Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(comfy-ui): create developing image #79

Merged
merged 6 commits into from
Jan 20, 2025
Merged

feat(comfy-ui): create developing image #79

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
ed97125
feat(comfy-ui): create base developing image
tinovyatkin Jan 13, 2025
e156bf1
chore: make venv relocatable
tinovyatkin Jan 16, 2025
3cc43a5
chore: add trailing new line to dockerfile
tinovyatkin Jan 16, 2025
38985b1
feat: add Github Action to build ComfyUI dev container
tinovyatkin Jan 16, 2025
7a35039
docs: add diff commands
tinovyatkin Jan 16, 2025
7b86882
chore: edit existing gitignore and pre-create branch
tinovyatkin Jan 17, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
56 changes: 56 additions & 0 deletions .github/workflows/comfyui-dev-container.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
name: Build and Push ComfyUI Dev Container

on:
push:
paths:
- ".github/workflows/comfyui-dev-container.yml"
- "ComfyUI/Dockerfile.local-cpu"
workflow_dispatch:

jobs:
build-and-push:
runs-on: ubuntu-latest
permissions:
packages: write
contents: read
attestations: write
id-token: write
steps:
- name: Check out repository
uses: actions/checkout@v4

- name: Log in to GitHub Container Registry
uses: docker/login-action@v3

Check warning

Code scanning / CodeQL

Unpinned tag for a non-immutable Action in workflow Medium

Unpinned 3rd party Action 'Build and Push ComfyUI Dev Container' step
Uses Step
Loading
uses 'docker/login-action' with ref 'v3', not a pinned commit hash
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Set up QEMU
uses: docker/setup-qemu-action@v3

Check warning

Code scanning / CodeQL

Unpinned tag for a non-immutable Action in workflow Medium

Unpinned 3rd party Action 'Build and Push ComfyUI Dev Container' step
Uses Step
Loading
uses 'docker/setup-qemu-action' with ref 'v3', not a pinned commit hash

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
Fixed Show fixed Hide fixed

Check warning

Code scanning / CodeQL

Unpinned tag for a non-immutable Action in workflow Medium

Unpinned 3rd party Action 'Build and Push ComfyUI Dev Container' step
Uses Step
Loading
uses 'docker/setup-buildx-action' with ref 'v3', not a pinned commit hash

Comment on lines +19 to +34
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Pin GitHub Actions to specific commit hashes for better security.

Currently using version tags (@V3) which could potentially lead to supply chain attacks. Replace version tags with specific commit hashes for all actions:

  • actions/checkout@v4
  • docker/login-action@v3
  • docker/setup-qemu-action@v3
  • docker/setup-buildx-action@v3

Here's how to find and pin the commit hashes:

#!/bin/bash
# Description: Get the latest commit hashes for the GitHub Actions in use

# For each action, fetch the commit hash for the current version tag
for action in "actions/checkout@v4" "docker/login-action@v3" "docker/setup-qemu-action@v3" "docker/setup-buildx-action@v3" "docker/build-push-action@v6"; do
  echo "Fetching commit hash for $action"
  gh api repos/${action%@*}/commits/$(echo $action | cut -d@ -f2) --jq .sha
done
🧰 Tools
🪛 GitHub Check: CodeQL

[warning] 23-23: Unpinned tag for a non-immutable Action in workflow
Unpinned 3rd party Action 'Build and Push ComfyUI Dev Container' step Uses Step uses 'docker/login-action' with ref 'v3', not a pinned commit hash

[warning] 30-30: Unpinned tag for a non-immutable Action in workflow
Unpinned 3rd party Action 'Build and Push ComfyUI Dev Container' step Uses Step uses 'docker/setup-qemu-action' with ref 'v3', not a pinned commit hash

[warning] 33-33: Unpinned tag for a non-immutable Action in workflow
Unpinned 3rd party Action 'Build and Push ComfyUI Dev Container' step Uses Step uses 'docker/setup-buildx-action' with ref 'v3', not a pinned commit hash

- name: Docker meta
id: meta
uses: docker/metadata-action@v5

Check warning

Code scanning / CodeQL

Unpinned tag for a non-immutable Action in workflow Medium

Unpinned 3rd party Action 'Build and Push ComfyUI Dev Container' step
Uses Step: meta
Loading
uses 'docker/metadata-action' with ref 'v5', not a pinned commit hash
with:
images: ghcr.io/super-protocol/solutions/comfyui-composer
tags: |
type=ref,event=branch,enable=${{ github.ref != 'refs/heads/main' }}
type=ref,event=pr
type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' && !startsWith(github.event_name, 'pull_request') }}

- name: Build and push
uses: docker/build-push-action@v6
Fixed Show fixed Hide fixed
Fixed Show fixed Hide fixed

Check warning

Code scanning / CodeQL

Unpinned tag for a non-immutable Action in workflow Medium

Unpinned 3rd party Action 'Build and Push ComfyUI Dev Container' step
Uses Step
Loading
uses 'docker/build-push-action' with ref 'v6', not a pinned commit hash
with:
context: ComfyUI
file: ComfyUI/Dockerfile.local-cpu
provenance: true
platforms: linux/amd64,linux/arm64
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.meta.outputs.tags }}
labels: |
org.opencontainers.image.title=ComfyUI Development Container
org.opencontainers.image.description=Base development image for ComfyUI
26 changes: 26 additions & 0 deletions ComfyUI/DEV.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
## Building developing image

```sh
docker buildx build -f Dockerfile.local-cpu -t comfyui .
```

## Running the container

```sh
docker run \
--name comfyui \
--publish 8188:8188 \
# optionally to run in background
--detach \
--restart unless-stopped \
comfyui
```

## Getting changes from the container

```sh
git add --all
git commit -m 'Getting all my changes'
git archive -o update.zip HEAD $(git diff --submodule=diff --name-only HEAD HEAD^)
```

96 changes: 96 additions & 0 deletions ComfyUI/Dockerfile.local-cpu
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,96 @@
# syntax = docker/dockerfile:1.4.0
# Use a Python image with uv pre-installed
FROM ghcr.io/astral-sh/uv:python3.12-bookworm-slim

# The installer requires curl (and certificates) to download the release archive
RUN apt-get update && apt-get install -y --no-install-recommends \
git \
git-lfs \
build-essential \
libgl1-mesa-glx \
wget \
curl \
unzip \
ffmpeg

# Enable bytecode compilation
ENV UV_COMPILE_BYTECODE=1 UV_LINK_MODE=copy

# Set environment variables
ARG COMFYUI_VERSION=v0.3.10
ARG COMFYUI_MANAGER_VERSION=3.6.5
ENV PYTHONUNBUFFERED=1 \
COMFYUI_REPO=https://github.com/comfyanonymous/ComfyUI.git \
COMFYUI_MANAGER_REPO=https://github.com/ltdrdata/ComfyUI-Manager.git \
COMFYUI_DIR=/opt/ComfyUI

# Clones the ComfyUI repository and checks out the latest release
# Clone the ComfyUI repository
RUN git clone --branch $COMFYUI_VERSION --single-branch $COMFYUI_REPO $COMFYUI_DIR

# Change into ComfyUI directory
WORKDIR $COMFYUI_DIR

RUN git config --local user.email "[email protected]" \
&& git config --global user.name "Container Builder"

# Create Python virtual environment
RUN --mount=type=cache,target=/root/.cache/uv \
uv venv --seed --relocatable .venv
ENV VIRTUAL_ENV=$COMFYUI_DIR/.venv
ENV PATH="$VIRTUAL_ENV/bin:$PATH"

# Install PyTorch and its dependencies
# see https://docs.astral.sh/uv/guides/integration/pytorch/#the-uv-pip-interface
RUN --mount=type=cache,target=/root/.cache/uv \
uv pip install torch torchvision torchaudio --index-url https://download.pytorch.org/whl/cpu
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why do we need to install these libraries separately? Isn't the requirements.txt file in the ComfyUI root directory sufficient?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

requirements.txt is not enough in case of GPU optimized versions pytorch as it ships different builds using different indexes.

See https://docs.astral.sh/uv/guides/integration/pytorch/


# Install the required Python packages for ComfyUI
RUN --mount=type=cache,target=/root/.cache/uv \
uv pip install -r requirements.txt
Comment on lines +49 to +50
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Verify package integrity during installation.

Add hash verification for better security:

 RUN --mount=type=cache,target=/root/.cache/uv \
-    uv pip install -r requirements.txt
+    uv pip install -r requirements.txt --require-hashes

Generate requirements with hashes using:

uv pip freeze --all --require-hashes > requirements.txt


# Clones the ComfyUI Manager repository and checks out the latest release
# edit gitignore entries
RUN for l in custom_nodes user models web web_custom_versions; do sed -i "/$l/d" .gitignore ; done
# add more gitignore entries
RUN <<EOF cat >> .gitignore
user/*.log
user/default/ComfyUI-Manager/cache/
user/default/ComfyUI-Manager/channels.list
EOF

RUN git submodule add $COMFYUI_MANAGER_REPO custom_nodes/ComfyUI-Manager \
&& cd custom_nodes/ComfyUI-Manager \
&& git checkout tags/$COMFYUI_MANAGER_VERSION
# edit gitignore entries - see https://github.com/ltdrdata/ComfyUI-Manager/blob/main/.gitignore
RUN for l in config.ini code-workspace snapshots startup-scripts pip_overrides openart_key matrix_auth youml comfyworkflows_sharekey; \
do sed -i "/$l/d" custom_nodes/ComfyUI-Manager/.gitignore ; done
# add more gitignore entries
RUN --mount=type=cache,target=/root/.cache/uv \
uv pip install -r custom_nodes/ComfyUI-Manager/requirements.txt

# Creating ComfyUI Manager config file
RUN mkdir -p user/default/ComfyUI-Manager
RUN <<EOF cat >> user/default/ComfyUI-Manager/config.ini
[default]
preview_method = auto
file_logging = False
security_level = weak
skip_migration_check = True
model_download_by_agent = False
EOF
marchuk-vlad marked this conversation as resolved.
Show resolved Hide resolved
tinovyatkin marked this conversation as resolved.
Show resolved Hide resolved

# commit current state so we can trace changes
RUN git add . && git commit -m "chore: initial setup" && git checkout -b container/dev

# Expose the port the ComfyUI runs on
EXPOSE 8188

# Add a healthcheck to ensure the service is running
HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
CMD curl -f http://localhost:8188/ || exit 1

# On startup, ComfyUI is started at its default port; the IP address is changed from localhost to 0.0.0.0, because Docker is only forwarding traffic
# to the IP address it assigns to the container, which is unknown at build time; listening to 0.0.0.0 means that ComfyUI listens to all incoming
# traffic; the auto-launch feature is disabled, because we do not want (nor is it possible) to open a browser window in a Docker container
CMD [".venv/bin/python", "main.py", "--listen", "0.0.0.0", "--port", "8188", "--disable-auto-launch", "--cpu", "--cpu-vae"]
Loading