diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 96ec851d..be0897bb 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -33,9 +33,27 @@ on:
   workflow_dispatch:
 
 jobs:
+  check-secret:
+    runs-on: ubuntu-latest
+    outputs:
+      secret-configured: ${{ steps.secret-exists-check.outputs.defined }}
+    steps:
+      - name: Check if Secret is configured
+        id: secret-exists-check
+        # check if the secrets are configured before running the tasks
+        # see: https://stackoverflow.com/a/70249520
+        shell: bash
+        run: |
+          if [ "${{ secrets.DOCKER_REGISTRY }}" != '' ]; then
+            echo "defined=true" >> $GITHUB_OUTPUT;
+          else
+            echo "defined=false" >> $GITHUB_OUTPUT;
+          fi
+
   build-test:
     name: Build and Test
     runs-on: ubuntu-latest
+    needs: [check-secret]
     env:
       RIOT_BRANCH: '2026.04-branch'
       VERSION_TAG: '2026.07'
@@ -43,17 +61,17 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@main
         with:
           lfs: 'true'
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v4
         with:
           driver: docker
 
       - name: Build riotdocker-base
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v7
         with:
           context: ./riotdocker-base
           tags: |
@@ -61,7 +79,7 @@ jobs:
             ${{ env.DOCKER_REGISTRY }}/riotdocker-base:${{ env.VERSION_TAG }}
 
       - name: Build static-test-tools
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v7
         with:
           context: ./static-test-tools
           tags: |
@@ -77,7 +95,7 @@ jobs:
           echo "RIOTBUILD_VERSION=$(git describe --always)" >> $GITHUB_ENV
 
       - name: Build riotbuild
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v7
         with:
           context: ./riotbuild
           tags: |
@@ -90,7 +108,7 @@ jobs:
             RIOTBUILD_VERSION=${{ env.RIOTBUILD_VERSION }}
 
       - name: Checkout RIOT
-        uses: actions/checkout@v2
+        uses: actions/checkout@main
         with:
           repository: RIOT-OS/RIOT
           ref: ${{ env.RIOT_BRANCH }}
@@ -173,7 +191,7 @@ jobs:
           ./dist/tools/ci/static_tests.sh
 
       - name: Build murdock worker
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v7
         with:
           context: ./murdock-worker
           tags: |
@@ -183,14 +201,14 @@ jobs:
             DOCKER_REGISTRY=${{ env.DOCKER_REGISTRY }}
 
       - name: Login to DockerHub
-        if: "${{ github.ref == 'refs/heads/master' }}"
-        uses: docker/login-action@v1
+        if: "${{ github.ref == 'refs/heads/master' && needs.check-secret.outputs.secret-configured == 'true' }}"
+        uses: docker/login-action@v4
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
       - name: Push Images
-        if: "${{ github.ref == 'refs/heads/master' }}"
+        if: "${{ github.ref == 'refs/heads/master' && needs.check-secret.outputs.secret-configured == 'true' }}"
         run: |
           docker image push ${{ env.DOCKER_REGISTRY }}/riotdocker-base:latest
           docker image push ${{ env.DOCKER_REGISTRY }}/riotdocker-base:${{ env.VERSION_TAG }}