This repository builds Bluefin ISOs using Anaconda and Titanoboa
Workflows and configuration files needed to build bootable Bluefin ISOs for installation.
- Pre-configured Anaconda installer
- System flatpaks
- Custom branding and configuration
- Secure boot key enrollment
The ISO build system consists of independent, focused workflows that can be triggered individually or as a group:
┌──────────────────────────────────────────────────────────────┐
│ Individual Workflows │
│ (Can be triggered separately) │
└──────────────────────────────────────────────────────────────┘
┌─────────────────────┐ ┌─────────────────────┐
│ build-iso-lts │ │ build-iso-lts-hwe │
│ │ │ │
│ ✓ workflow_dispatch │ │ ✓ workflow_dispatch │
│ ✓ schedule (cron) │ │ ✓ schedule (cron) │
│ ✓ upload options │ │ ✓ upload options │
│ │ │ │
│ Builds: LTS ISOs │ │ Builds: LTS-HWE ISOs│
│ - amd64 × main │ │ - amd64 × main │
│ - amd64 × gdx │ │ - arm64 × main │
│ - arm64 × main │ │ │
│ - arm64 × gdx │ │ │
└─────────┬───────────┘ └─────────┬───────────┘
│ │
└────────┬───────────────┘
│
┌────────▼────────┐
│ calls reusable │
│ workflow │
└────────┬────────┘
│
┌─────────────────────┐ ┌─────────────────────┐
│ build-iso-lts-hwe │ │ build-iso-stable │
│ │ │ │
│ ✓ workflow_dispatch │ │ ✓ workflow_dispatch │
│ ✓ schedule (cron) │ │ ✓ schedule (cron) │
│ ✓ upload options │ │ ✓ upload options │
│ │ │ │
│ Builds: LTS-HWE ISOs│ │ Builds: Stable ISOs │
│ - amd64 × main │ │ - amd64 × main │
│ - arm64 × main │ │ - amd64 × nvidia-open│
└─────────┬───────────┘ └─────────┬───────────┘
│ │
└────────┬───────────────┘
│
┌────────▼────────┐
│ calls reusable │
│ workflow │
└─────────────────┘
═══════════════════════════════════════════════════════════════
┌──────────────────────────────────────────────────────────────┐
│ Orchestration Workflow │
│ (Calls all individual workflows) │
└──────────────────────────────────────────────────────────────┘
┌─────────────────────────────────────────────────────────────┐
│ build-iso-all │
│ "Build All ISOs" │
│ │
│ ✓ workflow_dispatch │
│ ✓ schedule (cron) │
│ ✓ upload options │
│ │
│ Orchestrates all 3 workflows in parallel: │
│ ├─► build-iso-lts │
│ ├─► build-iso-lts-hwe │
│ └─► build-iso-stable │
└─────────────────────────────────────────────────────────────┘
Schedule: All workflows run at 2am UTC on the 1st of each month
- Strict ISO Scoping: Each workflow builds ONLY its designated ISOs - no cross-contamination
build-iso-lts.yml→ LTS ISOs only (never builds Stable or LTS-HWE)build-iso-lts-hwe.yml→ LTS-HWE ISOs only (never builds Stable or LTS)build-iso-stable.yml→ Stable ISOs only (never builds LTS or LTS-HWE)
- Independent Execution: Each workflow can run independently without affecting others
- Orchestration: The "Build All ISOs" workflow calls all others in parallel
- Flexible Upload: Control artifact and R2 uploads per execution
- Consistent Scheduling: All workflows on same monthly schedule (cron:
0 2 1 * *)
The following ISO variants are built:
- Stable - Current stable release
- LTS - Long-term support based on CentOS Stream
- LTS-HWE - LTS with hardware enablement kernel
Each variant supports multiple flavors:
main- Standard Bluefinnvidia-open- With NVIDIA open drivers (Stable only)gdx- Bluefin DX for developers (LTS only)
ISOs are built automatically via GitHub Actions workflows. Each variant has its own dedicated workflow that builds only its specific ISOs.
Each workflow is strictly scoped to build only its designated ISO variant:
| Workflow File | Builds | Does NOT Build |
|---|---|---|
build-iso-lts.yml |
4 LTS ISOs only - amd64 × main - amd64 × gdx - arm64 × main - arm64 × gdx |
❌ Stable ❌ LTS-HWE |
build-iso-lts-hwe.yml |
2 LTS-HWE ISOs only - amd64 × main - arm64 × main |
❌ Stable ❌ LTS |
build-iso-stable.yml |
2 Stable ISOs only - amd64 × main - amd64 × nvidia-open |
❌ LTS ❌ LTS-HWE |
build-iso-all.yml |
All 8 ISOs (calls all 3 workflows above) | N/A - orchestrator |
This strict separation ensures:
- ✅ Predictable builds: You know exactly which ISOs each workflow produces
- ✅ Faster iterations: Build only the variants you need
- ✅ Easier debugging: Issues are isolated to specific variants
- ✅ Resource efficiency: No unnecessary builds
Trigger individual workflow dispatches for specific variants:
- Go to Actions
- Select a workflow:
- "Build LTS ISOs" - for LTS variant
- "Build LTS-HWE ISOs" - for LTS-HWE variant
- "Build Stable ISOs" - for Stable variant
- "Build All ISOs" - to build all variants
- Click "Run workflow"
- Choose upload options:
upload_artifacts- Upload ISOs as job artifacts (default: false)upload_r2- Upload ISOs to CloudFlare R2 (default: true)
ISOs are built automatically:
- Monthly schedule: All workflows run at 2am UTC on the 1st of every month
- On changes: When ISO configuration files are modified (via pull requests)
.
├── .github/workflows/ # GitHub Actions workflows
│ ├── build-iso-lts.yml # LTS ISO build workflow
│ ├── build-iso-lts-hwe.yml # LTS-HWE ISO build workflow
│ ├── build-iso-stable.yml # Stable ISO build workflow
│ ├── build-iso-all.yml # Orchestrates all ISO builds
│ ├── reusable-build-iso-anaconda.yml # Core reusable ISO build workflow
│ ├── validate-flatpaks.yml # Validate Flatpak lists
│ └── validate-renovate.yml # Validate Renovate config
├── iso_files/ # ISO configuration files
│ ├── configure_iso_anaconda.sh # Standard ISO configuration
│ ├── configure_lts_iso_anaconda.sh # LTS ISO configuration
│ └── bluefin.repo # Generated COPR repository file
├── flatpaks/ # Flatpak application lists
│ ├── system-flatpaks.list # Base system flatpaks
│ ├── system-flatpaks-dx.list # Developer flatpaks
│ └── system-flatpaks-extra.list # Extra flatpaks
├── just/ # Just recipes for system management
│ ├── bluefin-apps.just # Application management
│ └── bluefin-system.just # System management
├── Justfile # Main build recipes
└── AGENTS.md # Copilot agent instructions
iso_files/configure_iso_anaconda.sh- Configures the live environment and Anaconda installer for standard releasesiso_files/configure_lts_iso_anaconda.sh- Configures the live environment and Anaconda installer for LTS releases
Flatpaks to be pre-installed on the ISO:
flatpaks/system-flatpaks.list- Core applicationsflatpaks/system-flatpaks-dx.list- Additional developer toolsflatpaks/system-flatpaks-extra.list- Optional extra applications
- Just command runner
- Podman or Docker
- Pre-commit
# Validate all files
pre-commit run --all-files
# Check Just syntax
just check
# Fix formatting
just fix# Build an ISO locally
just build-iso bluefin stable main
# Build using GHCR image
just build-iso-ghcr bluefin stable mainBuilt ISOs are uploaded to:
- CloudFlare R2
testingbucket (for automatic builds) - GitHub Actions artifacts (for pull request builds)
ISO naming format: {image-name}-{version}-{arch}.iso
Example: bluefin-stable-x86_64.iso
The repository uses a two-stage release pipeline with testing and production buckets:
┌─────────────────────────────────────────────────────────────┐
│ ISO Build Workflows │
│ (build-iso-lts, stable, lts-hwe) │
└───────────────────────────┬─────────────────────────────────┘
│
▼
┌───────────────┐
│ Testing │
│ Bucket │ ← Automatic builds
│ (testing) │
└───────┬───────┘
│
│ Manual promotion
│ with variant selection
▼
┌───────────────────────┐
│ Promote ISOs to │
│ Production Workflow │
└───────────┬───────────┘
│
▼
┌───────────────┐
│ Production │
│ Bucket │ ← Controlled release
│ (prodtest) │
└───────────────┘
The promote-iso.yml workflow allows controlled promotion of ISOs from testing to production.
- After verifying ISOs in the testing bucket
- When ready to release specific variants to users
- Before announcing new ISO availability
Step 1: Preview Changes (Dry Run)
- Navigate to Actions → Promote ISOs to Production
- Click "Run workflow"
- Configure inputs:
- variant: Select which ISOs to promote:
stable- Promotes Stable ISOs onlylts- Promotes LTS, LTS-HWE, and GDX ISOs onlyall- Promotes all ISOs (use with caution)
- dry_run: ✅ Keep checked (default:
true)
- variant: Select which ISOs to promote:
- Click "Run workflow"
- Review the workflow output to see what files would be promoted
Step 2: Execute Promotion
- After verifying the dry run output looks correct
- Run the workflow again with same settings
- Configure inputs:
- variant: Same selection as dry run
- dry_run: ❌ Uncheck (set to
false)
- Click "Run workflow"
- ISOs will be copied from
testingtoprodtestbucket - Verify the promotion in the workflow output
| Variant | ISOs Promoted | Use Case |
|---|---|---|
| stable | • Stable ISOs (*-stable-*.iso*) |
Regular stable release cycle |
| lts | • LTS ISOs (*-lts-*.iso*)• LTS-HWE ISOs ( *-lts-hwe-*.iso*)• GDX ISOs ( *-dx-lts-*.iso*) |
LTS release cycle |
| all | • All ISOs (*.iso)• All checksums ( *.iso-CHECKSUM) |
Major releases or bulk updates |
- Dry run is enabled by default - Always preview before promoting
- rclone sync is used - Files in testing will mirror to production:
- New files are copied
- Updated files are replaced
- Files not in testing (matching the filter) are removed from production
- Selective promotion - Promote stable and LTS independently
- Checksums included -
.iso-CHECKSUMfiles are automatically included
# Scenario: Releasing new Stable ISOs
# 1. Verify ISOs built successfully in testing bucket
# 2. Run promotion workflow:
# - variant: stable
# - dry_run: true
# 3. Review output - confirm Stable ISOs will be promoted
# 4. Run again:
# - variant: stable
# - dry_run: false
# 5. ISOs are now in production bucket
# 6. Announce availability to usersContributions are welcome! Please ensure:
- Pre-commit checks pass
- Just syntax is valid
- Flatpak lists are properly validated
- Follow conventional commits
See main Bluefin repository for license information.
- Bluefin - Main Bluefin image repository
- Bluefin LTS - Long-term support variant
- Bluefin Documentation - User documentation
- Titanoboa - ISO builder tool