Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v3...v4

)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: Stefan Weil <sw@weilnetz.de>

 Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.

- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions

https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions

https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

[Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/

)

Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>

Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 2.3.1 to 3.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v2.3.1...v3

)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2...v3

)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

The CI should be successful when there is nothing to check. Add if
condition as proposed in [1].

[1] https://github.com/dorny/paths-filter/issues/66#issuecomment-778267385

build-gluon.yml is not generated anymore.

Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 1 to 2.3.1.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v1...v2.3.1

)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

VoCores aren't exactly useful mesh nodes except for experimentation.
They certainly aren't worth maintaining a whole target, in particular
one that has a WLAN driver not used by any other target.

Add the newly added mediatek-mt7622 to the firmware build-test matrix.

Signed-off-by: David Bauer <mail@david-bauer.net>

Currently we do not perform CI firmware builds on the next-2102 branch.

Build Gluon for all branches starting with "next" to increase the
coverage of our build tests.

Signed-off-by: David Bauer <mail@david-bauer.net>

This reverts commit d9621048.

ubuntu-latest is now assigned to Ubuntu 20.04. As we use custom apt
sources for 18.04, pin to this version for now to fix the CI.

Closes #2166

The performance benefit the cache brought was due to a broken sources
CDN mirror handling in OpenWrt.

The cache brings no measurable performance benefit. Disable it to slim
down the pipeline steps.

This adds the ability to cache OpenWrt dependencies on a per-target
base. Artifacts over 10MB are excluded, as GitHub imposes a limit of 5G
of available space per repository cache. This affects mostly
linux(-firmware) and gcc / gdb.

The goal is to reduce the total amount of requests necessary to fetch
dependencies.

- Rely on shebang instead of setting shell in workflow
- Run whole install-dependencies.sh in sudo
- Use /bin/sh instead of bash
- set -e

The new step is added with `if: ${{ !cancelled() }}`, so the logs are
stored even when the build fails.

This enables build-testing only on master as well as next and release
branches.