📊 Lockfile Statistics Report - February 14, 2026

[github-actions[bot]]

Executive Summary

This comprehensive analysis examines all 151 agentic workflow lock files (.lock.yml) in the .github/workflows/ directory, totaling 9.4 MB of configuration data. The repository demonstrates extensive adoption of scheduled automation with 110 scheduled workflows, primarily using the GitHub Copilot engine (68% of workflows), with strong emphasis on safe outputs for creating discussions, issues, and comments.

Key Metrics:

• Total Lock Files: 151
• Total Size: 9,420,241 bytes (~9.4 MB)
• Average File Size: 62,385 bytes (~61 KB)
• Analysis Date: 2026-02-14

---

File Size Distribution

Size Range	Count	Percentage	Notes
< 10 KB	0	0.0%	No minimal workflows
10-50 KB	10	6.6%	Lightweight workflows
50-100 KB	139	92.1%	Standard size (vast majority)
> 100 KB	2	1.3%	Complex workflows

View Size Extremes

Smallest Files (Top 5):

• codex-github-remote-mcp-test.lock.yml - 24K
• example-permissions-warning.lock.yml - 24K
• firewall.lock.yml - 24K
• test-workflow.lock.yml - 24K
• chroma-issue-indexer.lock.yml - 26K

Largest Files (Top 5):

• smoke-claude.lock.yml - 119K ⭐
• smoke-copilot.lock.yml - 106K
• poem-bot.lock.yml - 98K
• smoke-opencode.lock.yml - 85K
• daily-performance-summary.lock.yml - 85K

---

Trigger Analysis

Trigger Type Distribution

Trigger Type	Count	Percentage	Usage Pattern
schedule (cron)	110	72.8%	Daily/hourly automation
workflow_dispatch	~147	97.4%	Manual trigger capability
issues	13	8.6%	Issue event handling
pull_request	15	9.9%	PR event handling

Key Finding: Nearly all workflows (97.4%) support manual triggering via workflow_dispatch, enabling on-demand execution alongside automated schedules.

Popular Cron Schedules

Cron Expression	Count	Friendly Description
0 14 * * 1-5	4	Weekdays at 2:00 PM UTC
0 13 * * 1-5	4	Weekdays at 1:00 PM UTC
0 11 * * 1-5	4	Weekdays at 11:00 AM UTC
0 9 * * 1-5	3	Weekdays at 9:00 AM UTC
12 9 * * *	2	Daily at 9:12 AM UTC
0 */6 * * *	2	Every 6 hours

Pattern Observation: Strong preference for business-hours scheduling (Mon-Fri, scattered throughout the day) to distribute CI load and maintain freshness without overwhelming resources.

View Workflow Name Patterns

Workflow Categories by Naming:

• Daily workflows (daily-*.lock.yml): 29 files (19.2%)
• Smoke test workflows (smoke-*.lock.yml): 7 files (4.6%)
• Test workflows (test-*.lock.yml): 4 files (2.6%)
• Other workflows: 111 files (73.5%)

This shows significant investment in daily automation and quality assurance through smoke tests.

---

Engine & Runtime Distribution

AI Engine Usage

Engine	Count	Percentage	Notes
GitHub Copilot	103	68.2%	Primary engine
Claude	36	23.8%	Secondary engine
Codex	10	6.6%	Experimental usage
Other/Unknown	2	1.3%	Edge cases

Insight: GitHub Copilot CLI dominates as the preferred agentic engine, with Claude as a strong secondary option for specific use cases.

Concurrency Patterns

Concurrency Group Pattern	Count	Purpose
gh-aw-copilot-$\{\{ github.workflow }}	153	Engine-specific locking
gh-aw-$\{\{ github.workflow }}	120	General workflow locking
gh-aw-claude-$\{\{ github.workflow }}	64	Claude engine locking
gh-aw-codex-$\{\{ github.workflow }}	15	Codex engine locking
Issue/PR-specific patterns	28	Resource-specific locking

Design Pattern: Workflows use engine-scoped concurrency groups to prevent multiple instances of the same workflow from running simultaneously, while allowing different workflows to run in parallel.

---

Safe Outputs Analysis

Safe outputs enable agents to create structured content (discussions, issues, comments) as workflow outputs.

Safe Output Type Distribution

Output Type	Detected References	Primary Use
create-issue	2,878	Bug reports, tasks, tracking
create-discussion	2,255	Reports, announcements, Q&A
add-comment	1,842	Updates, feedback, responses
create-pull-request	1,565	Code changes, automation

Note: These counts represent detected references across all workflow steps and may include multiple references per workflow.

View Discussion Category Usage

Discussion Categories:
The analysis found 139 references to discussion creation patterns, with the "audits" category being the primary target for automated reports and analysis outputs.

Common Patterns:

• Audit reports → audits category
• Status updates → general category
• Q&A automation → q-a category

---

Structural Characteristics

Job & Step Complexity

Metric	Value	Notes
Avg Steps per Job	12.4	Typical job has ~12 steps
Max Steps in Single Job	58	Found in complex workflows
Min Steps in Job	1	Simple activation jobs

Insight: The average of 12.4 steps per job indicates moderately complex workflows with setup, execution, and cleanup phases.

Jobs per Workflow

Most Complex Workflows (by job count):

1. scout.lock.yml - 14 jobs
2. q.lock.yml - 13 jobs
3. pr-nitpick-reviewer.lock.yml - 13 jobs
4. cloclo.lock.yml - 13 jobs
5. firewall-escape.lock.yml - 12 jobs

Standard Pattern: Most workflows follow a 2-3 job pattern:

1. pre_activation or activation (optional) - timestamp checking
2. agent - main agentic work
3. safe_outputs - discussion/issue creation

---

Permissions & Security

Activation Job Pattern

Job Type	Count	Purpose
Workflows with activation job	151 (100%)	All workflows use activation pattern
Workflows with pre_activation job	50 (33.1%)	Advanced workflows with pre-checks

Security Pattern: Universal adoption of activation jobs demonstrates consistent security and timestamp validation before agent execution.

Permission Scope

Analysis of permission grants shows workflows follow least-privilege principles:

• Most workflows request minimal permissions (contents: read, issues: read)
• Write permissions granted only when necessary for safe outputs
• Empty permissions: {} at top level, with job-specific grants

---

GitHub Actions Ecosystem

Most Used Actions

Action	References	Purpose
actions/github-script	3,038	JavaScript automation
actions/checkout	1,113	Repository checkout
./actions/setup	883	Internal setup scripts
actions/upload-artifact	838	Artifact storage
actions/download-artifact	736	Artifact retrieval
actions/setup-node	102	Node.js environment
actions/cache/*	128	Cache management
actions/setup-go	35	Go environment
docker/*	50	Container builds

Key Takeaway: Heavy reliance on github-script for workflow logic and extensive use of artifacts for passing data between jobs.

---

Timeout Configurations

Timeout (minutes)	Occurrences	Usage Pattern
10	186	Default for most steps
15	168	Slightly longer operations
20	164	Standard timeout
30	30	Extended operations
45+	17	Long-running tasks

Average Timeout: Most steps use 10-20 minute timeouts, balancing execution time with resource efficiency.

---

Interesting Findings

1. Universal Manual Trigger Support: 97.4% of workflows support workflow_dispatch, enabling flexible on-demand execution alongside automation.

2. Weekday-Focused Scheduling: Majority of scheduled workflows run Monday-Friday (cron pattern * * * * 1-5), suggesting focus on business-hours automation with weekend downtime.

3. Engine-Specific Concurrency: Workflows use engine-scoped concurrency groups (gh-aw-copilot-*, gh-aw-claude-*), allowing parallel execution across different engines while preventing same-engine conflicts.

4. Consistent Size Distribution: 92.1% of workflows fall in 50-100KB range, indicating standardized structure and complexity levels across the repository.

5. High Safe Output Adoption: Thousands of safe output references demonstrate strong adoption of structured output patterns for creating discussions, issues, and comments.

6. Activation Pattern Ubiquity: 100% of workflows use activation jobs for timestamp validation, showing consistent security-first approach.

7. Daily Automation Dominance: 29 workflows with daily-* prefix (19.2%) plus 110 scheduled workflows overall show commitment to continuous automated maintenance.

---

Recommendations

Optimization Opportunities

1. Schedule Distribution: Consider further time-scattering daily workflows to reduce CI load spikes (currently some clustering at 9 AM, 1-2 PM UTC).

2. Large File Review: Investigate the 2 workflows over 100KB (smoke-claude.lock.yml at 119KB, smoke-copilot.lock.yml at 106KB) for potential optimization or splitting.

3. Job Complexity: Review workflows with 12+ jobs (like scout.lock.yml with 14 jobs) to assess if they could be simplified or split into multiple workflows.

4. Timeout Standardization: Consider standardizing timeout values to reduce the current spread (10/15/20 minute patterns could be consolidated).

Best Practices Observed

1. ✅ Least Privilege: Consistent use of minimal permissions with job-level grants
2. ✅ Activation Pattern: Universal timestamp validation prevents stale workflow execution
3. ✅ Engine Isolation: Concurrency groups prevent resource conflicts
4. ✅ Manual Triggers: Nearly universal workflow_dispatch support for flexibility
5. ✅ Artifact Management: Extensive use of artifacts for job-to-job data passing

---

Methodology

Data Collection:

• Source: All .lock.yml files in .github/workflows/
• Tools: Bash scripts with grep, awk, sed for YAML parsing
• Validation: Cross-referenced multiple parsing approaches
• Cache Storage: Analysis scripts saved to /tmp/gh-aw/cache-memory/scripts/ for reuse

Analysis Approach:

• File size analysis via stat and ls
• Trigger extraction via pattern matching on on: sections
• Engine detection via engine_id field search
• Safe output detection via keyword matching (discussion, issue, comment, pull-request)
• Structural analysis via job/step counting

Limitations:

• Some metrics (like safe output counts) are reference-based and may include duplicates
• Trigger combinations not fully analyzed due to YAML parsing complexity
• MCP server usage partially estimated from string patterns

---

References:

• §22020749566 - This workflow run

---

Generated by Lockfile Statistics Analysis Agent using comprehensive bash-based YAML analysis

AI generated by Lockfile Statistics Analysis Agent

• expires on Feb 21, 2026, 4:45 PM UTC

[github-actions[bot]]

🤖 Greetings from the smoke test agent! Just passing through during run §22021153414 to verify all systems are operational. Looking sharp in here! ✨

AI generated by Smoke Copilot