Appearance

Deployment

Quick Start

Blaze can be started with a single command using docker:

sh
docker run -d --name blaze -p 8080:8080 samply/blaze:1.7.0@sha256:f2e87759605587eaf9cbbf86e229938019a732bb908d4e59f107a2744e73825f

Verification Since 1.0

For container images, we use cosign to sign images. This allows users to confirm the image was built by the expected CI pipeline and has not been modified after publication.

NOTE

Make sure to use the image digest. Tags alone are mutable and can be updated to point to different images. Pinning to the digest (the @sha256: part) ensures you use the exact build intended for a given release.

sh
cosign verify "samply/blaze:1.7.0@sha256:f2e87759605587eaf9cbbf86e229938019a732bb908d4e59f107a2744e73825f" \
  --certificate-identity-regexp "https://github.com/samply/blaze/.*" \
  --certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
  --certificate-github-workflow-ref="refs/tags/v1.7.0" \
  -o text >/dev/null
sh
cosign verify "samply/blaze-frontend:1.7.0@sha256:2d6ecc56e577eccc10e5d964a45049cf83cf29ada185ad8318b8f19eea566978" \
  --certificate-identity-regexp "https://github.com/samply/blaze/.*" \
  --certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
  --certificate-github-workflow-ref="refs/tags/v1.7.0" \
  -o text >/dev/null

The expected output is:

text

Verification for index.docker.io/samply/blaze@sha256:f2e87759605587eaf9cbbf86e229938019a732bb908d4e59f107a2744e73825f --
The following checks were performed on each of these signatures:
  - The cosign claims were validated
  - Existence of the claims in the transparency log was verified offline
  - The code-signing certificate was verified using trusted certificate authority certificates
text

Verification for index.docker.io/samply/blaze-frontend@sha256:2d6ecc56e577eccc10e5d964a45049cf83cf29ada185ad8318b8f19eea566978 --
The following checks were performed on each of these signatures:
  - The cosign claims were validated
  - Existence of the claims in the transparency log was verified offline
  - The code-signing certificate was verified using trusted certificate authority certificates

This output ensures that the image was built by the GitHub Actions workflow of the repository samply/blaze and tag v1.7.0.

Production

For production-ready deployments, there are three options:

IMPORTANT

Also see the Production Configuration guide.

Configuration

Configuration is based on environment variables and documented in the Configuration section.