Get rid of Node deprecation warnings.

Link: https://github.blog/changelog/2023-09-22-github-actions-transitioning-from-node-16-to-node-20/



Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 981998e25548295d0dbbac6c0351eeb05607843d)

This removes the warnings about Node 10 deprecation in the GitHub CI.

Signed-off-by: David Bauer <mail@david-bauer.net>

Goal is to cancel Worfklows for Pull Request if they become obsolte
due to new changes.
Without this workflows will continue running, wasting resources and
delaying the run of relevant workflows.
This situation will typically occour if a author of a PR notices an
error/typo/missing bit and pushes new changes to the branch.

This won't affect concurrent workflows for otherwise triggered
workflows (push, workflow_dispatch, tag, ...).

Pin the GitHub runner version used to Ubuntu 22.04.

This endures stability in the runner behavior once GitHub switches to
the next Ubuntu release for the latest tag.

Signed-off-by: David Bauer <mail@david-bauer.net>

Build the CI integration test in our own docker container. This way, we
can make sure Gluon builds actually succeed there.

This also has the advantage of becoming independent from the host
version of GitHubs CI runners.

Signed-off-by: David Bauer <mail@david-bauer.net>

Collect some basic system information about the runners the CI jobs
run on. This is done iwth the intention to have diagnostics information
in advance in case builds fail spuriously in some instances.

Signed-off-by: David Bauer <mail@david-bauer.net>

Add a workflow-dispatch trigger to the build-workflow to enable
triggering build-tests on branches not covered from the match
pattern.

Signed-off-by: David Bauer <mail@david-bauer.net>

In #2997 it was pointed out the current branch-trigger matches more
branches than the release-branches. Retrict the match-pattern to only
cover release-branches

Also only trigger builds on the next-branch and not branches prefixed
with this name.

Link: https://github.com/freifunk-gluon/gluon/pull/2997#issuecomment-1771076385



Signed-off-by: David Bauer <mail@david-bauer.net>

Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v3...v4

)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: Stefan Weil <sw@weilnetz.de>

 Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.

- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions

https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions

https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

[Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/

)

Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>

Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 2.3.1 to 3.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v2.3.1...v3

)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2...v3

)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

The CI should be successful when there is nothing to check. Add if
condition as proposed in [1].

[1] https://github.com/dorny/paths-filter/issues/66#issuecomment-778267385

build-gluon.yml is not generated anymore.

Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 1 to 2.3.1.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v1...v2.3.1

)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

VoCores aren't exactly useful mesh nodes except for experimentation.
They certainly aren't worth maintaining a whole target, in particular
one that has a WLAN driver not used by any other target.

Add the newly added mediatek-mt7622 to the firmware build-test matrix.

Signed-off-by: David Bauer <mail@david-bauer.net>

Currently we do not perform CI firmware builds on the next-2102 branch.

Build Gluon for all branches starting with "next" to increase the
coverage of our build tests.

Signed-off-by: David Bauer <mail@david-bauer.net>

This reverts commit d9621048.

ubuntu-latest is now assigned to Ubuntu 20.04. As we use custom apt
sources for 18.04, pin to this version for now to fix the CI.

Closes #2166

The performance benefit the cache brought was due to a broken sources
CDN mirror handling in OpenWrt.

The cache brings no measurable performance benefit. Disable it to slim
down the pipeline steps.

This adds the ability to cache OpenWrt dependencies on a per-target
base. Artifacts over 10MB are excluded, as GitHub imposes a limit of 5G
of available space per repository cache. This affects mostly
linux(-firmware) and gcc / gdb.

The goal is to reduce the total amount of requests necessary to fetch
dependencies.

- Rely on shebang instead of setting shell in workflow
- Run whole install-dependencies.sh in sudo
- Use /bin/sh instead of bash
- set -e

The new step is added with `if: ${{ !cancelled() }}`, so the logs are
stored even when the build fails.

This enables build-testing only on master as well as next and release
branches.