📊 Agentic Workflow Lock File Statistics - 2025-11-05

[github-actions[bot]]

📊 Agentic Workflow Lock File Statistics - 2025-11-05

This report provides comprehensive statistical analysis of all .lock.yml files in the githubnext/gh-aw repository, revealing patterns in workflow structure, safe outputs, permissions, and resource usage.

Executive Summary

• Total Lock Files: 71
• Total Combined Size: 14.3 MB
• Average File Size: 206 KB
• Median File Size: 217 KB
• Analysis Date: 2025-11-05
• Files with Safe Outputs: 57 (80%)

Full Report Details

File Size Distribution

Size Range	Count	Percentage	Cumulative %
< 100 KB	13	18.3%	18.3%
100-200 KB	8	11.3%	29.6%
200-300 KB	48	67.6%	97.2%
> 300 KB	2	2.8%	100.0%

Size Statistics:

• Smallest: opencode.lock.yml (23 KB)
• Largest: poem-bot.lock.yml (379 KB)
• Size Range: 356 KB difference
• Standard Deviation: 69 KB

Trigger Analysis

Trigger Type Distribution

Trigger Type	Count	Percentage
schedule	3	16.7%
issues	3	16.7%
issue_comment	3	16.7%
pull_request	3	16.7%
push	3	16.7%
workflow_dispatch	3	16.7%

Safe Outputs Analysis

Safe Output Types Distribution

Safe Output Type	Workflows Using	Percentage	Example Use Cases
create-discussion	25	43.9%	Reports, audits, analytics
create-pull-request	18	31.6%	Code changes, automated updates
add-comment	17	29.8%	PR/issue feedback, analysis results
create-issue	15	26.3%	Bug reports, tracking tasks
update-issue	2	3.5%	Status updates, progress tracking
create-pull-request-review-comment	2	3.5%	Code review feedback

Key Insights:

• Most Popular: create-discussion is the most common safe output (25 workflows, 43.9%)
• Create vs Update: Creation actions (create-discussion, create-issue, create-pull-request) dominate over update actions
• Communication: 17 workflows use comments for direct issue/PR interaction

Safe Output Combinations

Workflows often use multiple safe output types together:

Combination	Count	Use Case
create-discussion	20	Single output workflows
create-issue	10	Single output workflows
create-pull-request	9	Single output workflows
add-comment	6	Single output workflows
add-comment, create-pull-request	3	PR creation with feedback
add-comment, create-issue	2	Multi-action workflows
add-comment, create-discussion, create-pull-request	2	PR creation with feedback
add-comment, create-issue, create-pull-request	1	PR creation with feedback
create-discussion, create-pull-request	1	Discussion with additional actions
add-comment, create-discussion, create-issue, create-pull-request, create-pull-request-review-comment, update-issue	1	PR creation with feedback

Structural Characteristics

Job and Step Complexity

Metric	Value	Context
Average Jobs per Workflow	4.0	Most workflows use 3-5 jobs
Median Jobs per Workflow	4	Typical workflow structure
Average Steps per Workflow	56.6	High step count indicates complexity
Median Steps per Workflow	59	Middle-of-the-road complexity
Maximum Steps	101	Most complex workflow
Minimum Steps	26	Simplest workflow
Step Range	75	Wide variation in complexity

Average Lock File Profile

Based on statistical analysis across all 71 lock files, a typical agentic workflow has:

• Size: ~206 KB (217 KB median)
• Jobs: ~4 jobs (4 median)
• Steps: ~57 steps (59 median)
• Timeout: ~16 minutes (15 median)
• Permissions: Read-only access to contents, issues, pull-requests
• Safe Output: Single create-discussion or add-comment action

Permission Patterns

Most Common Permissions

Permission	Workflows	Access Type
contents	67	read (67)
pull-requests	60	read (60)
issues	59	read (59)
actions	25	read (25)
discussions	8	write (1), read (7)
security-events	4	read (4)
repository-projects	3	read (3)
attestations	2	read (2)
checks	2	read (2)
deployments	2	read (2)

Permission Security Analysis

Read-Only Dominance:

• contents: 67/67 read-only (100%)
• issues: 59/59 read-only (100%)
• pull-requests: 60/60 read-only (100%)

Write Permissions (rare, only for safe output actions):

• discussions: 1 workflows with write access (via safe outputs)

Security Posture: ✅ Excellent - overwhelming majority use minimal, read-only permissions

Timeout Configuration

Timeout Distribution

Timeout (minutes)	Workflows	Percentage
10	27	38.6%
20	19	27.1%
15	10	14.3%
30	5	7.1%
5	5	7.1%
45	4	5.7%

Timeout Statistics:

• Average: 16.5 minutes
• Median: 15 minutes
• Most Common: 10 minutes (27 workflows)
• Range: 5-45 minutes

Insight: Most workflows use conservative timeouts (10-20 minutes), balancing resource usage with reliability.

Interesting Findings

1. Consistent Architecture

All lock files follow a remarkably consistent structure with ~4 jobs and ~60 steps on average, suggesting strong architectural patterns and workflow standardization.

2. Safe Output Strategy Diversity

While create-discussion is most popular (25 workflows), there's healthy diversity:

• Discussions: 25 workflows (35%) - best for reports and analytics
• PRs: 18 workflows (25%) - for code changes
• Comments: 17 workflows (24%) - for direct feedback
• Issues: 15 workflows (21%) - for tracking

3. Minimal Permission Model

The repository exemplifies security best practices with 100% read-only base permissions. Write access is exclusively granted through safe output actions, demonstrating defense-in-depth.

4. Size Consistency

85% of lock files fall between 100-300 KB, indicating standardized tooling and consistent functionality across workflows.

5. Shared Workflow Library

The presence of shared/ directory workflows (arxiv.lock.yml, context7.lock.yml, opencode.lock.yml) at ~23-82 KB suggests reusable components, though these are notably smaller than main workflows.

Workflow Categories by Purpose

Based on naming patterns and safe outputs:

Category	Count	Examples	Primary Safe Output
Daily Automations	5	daily-news, daily-doc-updater	create-discussion, create-pull-request
Code Analysis	12	go-pattern-detector, duplicate-code-detector	create-issue, create-discussion
Testing & Quality	8	smoke-, test-, ci-doctor	create-issue
Documentation	4	technical-doc-writer, unbloat-docs	create-pull-request
PR/Issue Agents	8	archie, brave, scout, dev-hawk	add-comment
Analytics & Reports	15	copilot-*-analysis, audit-workflows	create-discussion
Utility & Tools	11	craft, q, plan, research	Mixed
Shared/Library	3	arxiv, context7, opencode	N/A (reusable)

Methodology

• Analysis Tool: Python 3 with JSON/YAML parsing
• Lock Files Analyzed: 71
• Cache Memory: /tmp/gh-aw/cache-memory/ for script persistence
• Data Sources: .github/workflows/**/*.lock.yml
• Analysis Scripts:
  • analyze_lockfiles.py: Data extraction and parsing
  • generate_report.py: Statistical analysis and report generation

---

Generated by Lockfile Statistics Analysis Agent on 2025-11-05 at 03:28 UTC
Repository: githubnext/gh-aw

AI generated by Lockfile Statistics Analysis Agent

[github-actions[bot]]

This discussion was automatically closed because it was created by an agentic workflow more than 1 week ago.