📊 Lockfile Statistics Analysis - January 21, 2026

[github-actions[bot]]

Comprehensive analysis of 134 agentic workflow lock files in the .github/workflows/ directory, revealing patterns in trigger usage, safe output configurations, structural characteristics, and automation preferences across the gh-aw repository.

Executive Summary

• Total Lock Files: 134 workflows (+18 from Dec 2025)
• Total Size: 9.7 MB (10,202,069 bytes)
• Average File Size: 74.3 KB (76,134 bytes)
• Size Range: 22.1 KB - 118.8 KB
• Analysis Date: January 21, 2026
• Growth: +15.5% workflows since December 2025

Key Findings

• 100% Concurrency Controls: All 134 workflows implement concurrency management
• 90% Manual Triggers: 121 workflows support workflow_dispatch for on-demand execution
• 74% Scheduled: 100 workflows run automatically on cron schedules
• 66% Safe Outputs: 111 workflows use add-comment for non-blocking outputs
• Average Complexity: 69 steps per workflow, demonstrating sophisticated automation

File Size Distribution

Size Distribution by Range

Size Range	Count	Percentage	Description
< 10 KB	0	0.0%	No minimal workflows
10-50 KB	7	5.2%	Lightweight testing workflows
50-100 KB	118	88.1%	Standard workflows (dominant)
> 100 KB	9	6.7%	Complex multi-tool workflows

Key Statistics:

• Smallest: codex-github-remote-mcp-test.lock.yml (22.1 KB)
• Largest: copilot-session-insights.lock.yml (118.8 KB)
• Median: ~75 KB
• Consistency: 88% of workflows fall within 50-100 KB range

View Smallest and Largest Workflows

Smallest Workflows (< 30 KB):

• codex-github-remote-mcp-test.lock.yml - 22.1 KB

Largest Workflows (> 110 KB):

• copilot-session-insights.lock.yml - 118.8 KB

Trigger Analysis

Trigger Type Distribution

Trigger Type	Count	Percentage	Usage Pattern
workflow_dispatch	119	42.7%	Manual on-demand execution
schedule	99	35.5%	Automated cron-based runs
issues	14	5.0%	Issue event responses
issue_comment	14	5.0%	Comment-triggered actions
pull_request	11	3.9%	PR event handling
pull_request_review_comment	6	2.2%	PR review responses
discussion_comment	5	1.8%	Discussion interactions
discussion	4	1.4%	Discussion events
workflow_run	2	0.7%	Workflow chaining
push	1	0.4%	Push-triggered

Total Trigger Declarations: 275 across 134 workflows (average 2.05 triggers per workflow)

Key Trigger Insights

1. Manual Control Dominates: 119 workflows (89%) support workflow_dispatch for developer control
2. Automation-First: 99 workflows (74%) run on schedules for proactive monitoring
3. Event-Driven Minority: Only 14 workflows (10%) respond to issue events
4. Hybrid Approach: Most workflows combine schedule + workflow_dispatch for flexibility

Common Trigger Combinations

Combination	Count	Percentage	Pattern
schedule + workflow_dispatch	91	67.9%	Dominant pattern
workflow_dispatch only	14	10.4%	Manual-only
pull_request + schedule + workflow_dispatch	5	3.7%	PR + automation
issues only	4	3.0%	Pure event-driven
Multi-event (6+ triggers)	3	2.2%	Comprehensive listeners

Most Common Pattern (91 workflows, 68%):

on:
  schedule:
    - cron: "..."
  workflow_dispatch:

This dual-trigger pattern enables workflows to:

• Run automatically on schedule (proactive monitoring)
• Be manually triggered for testing or on-demand runs
• Provide flexibility for both automation and control

Schedule Patterns

99 workflows run on schedules (74% of all workflows)

Most Common Cron Patterns:

Cron Expression	Count	Description	Time (UTC)
0 13 * * 1-5	4	Weekdays at 1 PM	1:00 PM UTC Mon-Fri
0 14 * * 1-5	4	Weekdays at 2 PM	2:00 PM UTC Mon-Fri
0 11 * * 1-5	4	Weekdays at 11 AM	11:00 AM UTC Mon-Fri
Other weekday patterns	16	Various weekday times	Business hours UTC
Daily patterns	71	Once daily	Scattered throughout day

Schedule Characteristics:

• Weekday-focused: 28 workflows (28%) run only on weekdays (Mon-Fri)
• Time scattering: Workflows spread across different hours to avoid load spikes
• Daily automation: 71% run daily at various scattered times
• Interval patterns: 3 workflows use interval-based schedules (*/4, */6, */12 hours)

View Top 20 Schedule Patterns

Cron Expression	Count	Description
0 14 * * 1-5	4	2 PM weekdays
0 13 * * 1-5	4	1 PM weekdays
0 11 * * 1-5	4	11 AM weekdays
0 9 * * 1-5	2	9 AM weekdays
0 7 * * 1-5	2	7 AM weekdays
0 16 * * 1-5	2	4 PM weekdays
0 15 * * 1-5	2	3 PM weekdays
0 10 * * 1-5	2	10 AM weekdays
9 5 * * *	1	Daily 5:09 AM
9 14 * * *	1	Daily 2:09 PM
8 8 * * 1	1	Mondays 8:08 AM
8 12 * * *	1	Daily 12:08 PM
59 10 * * *	1	Daily 10:59 AM
57 13 * * *	1	Daily 1:57 PM
56 11 * * *	1	Daily 11:56 AM
55 17 * * *	1	Daily 5:55 PM
55 15 * * *	1	Daily 3:55 PM
54 5 * * *	1	Daily 5:54 AM
54 10 * * *	1	Daily 10:54 AM
53 8 * * *	1	Daily 8:53 AM

Note: Minute scattering (non-zero minutes) helps distribute GitHub Actions load across the hour.

Safe Outputs Analysis

Safe Output Types Distribution

Type	Count	Percentage	Workflows
add-comment	111	65.7%	agent-performance-analyzer, daily-code-metrics, ...
create-pull-request	29	17.2%	changeset, workflow-normalizer, ...
create-issue	13	7.7%	audit-workflows, stale-repo-identifier, ...
create-discussion	13	7.7%	deep-report, portfolio-analyst, ...
update-issue	3	1.8%	auto-triage-issues, ...

Total Safe Output Declarations: 169 across 134 workflows

Safe Output Insights

1. Non-Blocking Outputs Dominate: 111 workflows (83%) use add-comment for graceful, non-intrusive reporting
2. Automation PRs: 29 workflows (22%) can create pull requests for code changes
3. Discussion Publishers: 13 workflows (10%) create discussions for reports and analysis
4. Issue Creators: 13 workflows (10%) can create issues for tracking
5. Multi-Output Workflows: Some workflows use multiple safe output types

Discussion Categories

When workflows create discussions, they use these categories:

Category	Count	Usage
query	4	Question/query discussions
description	4	Descriptive/informational posts

Structural Characteristics

Job Complexity

• Average Jobs per Workflow: 1.0 jobs
• Average Steps per Workflow: 69 steps
• Maximum Steps in Single Job: 90 steps
• Minimum Steps: Varies by workflow type

Complexity Insights:

• Single-job architecture: Workflows typically use one main job with many steps
• Step-heavy design: Average of 69 steps indicates sophisticated automation
• Sequential processing: Steps handle setup, analysis, data processing, and output generation

Average Lock File Structure

Based on statistical analysis, a typical .lock.yml file has:

• Size: ~74 KB
• Jobs: 1 job
• Steps: ~69 steps
• Triggers: 2 triggers (schedule + workflow_dispatch)
• Timeout: ~17 minutes average
• Concurrency: Always enabled (100%)
• Safe Outputs: Usually add-comment

Timeout Patterns

• Average Timeout: 17 minutes
• Workflows with Timeouts: Most workflows specify timeout-minutes
• Range: Varies based on workflow complexity

View Timeout Distribution

Timeout values range from quick operations (5-10 minutes) to longer-running analyses (30-60 minutes), with most workflows using 15-20 minute timeouts.

Permission Patterns

Permission Analysis

Finding: Permission sections were mostly empty or minimal in the analyzed workflows.

Common Permission Patterns:

• Minimal by default: Most workflows use empty permissions: {}
• Job-level permissions: Specific permissions granted at job level when needed
• Read-only focus: When permissions are specified, read access dominates

Concurrency Controls

100% Adoption: All 134 workflows implement concurrency controls

Common Pattern:

concurrency:
  group: "gh-aw-${{ github.workflow }}"

Benefits:

• Prevents overlapping workflow runs
• Ensures sequential execution when needed
• Reduces resource contention
• Standard pattern across all workflows

Tool & MCP Patterns

MCP Server Analysis

Finding: Direct MCP server configuration patterns were not extensively found in the lock files analyzed, suggesting:

• MCP configurations may be embedded differently
• External MCP setup via environment variables
• Abstract configuration in parent templates

Common Tool Configurations

Based on workflow structure:

• GitHub API tools: Universal across workflows for repository operations
• Bash tools: Standard for scripting and automation
• Safe output tools: Discussion, issue, PR, and comment creation capabilities

Interesting Findings

1. Perfect Concurrency Adoption: 100% of workflows implement concurrency controls, showing excellent engineering discipline and awareness of resource management.

2. Time Scattering Strategy: Schedule times are deliberately scattered (e.g., 55 17, 57 13, 49 */1) to distribute GitHub Actions load and avoid the "top of the hour" spike.

3. Automation-First Philosophy: 74% of workflows run on schedules, indicating a proactive monitoring and analysis approach rather than purely reactive.

4. Non-Intrusive Outputs: 83% of workflows use add-comment as their safe output, showing preference for graceful, non-blocking communication over more disruptive issue/PR creation.

5. Hybrid Trigger Pattern Dominance: 68% of workflows use the schedule + workflow_dispatch combination, providing both automation and manual control—a balanced approach.

6. Consistent Size Profile: 88% of workflows fall within the 50-100 KB range, indicating standardized templates and consistent complexity levels across the repository.

7. Single-Job Architecture: Average of 1 job per workflow with 69 steps suggests a preference for sequential, linear processing rather than parallel job architectures.

Historical Trends

Comparing with December 2025 analysis:

Metric	Dec 2025	Jan 2026	Change
Total Workflows	116	134	+18 (+15.5%)
Workflows with schedule	~74 (64%)	100 (74%)	+26 (+10% pts)
Workflows with workflow_dispatch	~96 (83%)	121 (90%)	+25 (+7% pts)
Workflows with concurrency	~115 (99%)	134 (100%)	+19 (+1% pts)

Growth Patterns:

• Steady expansion: Repository added 18 new workflows in ~1 month
• Automation increase: More workflows now use schedule triggers
• Manual control increase: More workflows support workflow_dispatch
• Complete concurrency: Achieved 100% concurrency control adoption

Recommendations

For Workflow Authors

1. Continue Concurrency Best Practice: Maintain 100% concurrency control adoption for all new workflows.

2. Time Scattering: When adding scheduled workflows, continue using scattered minutes (e.g., 47, 53, 58) to distribute load.

3. Hybrid Triggers: Consider the schedule + workflow_dispatch pattern for most workflows to balance automation with manual control.

4. Safe Output Selection: Use add-comment for routine reports, reserve create-issue and create-discussion for significant findings.

For Repository Health

1. Monitor Schedule Load: With 100 scheduled workflows, consider reviewing time distribution to ensure even spread across hours.

2. Workflow Consolidation: Evaluate if any of the 134 workflows have overlapping purposes and could be consolidated.

3. Performance Tracking: Monitor average execution times to optimize the 17-minute average timeout where possible.

4. Documentation: Consider adding workflow purpose documentation to help understand the 134-workflow ecosystem.

For New Workflows

Template for Standard Workflow:

on:
  schedule:
    - cron: "[scattered-minute] [hour] * * *"  # Choose unused minute
  workflow_dispatch:

permissions: {}

concurrency:
  group: "gh-aw-${{ github.workflow }}"

jobs:
  main:
    runs-on: ubuntu-slim
    timeout-minutes: 20
    steps:
      # Your workflow steps
      # Prefer add-comment for safe outputs

Methodology

Data Collection

• Analysis Tool: Bash scripts with text processing (grep, awk, sed)
• Lock Files Analyzed: 134 files in .github/workflows/*.lock.yml
• Data Extraction: Pattern matching and statistical aggregation
• Cache Memory: Scripts stored for future analysis and trend tracking

Accuracy Notes

• Trigger counts: Extracted from on: sections using pattern matching
• Safe outputs: Identified by tool usage patterns (create-discussion, add-comment, etc.)
• File sizes: Measured in bytes, converted to KB for readability
• Percentages: Rounded to one decimal place for clarity

Data Sources

• Primary: .github/workflows/*.lock.yml files
• Historical: /tmp/gh-aw/cache-memory/ previous analysis reports
• Validation: Cross-referenced with git status and file system

---

References:

• Previous analysis: December 11, 2025 (116 workflows)
• Cache memory: /tmp/gh-aw/cache-memory/
• Analysis scripts: /tmp/gh-aw/agent/

Generated by Lockfile Statistics Analysis Agent on 2026-01-21

AI generated by Lockfile Statistics Analysis Agent

• expires on Jan 28, 2026, 3:05 PM UTC