Appearance

Deployment

Quick Start

Blaze can be started with a single command using docker:

sh
docker run -d --name blaze -p 8080:8080 samply/blaze:1.5.0@sha256:52a6f5b53d944e6060bae85161bbafb264a1b968f5d5008f8c47f5c98933823a

Verification Since 1.0

For container images, we use cosign to sign images. This allows users to confirm the image was built by the expected CI pipeline and has not been modified after publication.

NOTE

Make sure to use the image digest. Tags alone are mutable and can be updated to point to different images. Pinning to the digest (the @sha256: part) ensures you use the exact build intended for a given release.

sh
cosign verify "samply/blaze:1.5.0@sha256:52a6f5b53d944e6060bae85161bbafb264a1b968f5d5008f8c47f5c98933823a" \
  --certificate-identity-regexp "https://github.com/samply/blaze/.*" \
  --certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
  --certificate-github-workflow-ref="refs/tags/v1.5.0" \
  -o text >/dev/null
sh
cosign verify "samply/blaze-frontend:1.5.0@sha256:b8cc545012b4b88d2704021ebf1f23ab0d362cee1e62bd95b0d49b23f9371772" \
  --certificate-identity-regexp "https://github.com/samply/blaze/.*" \
  --certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
  --certificate-github-workflow-ref="refs/tags/v1.5.0" \
  -o text >/dev/null

The expected output is:

text

Verification for index.docker.io/samply/blaze@sha256:52a6f5b53d944e6060bae85161bbafb264a1b968f5d5008f8c47f5c98933823a --
The following checks were performed on each of these signatures:
  - The cosign claims were validated
  - Existence of the claims in the transparency log was verified offline
  - The code-signing certificate was verified using trusted certificate authority certificates
Certificate subject: https://github.com/samply/blaze/.github/workflows/build.yml@refs/tags/v1.5.0
Certificate issuer URL: https://token.actions.githubusercontent.com
GitHub Workflow Trigger: push
GitHub Workflow SHA: c287af6aa40b09895a41a2a0aa0539abf0f1d6ca
GitHub Workflow Name: Build
GitHub Workflow Repository: samply/blaze
GitHub Workflow Ref: refs/tags/v1.5.0
text

Verification for index.docker.io/samply/blaze-frontend@sha256:b8cc545012b4b88d2704021ebf1f23ab0d362cee1e62bd95b0d49b23f9371772 --
The following checks were performed on each of these signatures:
  - The cosign claims were validated
  - Existence of the claims in the transparency log was verified offline
  - The code-signing certificate was verified using trusted certificate authority certificates
Certificate subject: https://github.com/samply/blaze/.github/workflows/build.yml@refs/tags/v1.5.0
Certificate issuer URL: https://token.actions.githubusercontent.com
GitHub Workflow Trigger: push
GitHub Workflow SHA: c287af6aa40b09895a41a2a0aa0539abf0f1d6ca
GitHub Workflow Name: Build
GitHub Workflow Repository: samply/blaze
GitHub Workflow Ref: refs/tags/v1.5.0

This output ensures that the image was built by the GitHub Actions workflow of the repository samply/blaze and tag v1.5.0.

Production

For production-ready deployments, there are three options:

IMPORTANT

Also see the Production Configuration guide.

Configuration

Configuration is based on environment variables and documented in the Configuration section.