Appearance

Deployment

Quick Start

Blaze can be started with a single command using docker:

sh
docker run -d --name blaze -p 8080:8080 samply/blaze:1.6.0@sha256:76b8d0947a8463921e4cd5db291b14d58c221d4ca474a582eea3f16294ef8b3d

Verification Since 1.0

For container images, we use cosign to sign images. This allows users to confirm the image was built by the expected CI pipeline and has not been modified after publication.

NOTE

Make sure to use the image digest. Tags alone are mutable and can be updated to point to different images. Pinning to the digest (the @sha256: part) ensures you use the exact build intended for a given release.

sh
cosign verify "samply/blaze:1.6.0@sha256:76b8d0947a8463921e4cd5db291b14d58c221d4ca474a582eea3f16294ef8b3d" \
  --certificate-identity-regexp "https://github.com/samply/blaze/.*" \
  --certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
  --certificate-github-workflow-ref="refs/tags/v1.6.0" \
  -o text >/dev/null
sh
cosign verify "samply/blaze-frontend:1.6.0@sha256:c9a455b168c1f15c087f859939e721f0ae81b47aa897bd3796a85be6bf3c5012" \
  --certificate-identity-regexp "https://github.com/samply/blaze/.*" \
  --certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
  --certificate-github-workflow-ref="refs/tags/v1.6.0" \
  -o text >/dev/null

The expected output is:

text

Verification for index.docker.io/samply/blaze@sha256:76b8d0947a8463921e4cd5db291b14d58c221d4ca474a582eea3f16294ef8b3d --
The following checks were performed on each of these signatures:
  - The cosign claims were validated
  - Existence of the claims in the transparency log was verified offline
  - The code-signing certificate was verified using trusted certificate authority certificates
Certificate subject: https://github.com/samply/blaze/.github/workflows/build.yml@refs/tags/v1.6.0
Certificate issuer URL: https://token.actions.githubusercontent.com
GitHub Workflow Trigger: push
GitHub Workflow SHA: b346bc60fd69539f971cceb259b5cf1a15f4d3ae
GitHub Workflow Name: Build
GitHub Workflow Repository: samply/blaze
GitHub Workflow Ref: refs/tags/v1.6.0
text

Verification for index.docker.io/samply/blaze-frontend@sha256:c9a455b168c1f15c087f859939e721f0ae81b47aa897bd3796a85be6bf3c5012 --
The following checks were performed on each of these signatures:
  - The cosign claims were validated
  - Existence of the claims in the transparency log was verified offline
  - The code-signing certificate was verified using trusted certificate authority certificates
Certificate subject: https://github.com/samply/blaze/.github/workflows/build.yml@refs/tags/v1.6.0
Certificate issuer URL: https://token.actions.githubusercontent.com
GitHub Workflow Trigger: push
GitHub Workflow SHA: b346bc60fd69539f971cceb259b5cf1a15f4d3ae
GitHub Workflow Name: Build
GitHub Workflow Repository: samply/blaze
GitHub Workflow Ref: refs/tags/v1.6.0

This output ensures that the image was built by the GitHub Actions workflow of the repository samply/blaze and tag v1.6.0.

Production

For production-ready deployments, there are three options:

IMPORTANT

Also see the Production Configuration guide.

Configuration

Configuration is based on environment variables and documented in the Configuration section.