spacedock-dev · clkao · Jun 6, 2026 · Jun 5, 2026 · Jun 5, 2026 · Jun 5, 2026
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -13,6 +13,80 @@ permissions:
   contents: write
 
 jobs:
+  # The journey-cost ledger is a SIBLING of the goreleaser job, not a
+  # pre-goreleaser gate, so a missing producer run can never block the cut. It is
+  # authored before goreleaser in this file because the document-order guard
+  # (internal/release/workflow_exec_guard_test.go) parses steps job-unaware and
+  # requires the builder to precede the goreleaser action in text. It carries the
+  # ONE-WAY edge `needs: goreleaser`: `gh release upload` needs the Release to
+  # exist, and only goreleaser creates it, so this job waits for goreleaser —
+  # goreleaser does NOT wait for this job, so the cut proceeds regardless.
+  journey-ledger:
+    needs: goreleaser
+    runs-on: macos-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: "1.22"
+
+      # Find the latest successful Runtime Live E2E run on next and pull its
+      # journey-metrics artifacts. When no such run exists this is a NON-FATAL
+      # skip (`exit 0`, found=false) — runtime-live-e2e.yml has no push:next
+      # trigger, so a fresh cut routinely has no producer run, and blocking the
+      # ledger here must not fail anything. The emitted `found` output gates the
+      # downstream Build/Publish steps so they SKIP (job green) rather than run
+      # `journey-costs` over an empty dir and RED the job.
+      - name: Download latest journey metrics artifacts
+        id: download_metrics
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          set -euo pipefail
+          mkdir -p "$RUNNER_TEMP/runtime-live-artifacts" "$RUNNER_TEMP/journey-metrics"
+          # `|| true` degrades a gh error (or a missing gh) to an empty run_id so
+          # the no-run skip branch below fires (found=false, exit 0) instead of
+          # aborting under set -e. The journey ledger is best-effort; a query
+          # failure must never RED the cut.
+          run_id="$(gh run list --workflow "Runtime Live E2E" --branch next --status success --limit 1 --json databaseId --jq '.[0].databaseId' || true)"
+          if [ -z "$run_id" ] || [ "$run_id" = "null" ]; then
+            echo "::warning::no successful Runtime Live E2E run found on next; skipping journey ledger" >&2
+            echo "found=false" >> "$GITHUB_OUTPUT"
+            exit 0
+          fi
+          gh run download "$run_id" --dir "$RUNNER_TEMP/runtime-live-artifacts"
+          find "$RUNNER_TEMP/runtime-live-artifacts" -path '*/journey-metrics/*.json' -type f -exec cp {} "$RUNNER_TEMP/journey-metrics/" \;
+          if [ -z "$(find "$RUNNER_TEMP/journey-metrics" -name '*.json' -type f -print -quit)" ]; then
+            echo "::warning::downloaded Runtime Live E2E artifacts contained no journey metrics JSON; skipping journey ledger" >&2
+            echo "found=false" >> "$GITHUB_OUTPUT"
+            exit 0
+          fi
+          echo "found=true" >> "$GITHUB_OUTPUT"
+
+      - name: Build journey cost ledger
+        if: steps.download_metrics.outputs.found == 'true'
+        run: |
+          set -euo pipefail
+          RELEASE_VERSION="${GITHUB_REF_NAME#v}"
+          go run ./cmd/spacedock-release journey-costs "$RELEASE_VERSION" \
+            --metrics-dir "$RUNNER_TEMP/journey-metrics" \
+            --out "$RUNNER_TEMP/journey-costs-v${RELEASE_VERSION}.json"
+          test -s "$RUNNER_TEMP/journey-costs-v${RELEASE_VERSION}.json"
+
+      - name: Publish journey cost ledger
+        if: steps.download_metrics.outputs.found == 'true'
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          set -euo pipefail
+          RELEASE_VERSION="${GITHUB_REF_NAME#v}"
+          gh release upload "$GITHUB_REF_NAME" "$RUNNER_TEMP/journey-costs-v${RELEASE_VERSION}.json" --clobber
+
   goreleaser:
     runs-on: macos-latest
     steps:
@@ -59,33 +133,6 @@ jobs:
             exit 1
           fi
 
-      - name: Download latest journey metrics artifacts
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          set -euo pipefail
-          mkdir -p "$RUNNER_TEMP/runtime-live-artifacts" "$RUNNER_TEMP/journey-metrics"
-          run_id="$(gh run list --workflow "Runtime Live E2E" --branch next --status success --limit 1 --json databaseId --jq '.[0].databaseId')"
-          if [ -z "$run_id" ] || [ "$run_id" = "null" ]; then
-            echo "::error::no successful Runtime Live E2E run found on next for journey metrics" >&2
-            exit 1
-          fi
-          gh run download "$run_id" --dir "$RUNNER_TEMP/runtime-live-artifacts"
-          find "$RUNNER_TEMP/runtime-live-artifacts" -path '*/journey-metrics/*.json' -type f -exec cp {} "$RUNNER_TEMP/journey-metrics/" \;
-          if [ -z "$(find "$RUNNER_TEMP/journey-metrics" -name '*.json' -type f -print -quit)" ]; then
-            echo "::error::downloaded Runtime Live E2E artifacts contained no journey metrics JSON" >&2
-            exit 1
-          fi
-
-      - name: Build journey cost ledger
-        run: |
-          set -euo pipefail
-          RELEASE_VERSION="${GITHUB_REF_NAME#v}"
-          go run ./cmd/spacedock-release journey-costs "$RELEASE_VERSION" \
-            --metrics-dir "$RUNNER_TEMP/journey-metrics" \
-            --out "$RUNNER_TEMP/journey-costs-v${RELEASE_VERSION}.json"
-          test -s "$RUNNER_TEMP/journey-costs-v${RELEASE_VERSION}.json"
-
       - name: Run goreleaser
         uses: goreleaser/goreleaser-action@v6
         with:
@@ -99,14 +146,6 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           HOMEBREW_TAP_TOKEN: ${{ secrets.HOMEBREW_TAP_TOKEN }}
 
-      - name: Publish journey cost ledger
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          set -euo pipefail
-          RELEASE_VERSION="${GITHUB_REF_NAME#v}"
-          gh release upload "$GITHUB_REF_NAME" "$RUNNER_TEMP/journey-costs-v${RELEASE_VERSION}.json" --clobber
-
       # AC-4: stamp the plugin manifests' `version` to the release so the host
       # plugin panel (`claude plugin list --json`) displays a version that tracks
       # the binary instead of the frozen placeholder. The displayed version is