Added 'wolfboot-ci-m33mu' container

danielinux · danielinux · commit c3e838feb7d1 · 2026-03-24T14:18:42.000+01:00
diff --git a/.github/workflows/build-and-publish.yml b/.github/workflows/build-and-publish.yml
@@ -7,7 +7,7 @@ on:
   workflow_dispatch:
     inputs:
       image:
-        description: 'Image to build (all, base, arm, sim, powerpc, riscv, aarch64, x86, renode)'
+        description: 'Image to build (all, base, arm, sim, m33mu, powerpc, riscv, aarch64, x86, renode)'
         required: false
         default: 'all'
 
@@ -104,6 +104,34 @@ jobs:
             ${{ env.REGISTRY }}/${{ env.OWNER }}/wolfboot-ci-sim:${{ github.ref_name }}
             ${{ env.REGISTRY }}/${{ env.OWNER }}/wolfboot-ci-sim:latest
 
+  m33mu:
+    if: >-
+      github.event_name == 'push' ||
+      github.event.inputs.image == 'all' ||
+      github.event.inputs.image == 'm33mu'
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Log in to GHCR
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GHCR_PAT }}
+
+      - name: Build and push m33mu
+        uses: docker/build-push-action@v6
+        with:
+          context: m33mu
+          push: true
+          tags: |
+            ${{ env.REGISTRY }}/${{ env.OWNER }}/wolfboot-ci-m33mu:${{ github.ref_name }}
+            ${{ env.REGISTRY }}/${{ env.OWNER }}/wolfboot-ci-m33mu:latest
+
   powerpc:
     needs: base
     if: >-
diff --git a/README.md b/README.md
@@ -13,6 +13,7 @@ All images use Devuan testing as the base (except renode).
 | `wolfboot-ci-arm` | ARM cross-compilation: arm-none-eabi-gcc, aarch64-linux-gnu, clang | base |
 | `wolfboot-ci-powerpc` | PowerPC cross-compilation: powerpc-linux-gnu-gcc | base |
 | `wolfboot-ci-sim` | Host simulator tests: 32-bit libc, libcheck | base |
+| `wolfboot-ci-m33mu` | TrustZone emulator tests: ARM toolchain + m33mu | devuan:testing |
 | `wolfboot-ci-riscv` | RISC-V: xPack GCC + freedom-e-sdk | base |
 | `wolfboot-ci-aarch64` | Bare-metal AArch64: aarch64-none-elf toolchain | base |
 | `wolfboot-ci-x86` | x86 QEMU: nasm, gcc-multilib, qemu-system-x86, swtpm | base |
@@ -26,6 +27,9 @@ podman build --no-cache -t wolfboot-ci-base:testing base/
 
 # Build derived images (replace 'arm' with any image name)
 podman build --no-cache --build-arg BASE_TAG=testing -t wolfboot-ci-arm:testing arm/
+
+# Build m33mu image
+podman build --no-cache -t wolfboot-ci-m33mu:testing m33mu/
 ```
 
 ## Usage in GitHub Actions
diff --git a/m33mu/Dockerfile b/m33mu/Dockerfile
@@ -0,0 +1,62 @@
+# m33mu-ci: Devuan testing CI image for Zephyr + m33mu
+FROM docker.io/devuan/devuan:testing
+
+ENV DEBIAN_FRONTEND=noninteractive
+
+# ---- Base build tooling + deps (as provided) ----
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    ca-certificates curl wget xz-utils file \
+    git build-essential pkg-config \
+    cmake ninja-build \
+    python3 python3-pip python3-venv python3-full \
+    gcc-arm-none-eabi \
+    binutils-arm-none-eabi \
+    libstdc++-arm-none-eabi-dev \
+    libstdc++-arm-none-eabi-newlib \
+    gdb-multiarch \
+    libtpms-dev vde2 \
+    libcapstone-dev \
+    libwolfssl-dev \
+    libvdeplug-dev \
+    vde-switch \
+    libdw-dev libelf-dev \
+    libncurses-dev \
+    && rm -rf /var/lib/apt/lists/* \
+    && apt-get clean
+
+# ---- Zephyr SDK ----
+#ARG ZEPHYR_SDK_VERSION=0.17.4
+#ARG ZEPHYR_SDK_ARCH=linux-x86_64
+#
+#RUN set -eux; \
+#    cd /tmp; \
+#    wget -q "https://github.com/zephyrproject-rtos/sdk-ng/releases/download/v${ZEPHYR_SDK_VERSION}/zephyr-sdk-${ZEPHYR_SDK_VERSION}_${ZEPHYR_SDK_ARCH}.tar.xz"; \
+#    wget -q "https://github.com/zephyrproject-rtos/sdk-ng/releases/download/v${ZEPHYR_SDK_VERSION}/sha256.sum"; \
+#    grep "zephyr-sdk-${ZEPHYR_SDK_VERSION}_${ZEPHYR_SDK_ARCH}.tar.xz" sha256.sum | sha256sum -c -; \
+#    mkdir -p /opt; \
+#    tar -C /opt -xf "zephyr-sdk-${ZEPHYR_SDK_VERSION}_${ZEPHYR_SDK_ARCH}.tar.xz"; \
+#    rm -f "zephyr-sdk-${ZEPHYR_SDK_VERSION}_${ZEPHYR_SDK_ARCH}.tar.xz" sha256.sum
+#
+#ENV ZEPHYR_TOOLCHAIN_VARIANT=zephyr
+#ENV ZEPHYR_SDK_INSTALL_DIR=/opt/zephyr-sdk-${ZEPHYR_SDK_VERSION}
+#
+## ---- Python venv for west (avoids PEP 668 externally-managed-environment) ----
+#ENV VIRTUAL_ENV=/opt/venv
+#ENV PATH="${VIRTUAL_ENV}/bin:${PATH}"
+#
+#RUN python3 -m venv "${VIRTUAL_ENV}" \
+# && "${VIRTUAL_ENV}/bin/pip" install --no-cache-dir --upgrade pip setuptools wheel \
+# && "${VIRTUAL_ENV}/bin/pip" install --no-cache-dir west
+
+
+# ---- m33mu: clone, build, install ----
+RUN set -eux; \
+    git clone --depth 1 https://github.com/danielinux/m33mu.git /tmp/m33mu; \
+    cmake -S /tmp/m33mu -B /tmp/m33mu/build; \
+    cmake --build /tmp/m33mu/build -j"$(nproc)"; \
+    if [ -f /tmp/m33mu/build/m33mu ]; then \
+      install -m 0755 /tmp/m33mu/build/m33mu /usr/local/bin/m33mu; \
+    fi; \
+    rm -rf /tmp/m33mu
+
+WORKDIR /workspace
