automatically closed because it expired on 2026-02-26T16:53:56.686Z.

Closed by Workflow