Runners Controller 0.7.0 improves how Linux runners are secured and dispatched.
-
Runner access is now controlled by a single feature flag. The previous per-account concurrency cap has been removed; whether runners are available depends only on the
:runnersflag. Claims no longer enforce a concurrency limit, so eligible jobs can run without an artificial ceiling. -
Linux runner pods are split into isolated containers. A short-lived poller init container holds the dispatch token and stages a job-scoped JIT credential, then the runner container starts with no dispatch token or environment. This lets untrusted workflow code, including fork pull requests, run safely on the in-house Linux fleet instead of GitHub-hosted runners.