Appearance

Deployment

Quick Start

Blaze can be started with a single command using docker:

sh
docker run -d --name blaze -p 8080:8080 samply/blaze:1.6.2@sha256:4148d6cc9daf1f7237270878535d176b1e24b8d4092dcf636d42778c3a49dbc8

Verification Since 1.0

For container images, we use cosign to sign images. This allows users to confirm the image was built by the expected CI pipeline and has not been modified after publication.

NOTE

Make sure to use the image digest. Tags alone are mutable and can be updated to point to different images. Pinning to the digest (the @sha256: part) ensures you use the exact build intended for a given release.

sh
cosign verify "samply/blaze:1.6.2@sha256:4148d6cc9daf1f7237270878535d176b1e24b8d4092dcf636d42778c3a49dbc8" \
  --certificate-identity-regexp "https://github.com/samply/blaze/.*" \
  --certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
  --certificate-github-workflow-ref="refs/tags/v1.6.2" \
  -o text >/dev/null
sh
cosign verify "samply/blaze-frontend:1.6.2@sha256:df3f98caea26ba81fc6738c4470454679163eca664e43656f27fc4215d551adc" \
  --certificate-identity-regexp "https://github.com/samply/blaze/.*" \
  --certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
  --certificate-github-workflow-ref="refs/tags/v1.6.2" \
  -o text >/dev/null

The expected output is:

text

Verification for index.docker.io/samply/blaze@sha256:4148d6cc9daf1f7237270878535d176b1e24b8d4092dcf636d42778c3a49dbc8 --
The following checks were performed on each of these signatures:
  - The cosign claims were validated
  - Existence of the claims in the transparency log was verified offline
  - The code-signing certificate was verified using trusted certificate authority certificates
Certificate subject: https://github.com/samply/blaze/.github/workflows/build.yml@refs/tags/v1.6.2
Certificate issuer URL: https://token.actions.githubusercontent.com
GitHub Workflow Trigger: push
GitHub Workflow SHA: 7dc17aa5aa479e4dac37499d94b12a95eb07c592
GitHub Workflow Name: Build
GitHub Workflow Repository: samply/blaze
GitHub Workflow Ref: refs/tags/v1.6.2
text

Verification for index.docker.io/samply/blaze-frontend@sha256:df3f98caea26ba81fc6738c4470454679163eca664e43656f27fc4215d551adc --
The following checks were performed on each of these signatures:
  - The cosign claims were validated
  - Existence of the claims in the transparency log was verified offline
  - The code-signing certificate was verified using trusted certificate authority certificates
Certificate subject: https://github.com/samply/blaze/.github/workflows/build.yml@refs/tags/v1.6.2
Certificate issuer URL: https://token.actions.githubusercontent.com
GitHub Workflow Trigger: push
GitHub Workflow SHA: 7dc17aa5aa479e4dac37499d94b12a95eb07c592
GitHub Workflow Name: Build
GitHub Workflow Repository: samply/blaze
GitHub Workflow Ref: refs/tags/v1.6.2

This output ensures that the image was built by the GitHub Actions workflow of the repository samply/blaze and tag v1.6.2.

Production

For production-ready deployments, there are three options:

IMPORTANT

Also see the Production Configuration guide.

Configuration

Configuration is based on environment variables and documented in the Configuration section.