Added a CI/CD pipeline for building and publishing

lecode-official · lecode-official · commit 833ac6a995d0 · 2024-11-28T16:11:34.000+01:00
Created a GitHub Actions workflow, which builds the ComfyUI Docker image
and publishes it to the GitHub Container Registry. The workflow is
triggered when a tag is pushed, which occurs when a release is created.
The workflow automatically extracts information such as description,
version, and URL from the repository and uses it to tag and label the
Docker image. For this reason, the labels were removed from the
Dockerfile. The documentation in the read me was updated to reflect the
changes.
diff --git a/.github/workflows/build-and-publish.yml b/.github/workflows/build-and-publish.yml
@@ -0,0 +1,91 @@
+
+# A workflow, which builds the ComfyUI Docker image and publishes it to the GitHub Container Registry
+name: Create and publish a Docker image
+
+# Configures this workflow to run when a tag was pushed to the repository that matches the pattern "v[0-9]+.[0-9]+.[0-9]+", which is a semantic
+# versioning pattern; this token will be created when a new release is created; the release event cannot be used, because the docker/metadata-action
+# action does not support the release event
+on:
+  push:
+    tags:
+      - 'v[0-9]+.[0-9]+.[0-9]+'
+
+# Defines two custom environment variables for the host name of the registry (ghcr.io for the GitHub Container Registry) and the name of the image,
+# which is set to the name of the repository
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+
+# This workflow has a single job, which builds the Docker image and publishes it to the GitHub Container Registry
+jobs:
+
+  # The `build-and-publish` builds the Docker image, and publishes it to the GitHub Container Registry
+  build-and-publish:
+
+    # This job will run on an Ubuntu GitHub runner, which is a good default choice and it comes with Docker pre-installed
+    runs-on: ubuntu-latest
+
+    # Sets the permissions granted to the `GITHUB_TOKEN` for the actions in this job
+    permissions:
+      contents: read
+      packages: write
+      attestations: write
+      id-token: write
+
+    # This job 1) checks out the repository, 2) logs in to the GitHub Container Registry, 3) extracts metadata for the Docker image, 4) builds and
+    # pushes the Docker image, and 5) generates an artifact attestation for the image
+    steps:
+
+      # Checks out the repository so that the workflow can access the files in the repository
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      # Logs in to the GitHub Container Registry registry using the account of the user that triggered the workflow run and the GitHub token that is
+      # an automatically generated secret that is usually only used to access the repository (the permissions defined above allow the token to also
+      # publish Docker images to the GitHub Container Registry) that will publish the packages. Once published, the packages are scoped to the account defined here.
+      - name: Log in to the GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      # Extracts metadata from the Git repository and GitHub, which are then used to label and tag the Docker image that will be build in the next
+      # step; the "id" property specifies that the output of this step will be available in subsequent steps under the name "metadata"; tags for the
+      # SHA of the commit, the full semantic version extracted from the current tag (e.g., tag "v1.2.3" will be extracted as "1.2.3"), and the major
+      # and minor version extracted from the current version (e.g., tag "v1.2.3" will be extracted as "1.2"), as well as a "latest" tag are added;
+      # besides the hardcoded labels for the title and authors of the image, the GitHub description, GitHub license, GitHub revision, GitHub source
+      # URL, GitHub URL, and creation date and time are extracted as labels
+      - name: Extract Tags & Labels for Docker
+        id: metadata
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: |
+            type=sha
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+          labels: |
+            org.opencontainers.image.title=ComfyUI Docker
+            org.opencontainers.image.authors=David Neumann <david.neumann@lecode.de>
+
+      # Builds the Docker image for ComfyUI; if the build succeeds, it is pushed to the GitHub Container Registry; the "context" parameter specifies
+      # the build context, which is the directory that contains the Dockerfile; the tags and labels extracted in the previous step are used to tag
+      # and label the image
+      - name: Build and Push Docker Image
+        id: push
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          push: true
+          tags: ${{ steps.metadata.outputs.tags }}
+          labels: ${{ steps.metadata.outputs.labels }}
+
+      # Generates an artifact attestation for the image, which is an unforgeable statement about where and how it was built; it increases supply chain
+      # security for people who consume the image
+      - name: Generate Artifact Attestation
+        uses: actions/attest-build-provenance@v1
+        with:
+          subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}
+          subject-digest: ${{ steps.push.outputs.digest }}
+          push-to-registry: true
diff --git a/Dockerfile b/Dockerfile
@@ -2,18 +2,6 @@
 # This image is based on the latest official PyTorch image, because it already contains CUDA, CuDNN, and PyTorch
 FROM pytorch/pytorch:2.5.1-cuda12.4-cudnn9-runtime
 
-# Adds some metadata to the resulting Docker image via labels, the label names are standardized by the Open Container Initiative (OCI) in their Image
-# Specification Annotation
-LABEL org.opencontainers.image.authors="David Neumann <david.neumann@lecode.de>"
-LABEL org.opencontainers.image.url="https://github.com/lecode-official/comfyui-docker"
-LABEL org.opencontainers.image.documentation="https://github.com/lecode-official/comfyui-docker/tree/main/docs"
-LABEL org.opencontainers.image.source="https://github.com/lecode-official/comfyui-docker/tree/main"
-LABEL org.opencontainers.image.version="0.1.0"
-LABEL org.opencontainers.image.vendor="David Neumann"
-LABEL org.opencontainers.image.licenses="MIT"
-LABEL org.opencontainers.image.title="ComfyUI Docker"
-LABEL org.opencontainers.image.description="A Docker image running ComfyUI."
-
 # Installs Git, because ComfyUI and the ComfyUI Manager are installed by cloning their respective Git repositories
 RUN apt update --assume-yes && \
     apt install --assume-yes git
diff --git a/README.md b/README.md
@@ -8,32 +8,58 @@ To get started, you have to install [Docker](https://www.docker.com/). This can
 
 To enable the usage of NVIDIA GPUs, the NVIDIA Container Toolkit must be installed. The installation process is detailed in the [official documentation](https://docs.nvidia.com/datacenter/cloud-native/container-toolkit/latest/install-guide.html)
 
-## Building
+## Installation
 
-The image can be build using the following command:
+The ComfyUI Docker image is available from the [GitHub Container Registry](https://ghcr.io). Installing ComfyUI is as simple as pulling the image and starting a container, which can be achieved using the following command:
 
-```sh
-docker build --tag lecode/comfyui-docker:latest .
+```shell
+docker run \
+    --name comfyui \
+    --detach \
+    --restart unless-stopped \
+    --volume <path/to/models/folder>:/opt/comfyui/models \
+    --publish 8188:8188 \
+    --runtime nvidia \
+    --gpus all \
+    ghcr.io/lecode-official/comfyui-docker:latest
 ```
 
-## Running
+Please note, that the `<path/to/models/folder>` must be replaced with a path to a folder on the host system where the models will be stored, e.g., `$HOME/.comfyui`.
+
+The `--detach` flag causes the container to run in the background and `--restart unless-stopped` configures the Docker Engine to automatically restart the container if it stopped itself, experienced an error, or the computer was shutdown, unless you explicitly stopped the container using `docker stop`. This means that ComfyUI will be automatically started in the background when you boot your computer. The `--runtime nvidia` and `--gpus all` arguments enable ComfyUI to access the GPUs of your host system. If you do not want to expose all GPUs, you can specify the desired GPU index or ID instead.
+
+After the container has started, you can navigate to [localhost:8188](http://localhost:8188) to access ComfyUI.
 
-The built image can be run like so:
+If you want to stop ComfyUI, you can use the following commands:
 
-```sh
+```shell
+docker stop comfyui
+docker rm comfyui
+```
+
+## Building
+
+If you want to use the bleeding edge development version of the Docker image, you can also clone the repository and build the image yourself:
+
+```shell
+git clone https://github.com/lecode-official/comfyui-docker.git
+docker build --tag lecode/comfyui-docker:latest comfyui-docker
+```
+
+Now, a container can be started like so:
+
+```shell
 docker run \
     --name comfyui \
     --detach \
     --restart unless-stopped \
     --volume <path/to/models/folder>:/opt/comfyui/models \
     --publish 8188:8188 \
-    --runtime=nvidia \
+    --runtime nvidia \
     --gpus all \
     lecode/comfyui-docker:latest
 ```
 
-Please note, that the `<path/to/models/folder>` must be replaced with a path to a folder on the host system where the models will be stored, e.g., `$HOME/.comfyui`.
-
 ## License
 
 The ComfyUI Docker image is licensed under the [MIT License](LICENSE). [ComfyUI](https://github.com/comfyanonymous/ComfyUI/blob/master/LICENSE) and the [ComfyUI Manager](https://github.com/ltdrdata/ComfyUI-Manager/blob/main/LICENSE.txt) are both licensed under the GPL 3.0 license.
