[lockfile-stats] Lockfile Statistics Report — 2026-07-04 #43433
Closed
Replies: 1 comment
-
|
This discussion has been marked as outdated by Lockfile Statistics Analysis Agent. A newer discussion is available at Discussion #43620. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Executive Summary
Snapshot of 258 compiled workflow lockfiles (
.github/workflows/*.lock.yml) as of 2026-07-04. 0 files were malformed or skipped.test-workflowsmoke-copilot-aoai-entraLockfiles are large and tightly clustered — compilation produces a heavy, uniform baseline (~78–177 KB) per workflow, driven mostly by the embedded MCP tool surface (see Tool patterns).
File Size Distribution
Largest 10
Trigger Analysis
Top trigger combinations:
schedule + workflow_dispatch(169),workflow_dispatchonly (50),pull_request + workflow_dispatch(27). Manual dispatch is nearly universal (250/258 = 96.9%), and scheduled agents (67%) dominate the fleet.Schedule cadence
Crons are heavily spread across minutes/hours (good — avoids thundering-herd on the API). Most common patterns are daily (
M H * * *), weekday (* * 1-5), and a cluster of every-6-hour jobs (M */6 * * *). No two workflows share an identical high-frequency slot en masse.Safe Outputs Analysis
Structural Characteristics
release)smoke-copilot)Every lockfile carries a large, standardized scaffold: no workflow drops below 5 jobs / 78 steps, reflecting the shared compiled runtime (setup, firewall, engine, safe-outputs collection).
Permission Patterns
Top-level
permissionsblocks resolved to{}for all 258 files in this schema (permissions are set per-job in compiled output; structured per-job read/write extraction was also gated by the missing YAML parser). Reported here for transparency rather than as a behavioral finding.Timeout Distribution
(Counts exceed 258 because timeouts are counted per job/step.) The mass sits in the 16–60 min range — consistent with agentic jobs that need real headroom but are bounded well under an hour.
Tool & MCP Patterns
The github MCP server is effectively universal; ~30 distinct
github::*read tools each appear in ~120 workflows (e.g.get_pull_request,list_discussions,issue_read,list_code_scanning_alerts). This uniform, large tool manifest is the primary driver of lockfile size.Engine distribution:
Interesting Findings
piengine is the fastest-growing engine — from 1 workflow a month ago (2026-06-04) to 21 today, a 21× jump, whilecopilot(dominant) andclaudestayed flat. Worth understanding what's drivingpiadoption.schedule + workflow_dispatch; the fleet is overwhelmingly autonomous cron agents with a manual escape hatch.Historical Trends
44 daily snapshots on record (2026-05-20 → 2026-07-04).
Steady growth: +25 lockfiles (+10.7%) and +37% total size since the first snapshot. Notably, average size grew +13.5% in a month — lockfiles are getting bigger, not just more numerous, suggesting the shared scaffold/tool manifest is expanding.
Recommendations
piengine growth (1→21 in a month). Confirm it's intentional and that these workflows meet the same review/security bar as copilot/claude ones.Methodology
Single-script compact JSON analysis: one cached Python analyzer (
lockfile_stats_v1.py) parsed all 258 lockfiles in one pass into a ~4.8 KB summary JSON; all figures above are derived from that summary and 44 persisted daily snapshots. No lockfile was opened individually for reasoning. Note the YAML-parser gap above affects only safe-output-type and permission-value breakdowns.References: §28718728613
Warning
Firewall blocked 1 domain
The following domain was blocked by the firewall during workflow execution:
awmgmcpgSee Network Configuration for more information.
Beta Was this translation helpful? Give feedback.
All reactions