Appearance

Deployment

Quick Start

Blaze can be started with a single command using docker:

sh
docker run -d --name blaze -p 8080:8080 samply/blaze:1.8.0@sha256:1f0587553e14105d64e0877e5ae2d7450705293e50ab7b1567787ba2b2c9a891

Verification Since 1.0

For container images, we use cosign to sign images. This allows users to confirm the image was built by the expected CI pipeline and has not been modified after publication.

NOTE

Make sure to use the image digest. Tags alone are mutable and can be updated to point to different images. Pinning to the digest (the @sha256: part) ensures you use the exact build intended for a given release.

sh
cosign verify "samply/blaze:1.8.0@sha256:1f0587553e14105d64e0877e5ae2d7450705293e50ab7b1567787ba2b2c9a891" \
  --certificate-identity-regexp "https://github.com/samply/blaze/.*" \
  --certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
  --certificate-github-workflow-ref="refs/tags/v1.8.0" \
  -o text >/dev/null
sh
cosign verify "samply/blaze-frontend:1.8.0@sha256:34506aaf3b20a4bdced8720534aca14ce29ce21123ced6c83be0b40ab6479a8f" \
  --certificate-identity-regexp "https://github.com/samply/blaze/.*" \
  --certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
  --certificate-github-workflow-ref="refs/tags/v1.8.0" \
  -o text >/dev/null

The expected output is:

text

Verification for index.docker.io/samply/blaze@sha256:1f0587553e14105d64e0877e5ae2d7450705293e50ab7b1567787ba2b2c9a891 --
The following checks were performed on each of these signatures:
  - The cosign claims were validated
  - Existence of the claims in the transparency log was verified offline
  - The code-signing certificate was verified using trusted certificate authority certificates
text

Verification for index.docker.io/samply/blaze-frontend@sha256:34506aaf3b20a4bdced8720534aca14ce29ce21123ced6c83be0b40ab6479a8f --
The following checks were performed on each of these signatures:
  - The cosign claims were validated
  - Existence of the claims in the transparency log was verified offline
  - The code-signing certificate was verified using trusted certificate authority certificates

This output ensures that the image was built by the GitHub Actions workflow of the repository samply/blaze and tag v1.8.0.

Production

For production-ready deployments, there are three options:

IMPORTANT

Also see the Production Configuration guide.

Configuration

Configuration is based on environment variables and documented in the Configuration section.