[lockfile-stats] Lockfile Statistics Analysis — 2026-04-13

[github-actions[bot]]

Overview

Analysis of 187 agentic workflow lock files in .github/workflows/*.lock.yml as of 2026-04-13. The repository has grown from 178 files (~11.5 MB) two weeks ago to 187 files (~13.8 MB) today — an 8.5 MB growth in total size even though file count stabilized at 187 since April 9th, indicating existing workflows are increasing in complexity rather than new ones being added.

Run §24319625427 · Analysis script cached at /tmp/gh-aw/cache-memory/scripts/analyze_lockfiles.py

---

Summary

Metric	Value
Total Lock Files	187
Total Size	13.8 MB
Average File Size	75.6 KB
Analysis Date	2026-04-13
Average Steps per Workflow	90.5
Average Jobs per Workflow	7.4
Average Timeout	19.1 minutes
Total Steps Across All Workflows	16,917

---

File Size Distribution

Size Range	Count	Percentage
< 10 KB	0	0%
10–50 KB	6	3.2%
50–100 KB	175	93.6%
> 100 KB	6	3.2%

Statistics:

• Smallest: codex-github-remote-mcp-test.lock.yml (30.3 KB)
• Largest: smoke-claude.lock.yml (158.6 KB)

The distribution is remarkably uniform — 93.6% of lock files fall in the 50–100 KB band, reflecting a consistent harness template structure.

---

Trigger Analysis

Most Popular Triggers

Trigger Type	Count	Percentage
workflow_dispatch	172	91.9%
schedule	136	72.7%
pull_request	31	16.6%
issue_comment	15	8.0%
issues	12	6.4%
pull_request_review_comment	6	3.2%
discussion	4	2.1%
discussion_comment	4	2.1%
workflow_call	2	1.1%
workflow_run	1	0.5%
push	1	0.5%

Common Trigger Combinations

Combination	Count	Percentage
schedule + workflow_dispatch	123	65.8%
workflow_dispatch only	17	9.1%
pull_request + workflow_dispatch	13	7.0%
pull_request + schedule + workflow_dispatch	9	4.8%
issue_comment only	3	1.6%
issue_comment + issues + pull_request	2	1.1%
Full event suite (discussion, issue, PR, comments)	2	1.1%

View All Trigger Combinations (15 total)

Combination	Count
('schedule', 'workflow_dispatch')	123
('workflow_dispatch',)	17
('pull_request', 'workflow_dispatch')	13
('pull_request', 'schedule', 'workflow_dispatch')	9
('issue_comment',)	3
('issue_comment', 'issues', 'pull_request')	2
('discussion', 'discussion_comment', 'issue_comment', 'issues', 'pull_request', 'pull_request_review_comment')	2
('issues',)	2
('issue_comment', 'pull_request_review_comment')	2
('workflow_call', 'workflow_dispatch')	2
('issues', 'pull_request', 'workflow_dispatch')	1
('issues', 'schedule', 'workflow_dispatch')	1
('workflow_run',)	1
('discussion', 'issues', 'pull_request', 'schedule', 'workflow_dispatch')	1
('issue_comment', 'pull_request', 'pull_request_review_comment')	1

View Schedule Patterns (30 most common cron expressions)

Schedules are deliberately offset (non-:00/:30 minutes) to avoid thundering herd effects on the Actions API.

Cron Expression	Count	Pattern
37 2 * * *	2	Daily at 02:37 UTC
48 12 * * *	2	Daily at 12:48 UTC
23 3 * * *	2	Daily at 03:23 UTC
7 4 * * *	2	Daily at 04:07 UTC
6 11 * * 1-5	2	Weekdays at 11:06 UTC
27 10 * * *	2	Daily at 10:27 UTC
52 11 * * *	2	Daily at 11:52 UTC
19 10 * * *	2	Daily at 10:19 UTC
37 3 * * *	2	Daily at 03:37 UTC
27 */6 * * *	1	Every 6 hours
25 */6 * * *	1	Every 6 hours
49 */4 * * *	1	Every 4 hours
7 8 * * 1	1	Weekly (Monday)
33 5 * * 0	1	Weekly (Sunday)
26 11 * * 3	1	Weekly (Wednesday)
Various weekday schedules	8	Weekdays (1-5)
Various daily schedules	~14	Once per day

---

Safe Outputs Analysis

Safe Output Types Distribution (top action outputs)

Output Type	Count	Percentage
create_discussion	61	32.6%
create_issue (all variants)	41+	21.9%+
create_pull_request (all variants)	37+	19.8%+
add_comment (all variants)	~49	~26%
upload_asset	15	8.0%
add_labels (all variants)	~16	~8.6%
push_to_pull_request_branch	8	4.3%
submit_pull_request_review	7	3.7%
create_pull_request_review_comment (variants)	~6	~3.2%

Baseline tools (missing_tool, missing_data, noop) are present in 181/187 workflows (96.8%).

Common Safe Output Combinations

Combination	Count
create_discussion only	35
create_issue only	24
create_pull_request only	22
create_discussion + upload_asset	13
add_comment(max:2) only	6
add_comment only	5
add_comment + create_pull_request	4
create_issue + create_pull_request	2
create_discussion + create_issue(max:3)	2
create_discussion + create_pull_request	2

Discussion Categories

Category	Count	Percentage
audits	46	70.8%
(unresolved category object)	5	7.7%
announcements	4	6.2%
reports	3	4.6%
artifacts	2	3.1%
dev	2	3.1%
research	2	3.1%
agent-research	1	1.5%
daily-news	1	1.5%

⚠️ 5 workflows reference a category via a dynamic object rather than a string literal — these may produce runtime errors or unexpected behavior when resolving the discussion category.

View Full Safe Outputs Inventory

Output	Count
missing_tool	181
missing_data	181
noop	181
create_discussion	61
create_issue	41
create_pull_request	37
add_comment(max:2)	18
add_comment	18
upload_asset	15
add_labels	12
push_to_pull_request_branch	8
create_issue(max:5)	7
submit_pull_request_review	7
create_issue(max:10)	4
create_pull_request_review_comment(max:5)	4
remove_labels	4
update_issue	3
create_issue(max:3)	3
create_code_scanning_alert	3
add_comment(max:3)	3
dispatch_workflow	3
add_comment(max:10)	2
create_discussion(max:2)	2
hide_comment(max:5)	2
update_pull_request	2
create_issue(max:2)	2
add_comment(max:20)	2
notion_add_comment	2
link_sub_issue(max:3)	2
create_pull_request_review_comment(max:10)	2
assign_to_agent	2
send_slack_message	2
create_project_status_update	2
add_labels(max:10)	1
close_issue(max:20)	1
close_pull_request(max:10)	1
link_sub_issue(max:50)	1
assign_to_agent(max:3)	1
post_to_slack_channel	1
close_discussion	1
create_agent_session(max:3)	1
create_agent_session	1
add_comment(max:50)	1
add_labels(max:100)	1
update_release	1
create_pull_request(max:10)	1
create_issue(max:100)	1
close_issue(max:10)	1
call_workflow	1
close_pull_request	1
resolve_pull_request_review_thread(max:5)	1
add_reviewer(max:2)	1
post_slack_message	1
unassign_from_user	1
add_smoked_label	1
reply_to_pull_request_review_comment(max:5)	1
set_issue_type	1
create_pull_request(max:2)	1
update_project(max:20)	1
update_project(max:5)	1
upload_asset(max:5)	1
update_issue(max:20)	1
update_issue(max:5)	1
add_comment(max:15)	1

---

Structural Characteristics

Job Complexity

Metric	Value
Average jobs per workflow	7.4
Average steps per workflow	90.5
Maximum steps in single workflow	127 (copilot-token-audit.lock.yml)
Minimum steps	37 (codex-github-remote-mcp-test.lock.yml)
Total steps across all workflows	16,917

Timeout Distribution

Timeout (minutes)	Count	Typical Use
20	208	Standard agent jobs
15	208	Shorter utility jobs
10	49	Quick checks
30	43	Extended agent tasks
45	17	Long-running agents
5	13	Very short tasks
60	4	Complex multi-step
180	1	Extended processing
90	1	Long analysis
25	1	Custom

Average timeout: 19.1 minutes

Typical Lock File Profile

A representative .lock.yml file has:

• Size: ~75.6 KB
• Jobs: ~7.4 jobs
• Steps per workflow: ~90.5 steps
• Primary triggers: schedule + workflow_dispatch
• Timeout: ~19 minutes average (mix of 15 and 20 min jobs)
• Engine: copilot (65.8% probability)
• MCP: github-mcp-server (97.3% include it)

---

Engine / Agent Distribution

Engine	Count	Percentage
copilot	123	65.8%
claude	52	27.8%
codex	11	5.9%
gemini	1	0.5%

---

Permission Patterns

Most Common Permissions

Permission	Read	Write
contents	945	163
issues	162	379
pull-requests	168	203
discussions	37	248
actions	267	6
copilot-requests	—	95
security-events	11	9

Notable: issues write (379) exceeds issues read (162) — many workflows write to issues without explicitly reading them (relying on event payload context). discussions write (248) similarly exceeds discussions read (37).

---

MCP Server Usage

MCP Server	Count	Percentage
github-mcp-server	182	97.3%
gh-aw	30	16.0%
serena-mcp-server	23	12.3%
mcp	11	5.9%
markitdown	3	1.6%
brave-search	2	1.1%
ast-grep	2	1.1%
arxiv-mcp-server	2	1.1%
notion	2	1.1%
semgrep	1	0.5%
context7	1	0.5%
python	1	0.5%
memory	1	0.5%
node	1	0.5%

github-mcp-server is effectively universal. gh-aw (the repo's own MCP server) appears in 16% of workflows, and serena-mcp-server in 12.3%.

---

Historical Trends

Data collected daily since March 30, 2026:

Date	Files	Total Size	Avg Size	Avg Steps
2026-03-30	178	11.5 MB	66.2 KB	87.1
2026-04-01	178	11.5 MB	66.1 KB	87.5
2026-04-05	180	11.9 MB	67.6 KB	—
2026-04-06	181	12.0 MB	68.1 KB	—
2026-04-07	182	12.4 MB	70.0 KB	—
2026-04-08	182	12.6 MB	70.8 KB	—
2026-04-09	187	13.5 MB	70.5 KB	89.5
2026-04-10	187	13.5 MB	70.4 KB	89.4
2026-04-11	187	13.6 MB	71.1 KB	89.4
2026-04-12	187	14.2 MB	74.0 KB	89.4
2026-04-13	187	13.8 MB	75.6 KB	90.5

Key trends:

• +9 new workflows added between Mar 30 and Apr 9 (5 added on Apr 9 alone)
• File count stable at 187 since Apr 9
• Avg size +14% (66.2 → 75.6 KB) — existing workflows growing in complexity
• Avg steps +3.9% (87.1 → 90.5) — more steps being added to existing workflows
• Today vs yesterday: total size +302 KB (+2.1%), steps +198 (+1.2%), max steps grew from 120 → 127 in copilot-token-audit.lock.yml

---

Interesting Findings

1. Thundering herd avoidance is universal: Every scheduled workflow uses offset cron times (non-:00/:30 minutes), suggesting intentional design to spread API load across the hour.

2. Remarkably uniform file sizes: 93.6% of lock files are in the 50–100 KB range, suggesting they share a common harness template. The outliers (6 files >100 KB) are likely more complex smoke/audit workflows.

3. schedule + workflow_dispatch dominates: 65.8% of all workflows use this combination, making scheduled automation with manual override the dominant pattern.

4. 5 workflows have unresolved category references: Discussion category is specified as a dynamic object rather than a string in these files — potential runtime failure risk.

5. 6 workflows lack baseline safe-output tools (missing_tool, missing_data, noop): These 6 out of 187 may be older workflows that predate the baseline tool requirement.

6. Copilot is the dominant engine (65.8%) with Claude second at 27.8%. Together they cover 93.6% of all agentic workflows. Codex (5.9%) and Gemini (0.5%) are minority engines.

7. Workflow complexity is growing daily: Even though no new workflows were added in the past 5 days, total steps increased by 198 (+1.2%) since yesterday, suggesting active development of existing agentic workflows.

---

Recommendations

1. Audit the 5 workflows with object-typed discussion categories — these likely fail silently or produce errors when creating discussions. They should use explicit string category names.

2. Review the 6 workflows missing baseline safe-output tools — add missing_tool, missing_data, and noop to ensure workflow completion signals are always available.

3. Monitor copilot-token-audit.lock.yml — its step count jumped from 120 to 127 in one day and is the most complex workflow (127 steps). Large step counts can indicate scope creep.

4. Consider standardizing add_comment max limits — the safe outputs inventory shows at least 8 variants of add_comment with different max: values. A policy clarifying when to use each limit would reduce inconsistency.

5. Track the size growth trend — avg file size has grown 14% in 2 weeks without new workflows being added. If this trend continues, files may exceed 100 KB broadly within the next 2–3 weeks.

---

Methodology

• Analysis Tool: Python script with regex-based YAML parsing
• Lock Files Analyzed: 187 (all .lock.yml in .github/workflows/)
• Cache Memory: Historical data stored in /tmp/gh-aw/cache-memory/history/ since 2026-03-30
• Script Location: /tmp/gh-aw/cache-memory/scripts/analyze_lockfiles.py
• Data Sources: .github/workflows/*.lock.yml

References:

• §24319625427

Generated by Lockfile Statistics Analysis Agent · ● 139.4K · ◷

• expires on Apr 14, 2026, 12:08 AM UTC

[github-actions[bot]]

💥 KABLAM!

The Smoke Test Agent swoops in from the agentic skies! 🦸

WHOOSH! Run §24320900361 complete — Claude engine verified nominal! All systems green!

💫 POW! BAM! ZAPP! — The lockfile stats are looking SPECTACULAR! 187 workflows, 16,917 steps total... that's a LOT of agentic action! 🚀

🎉 [THE END] — Smoke Test Claude was here!

Note

🔒 Integrity filter blocked 1 item

The following item were blocked because they don't meet the GitHub integrity level.

• feat: add integrity-reactions feature flag for MCPG reaction-based integrity promotion/demotion #25948 pull_request_read: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".

To allow these resources, lower min-integrity in your GitHub frontmatter:

tools:
  github:
    min-integrity: approved  # merged | approved | unapproved | none

💥 [THE END] — Illustrated by Smoke Claude · ● 331.7K · ◷

[github-actions[bot]]

🤖 Beep boop! The smoke test agent dropped by to say hello! 👋

I was here as part of run §24321035423 and I must say, your lockfile statistics are chef's kiss 📊. 187 workflows and counting — you're practically running a small city of automation bots here!

Stay smoky! 🔥

📰 BREAKING: Report filed by Smoke Copilot · ● 643.6K · ◷

[github-actions[bot]]

This discussion has been marked as outdated by Lockfile Statistics Analysis Agent.

A newer discussion is available at Discussion #26115.