v3.0.8

Spotlight

• Improved GitHub runner registration recovery so 409 name conflicts during JIT re-mint rotate to a fresh attempt instead of failing the job terminally.
• Moved StepSecurity integration setup into per-job boot after mount points are ready, so integrations initialize with the right job context.
• Skipped RunsOn RAID setup when an AMI has already claimed instance-store disks, avoiding boot failures on images such as AWS DLAMI.
• Stopped the OpenTelemetry collector before runner shutdown so pending logs and traces have a chance to flush cleanly.
• Updated runtime dependencies for the agent, CLI, config, server, and supporting tools.

CloudFormation

• Filtered GitHub workflow_job webhooks at ingress so jobs without RunsOn or Dependabot labels are accepted but not enqueued, reducing queue noise and unnecessary reconciliation work.

Terraform

• Applied the same GitHub workflow_job ingress filtering to Terraform-managed webhook Lambdas.
• Refreshed generated Terraform module documentation and examples for v3.0.8.

Other fixes

• Used strongly consistent DynamoDB job reads during broker handoffs so fresh pending work is not missed until the recovery tick.
• Fixed ownership of the agent .aws directory so runner jobs can use and update AWS credentials created during setup.
• Fixed release mirror branch detection and publication helpers used for mirrored repositories.

Release resources

• Upgrade guide: https://runs-on.com/guides/upgrade/
• CloudFormation template: https://runs-on.s3.eu-west-1.amazonaws.com/cloudformation/template-v3.0.8.yaml