add Dockerfile : cuda 13

[JuanForge]

Added a Dockerfile based on CUDA 13 to optimize GPU performance.

The Dockerfile should allow the project to build and run correctly with CUDA support.

Tests performed and validated locally after build.

CUDA images: 13.0.3-cudnn-runtime-ubuntu22.04

• ComfyUI-Manager integrated by default for ease of use. *

[coderabbitai]

📝 Walkthrough

Walkthrough

This pull request introduces a new Dockerfile that creates a GPU-enabled container image based on the NVIDIA CUDA 13.0.3 runtime for Ubuntu 22.04. The image installs Python 3.12, sets up the /app working directory, and installs required system dependencies including git and OpenGL libraries. It clones the ComfyUI repository along with the ComfyUI-Manager plugin into the appropriate directories, then installs PyTorch packages optimized for CUDA 13.0, followed by Python dependencies from both the main project and the manager plugin's requirement files. The container exposes port 8188 and runs the ComfyUI application with flags enabling remote interface access and manager functionality.

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'add Dockerfile : cuda 13' directly and clearly describes the main change—adding a Dockerfile configured for CUDA 13 support.
Description check	✅ Passed	The description is directly related to the changeset, explaining the Dockerfile's purpose (GPU optimization with CUDA 13), base image details, testing, and ComfyUI-Manager integration.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@Dockerfile`:
- Around line 6-9: Consolidate the separate RUN lines (e.g., "RUN apt update",
"RUN apt install -y software-properties-common", "RUN add-apt-repository -y
ppa:deadsnakes/ppa", and subsequent apt lines) into single RUN chains using &&
so package index updates and installs occur in one layer; use apt-get -y update
&& apt-get install -y ... && apt-get clean && rm -rf /var/lib/apt/lists/* to
prevent stale indexes and reduce image layers, and apply the same consolidation
pattern to the other occurrences noted (the later RUN apt lines).
- Around line 19-21: Do not clone ComfyUI from GitHub in the Dockerfile; instead
copy the local build context into the image and remove the RUN git clone
https://github.com/comfyanonymous/ComfyUI.git . step so the image uses the PR's
code. Also stop cloning ComfyUI-Manager without a pinned revision: replace the
RUN git clone https://github.com/Comfy-Org/ComfyUI-Manager
./custom_nodes/ComfyUI-Manager command with a pinned checkout (use a specific
commit SHA or tag and --depth 1) or copy a vendored tarball into
./custom_nodes/ComfyUI-Manager to make builds reproducible. Ensure the
Dockerfile references the local copy location (the place you COPY into the
image) and that the repo path ./custom_nodes/ComfyUI-Manager is created before
use.
- Around line 1-31: Create and switch to a non-root user before CMD to avoid
running main.py as root: add steps to create a user/group (e.g., appuser), set
ownership of /app and any runtime directories (chown) and switch to that user
with a USER directive prior to the existing CMD; ensure any virtualenv/installed
files are readable by that user and that workdir permissions allow execution by
the created user (refer to the Dockerfile's WORKDIR, RUN chown/chmod actions,
and the final CMD invocation to locate where to apply the changes).

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 24f247e9-df37-409e-80a5-1954642afb7f

📥 Commits

Reviewing files that changed from the base of the PR and between b41ab53 and b7f7ca2.

📒 Files selected for processing (1)

• Dockerfile

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail
# Verify whether Dockerfile defines a non-root runtime user
rg -nP '^\s*USER\b' Dockerfile || true

Repository: Comfy-Org/ComfyUI

Length of output: 43

---

🏁 Script executed:

git log --oneline -n 1 -- Dockerfile

Repository: Comfy-Org/ComfyUI

Length of output: 113

---

🏁 Script executed:

git status Dockerfile

Repository: Comfy-Org/ComfyUI

Length of output: 126

---

🏁 Script executed:

git diff-index --name-status HEAD~1 -- Dockerfile

Repository: Comfy-Org/ComfyUI

Length of output: 91

---

🏁 Script executed:

git diff HEAD~1 -- Dockerfile | head -50

Repository: Comfy-Org/ComfyUI

Length of output: 89

---

🏁 Script executed:

git show master:Dockerfile 2>/dev/null | head -35 || echo "Dockerfile does not exist on master"

Repository: Comfy-Org/ComfyUI

Length of output: 43

---

🏁 Script executed:

git diff master -- Dockerfile | head -100

Repository: Comfy-Org/ComfyUI

Length of output: 1154

---

Run container as non-root user.

The Dockerfile runs main.py as root by default since no USER directive is set. Add a non-root user before the CMD instruction:

Suggested fix

 WORKDIR /app
+RUN useradd --create-home --uid 10001 comfy && chown -R comfy:comfy /app
...
+USER comfy
 CMD ["python3.12", "main.py", "--listen", "0.0.0.0", "--enable-manager"]

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	FROM docker.io/nvidia/cuda:13.0.3-cudnn-runtime-ubuntu22.04
	ENV PYTHONUNBUFFERED=1
	ENV DEBIAN_FRONTEND=noninteractive
	RUN apt update
	RUN apt install -y software-properties-common
	RUN add-apt-repository -y ppa:deadsnakes/ppa
	RUN apt update
	RUN apt install -y python3.12 python3.12-venv
	RUN python3.12 -m ensurepip --upgrade
	RUN python3.12 -m pip install --upgrade pip
	WORKDIR /app
	RUN apt install -y git libgl1 libglib2.0-0
	RUN git clone https://github.com/comfyanonymous/ComfyUI.git .
	RUN git clone https://github.com/Comfy-Org/ComfyUI-Manager ./custom_nodes/ComfyUI-Manager
	RUN python3.12 -m pip install torch torchvision torchaudio --extra-index-url https://download.pytorch.org/whl/cu130
	RUN python3.12 -m pip install --no-cache-dir -r requirements.txt
	RUN python3.12 -m pip install -r ./custom_nodes/ComfyUI-Manager/requirements.txt
	EXPOSE 8188
	CMD ["python3.12", "main.py", "--listen", "0.0.0.0", "--enable-manager"]
	FROM docker.io/nvidia/cuda:13.0.3-cudnn-runtime-ubuntu22.04
	ENV PYTHONUNBUFFERED=1
	ENV DEBIAN_FRONTEND=noninteractive
	RUN apt update
	RUN apt install -y software-properties-common
	RUN add-apt-repository -y ppa:deadsnakes/ppa
	RUN apt update
	RUN apt install -y python3.12 python3.12-venv
	RUN python3.12 -m ensurepip --upgrade
	RUN python3.12 -m pip install --upgrade pip
	WORKDIR /app
	RUN useradd --create-home --uid 10001 comfy && chown -R comfy:comfy /app
	RUN apt install -y git libgl1 libglib2.0-0
	RUN git clone https://github.com/comfyanonymous/ComfyUI.git .
	RUN git clone https://github.com/Comfy-Org/ComfyUI-Manager ./custom_nodes/ComfyUI-Manager
	RUN python3.12 -m pip install torch torchvision torchaudio --extra-index-url https://download.pytorch.org/whl/cu130
	RUN python3.12 -m pip install --no-cache-dir -r requirements.txt
	RUN python3.12 -m pip install -r ./custom_nodes/ComfyUI-Manager/requirements.txt
	EXPOSE 8188
	USER comfy
	CMD ["python3.12", "main.py", "--listen", "0.0.0.0", "--enable-manager"]

🧰 Tools

🪛 Trivy (0.69.3)

[error] 1-1: Image user should not be 'root'

Specify at least 1 USER command in Dockerfile with non-root user as argument

Rule: DS-0002

Learn more

(IaC/Dockerfile)

---

[error] 6-6: 'RUN update' instruction alone

The instruction 'RUN update' should always be followed by ' install' in the same RUN statement.

Rule: DS-0017

Learn more

(IaC/Dockerfile)

---

[error] 9-9: 'RUN update' instruction alone

The instruction 'RUN update' should always be followed by ' install' in the same RUN statement.

Rule: DS-0017

Learn more

(IaC/Dockerfile)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@Dockerfile` around lines 1 - 31, Create and switch to a non-root user before
CMD to avoid running main.py as root: add steps to create a user/group (e.g.,
appuser), set ownership of /app and any runtime directories (chown) and switch
to that user with a USER directive prior to the existing CMD; ensure any
virtualenv/installed files are readable by that user and that workdir
permissions allow execution by the created user (refer to the Dockerfile's
WORKDIR, RUN chown/chmod actions, and the final CMD invocation to locate where
to apply the changes).

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail
# Verify standalone apt update/install layering in Dockerfile
rg -nP '^\s*RUN\s+apt\s+update\s*$|^\s*RUN\s+apt\s+install\b' Dockerfile

Repository: Comfy-Org/ComfyUI

Length of output: 237

---

Consolidate APT operations into a single RUN layer to avoid cache fragility.

Lines 6–9 execute apt update and apt install as separate RUN commands. This creates cache layer inefficiencies and can lead to stale package indexes during rebuilds. Consolidate these into a single RUN chain with && operators and clean up apt lists at the end.

Proposed fix

-RUN apt update
-RUN apt install -y software-properties-common
-RUN add-apt-repository -y ppa:deadsnakes/ppa
-RUN apt update
-RUN apt install -y python3.12 python3.12-venv
+RUN apt update \
+ && apt install -y --no-install-recommends software-properties-common \
+ && add-apt-repository -y ppa:deadsnakes/ppa \
+ && apt update \
+ && apt install -y --no-install-recommends python3.12 python3.12-venv \
+ && rm -rf /var/lib/apt/lists/*

Also applies to: lines 11, 17

🧰 Tools

🪛 Trivy (0.69.3)

[error] 6-6: 'RUN update' instruction alone

The instruction 'RUN update' should always be followed by ' install' in the same RUN statement.

Rule: DS-0017

Learn more

(IaC/Dockerfile)

---

[error] 9-9: 'RUN update' instruction alone

The instruction 'RUN update' should always be followed by ' install' in the same RUN statement.

Rule: DS-0017

Learn more

(IaC/Dockerfile)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@Dockerfile` around lines 6 - 9, Consolidate the separate RUN lines (e.g.,
"RUN apt update", "RUN apt install -y software-properties-common", "RUN
add-apt-repository -y ppa:deadsnakes/ppa", and subsequent apt lines) into single
RUN chains using && so package index updates and installs occur in one layer;
use apt-get -y update && apt-get install -y ... && apt-get clean && rm -rf
/var/lib/apt/lists/* to prevent stale indexes and reduce image layers, and apply
the same consolidation pattern to the other occurrences noted (the later RUN apt
lines).

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail
# Verify remote source cloning and whether refs are pinned
rg -nP '^\s*RUN\s+git\s+clone\b|^\s*ARG\s+COMFYUI_MANAGER_REF|checkout' Dockerfile

Repository: Comfy-Org/ComfyUI

Length of output: 218

---

Use local context for ComfyUI and pin ComfyUI-Manager revision for reproducible builds.

Line 19 clones ComfyUI from GitHub instead of using the local build context, causing the image to potentially diverge from this PR's code. Line 21 clones the manager without pinning a commit or tag, resulting in non-reproducible builds.

Proposed fix

-RUN git clone https://github.com/comfyanonymous/ComfyUI.git .
+COPY . /app
 
-RUN git clone https://github.com/Comfy-Org/ComfyUI-Manager ./custom_nodes/ComfyUI-Manager
+ARG COMFYUI_MANAGER_REF=<pin-to-commit-sha>
+RUN git clone https://github.com/Comfy-Org/ComfyUI-Manager ./custom_nodes/ComfyUI-Manager \
+ && git -C ./custom_nodes/ComfyUI-Manager checkout "${COMFYUI_MANAGER_REF}"

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@Dockerfile` around lines 19 - 21, Do not clone ComfyUI from GitHub in the
Dockerfile; instead copy the local build context into the image and remove the
RUN git clone https://github.com/comfyanonymous/ComfyUI.git . step so the image
uses the PR's code. Also stop cloning ComfyUI-Manager without a pinned revision:
replace the RUN git clone https://github.com/Comfy-Org/ComfyUI-Manager
./custom_nodes/ComfyUI-Manager command with a pinned checkout (use a specific
commit SHA or tag and --depth 1) or copy a vendored tarball into
./custom_nodes/ComfyUI-Manager to make builds reproducible. Ensure the
Dockerfile references the local copy location (the place you COPY into the
image) and that the repo path ./custom_nodes/ComfyUI-Manager is created before
use.

[alexisrolland]

Packaging ComfyUI in Docker containers is a great idea, but there are many ways of doing this and many open source repositories offer various flavors of Docker images. We're happy to leave this in the hands of the community.