refactor: Support running Docker container as root or non-root user

This commit introduces flexibility in the Docker setup by allowing the container to run either as the `root` user or a specified non-root user. It updates both the `docker-compose.yml` and `Dockerfile` to include environment variables for setting the user ID, group ID, username, and group name. Additionally, it modifies the entrypoint script to handle these configurations appropriately, ensuring compatibility with different user setups.

docker-compose.yml

@@ -45,6 +45,10 @@ services:
     image: sd-comfy:7
     environment:
       - CLI_ARGS=
+      - USE_UID=0
+      - USE_GID=0
+      - USE_USER=root
+      - USE_GROUP=root
 
 
   comfy-cpu:

services/comfy/Dockerfile

@@ -1,9 +1,13 @@
-FROM pytorch/pytorch:2.3.1-cuda12.1-cudnn8-runtime
+FROM pytorch/pytorch:2.5.1-cuda12.4-cudnn9-runtime
 
 # Limited system user UID
 ARG USE_UID=991
 # Limited system user GID
 ARG USE_GID=991
+# System user name
+ARG USE_USER=app
+# System group name
+ARG USE_GROUP=app
 # Latest tag or bleeding edge commit
 ARG USE_EDGE=false
 # ComfyUI-GGUF
@@ -21,20 +25,35 @@ ARG USE_INPAINT=false
 # comfyui-tooling-nodes
 ARG USE_TOOLING=false
 
+# Support both root and non-root
+RUN if [ ${USE_UID} -eq 0 ]; then SET_USER=root; else SET_USER=${USE_USER}; fi
+RUN if [ ${USE_GID} -eq 0 ]; then SET_GROUP=root; else SET_GROUP=${USE_GROUP}; fi
+ENV USE_USER=${SET_USER}
+ENV USE_GROUP=${SET_GROUP}
+
 ENV DEBIAN_FRONTEND=noninteractive PIP_PREFER_BINARY=1 USE_EDGE=$USE_EDGE
 ENV USE_GGUF=$USE_GGUF USE_XFLUX=$USE_XFLUX ROOT=/stable-diffusion
-ENV CACHE=/home/app/.cache USE_CNAUX=$USE_CNAUX USE_KRITA=$USE_KRITA
+ENV CACHE=/home/${USE_USER}/.cache USE_CNAUX=$USE_CNAUX USE_KRITA=$USE_KRITA
 ENV USE_IPAPLUS=$USE_IPAPLUS USE_INPAINT=$USE_INPAINT USE_TOOLING=$USE_TOOLING
 
 # User/Group
-RUN groupadd -r app -g ${USE_GID} && useradd --no-log-init -m -r -g app app -u ${USE_UID} && \
+RUN if [ ${USE_GID} -ne 0 ]; then \
+    groupadd -r ${USE_GROUP} -g ${USE_GID}; \
+  fi; \
+  if [ ${USE_GID} -ne 0 ]; then \
+    useradd --no-log-init -m -r -g ${USE_GROUP} ${USE_USER} -u ${USE_UID}; \
+  fi; \
   mkdir -p ${ROOT} && chown ${USE_UID}:${USE_GID} ${ROOT} && mkdir -p ${CACHE}/pip && chown -R ${USE_UID}:${USE_GID} ${CACHE}
 RUN --mount=type=cache,uid=${USE_UID},gid=${USE_GID},target=${CACHE} chown -R ${USE_UID}:${USE_UID} ${CACHE}
 
-RUN apt-get update && apt-get install -y git && (if [ "${USE_XFLUX}" = "true" ] || [ "${USE_KRITA}" = "true" ] || [ "${USE_CNAUX}" = "true" ]; then apt-get install -y libgl1-mesa-glx python3-opencv; fi) && apt-get clean
+RUN apt-get update && apt-get install -y git
+RUN if [ "${USE_XFLUX}" = "true" ] || [ "${USE_KRITA}" = "true" ] || [ "${USE_CNAUX}" = "true" ]; then \
+    apt-get install -y libgl1-mesa-glx python3-opencv; \
+  fi
+RUN apt-get clean
 
-USER app:app
-ENV PATH="${PATH}:/home/app/.local/bin"
+USER ${USE_USER}:${USE_GROUP}
+ENV PATH="${PATH}:/home/${USE_USER}/.local/bin"
 
 RUN --mount=type=cache,uid=${USE_UID},gid=${USE_GID},target=${CACHE} pip --cache-dir=${CACHE}/pip install -U pip
 

services/comfy/entrypoint.sh

@@ -26,7 +26,7 @@ done
 
 if [ "${USE_KRITA}" = "true" ]; then
   if [ "${KRITA_DOWNLOAD_MODELS:-false}" = "true" ]; then
-    cd "${ROOT}/krita-ai-diffusion/scripts" && python download_models.py --recommended /data && cd ..
+    cd "${ROOT}/krita-ai-diffusion/scripts" && python download_models.py --verbose --retry-attempts 10 --continue-on-error --recommended /data && cd ..
   fi
   [ -d "${ROOT}/models/upscale_models" ] && mv -v "${ROOT}/models/upscale_models" "${ROOT}/models/upscale_models.stock"
   if [ ! -L "${ROOT}/models/upscale_models" ]; then
@@ -42,12 +42,12 @@ if [ "${USE_XFLUX}" = "true" ]; then
   [ ! -e "${CUSTOM_NODES}/x-flux-comfyui" ] && mv "${ROOT}/x-flux-comfyui" "${CUSTOM_NODES}"/
   [ ! -e "/data/models/clip_vision" ] && mkdir -p /data/models/clip_vision
   [ ! -e "/data/models/clip_vision/model.safetensors" ] && cd /data/models/clip_vision && \
-    python -c 'import sys; from urllib.request import urlopen; from pathlib import Path; Path(sys.argv[2]).write_bytes(urlopen("".join([sys.argv[1],sys.argv[2]])).read())' \
-    "https://huggingface.co/openai/clip-vit-large-patch14/resolve/main/" "model.safetensors"
+    python -c 'import sys; from urllib.request import urlopen; from pathlib import Path; Path(sys.argv[2]).write_bytes(urlopen(sys.argv[1]).read())' \
+      "https://huggingface.co/openai/clip-vit-large-patch14/resolve/main/model.safetensors" "model.safetensors"
   [ ! -e "/data/models/xlabs" ] && mkdir -p /data/models/xlabs/{ipadapters,loras,controlnets}
   [ ! -e "/data/models/xlabs/ipadapters/flux-ip-adapter.safetensors" ] && cd /data/models/xlabs/ipadapters && \
-    python -c 'import sys; from urllib.request import urlopen; from pathlib import Path; Path(sys.argv[2]).write_bytes(urlopen("".join([sys.argv[1],sys.argv[2]])).read())' \
-    "https://huggingface.co/XLabs-AI/flux-ip-adapter/resolve/main/" "flux-ip-adapter.safetensors"
+    python -c 'import sys; from urllib.request import urlopen; from pathlib import Path; Path(sys.argv[2]).write_bytes(urlopen(sys.argv[1]).read())' \
+      "https://huggingface.co/XLabs-AI/flux-ip-adapter/resolve/main/ip_adapter.safetensors" "flux-ip-adapter.safetensors"
   [ -d "${ROOT}/models/xlabs" ] && rm -rf "${ROOT}/models/xlabs"
   [ ! -e "${ROOT}/models/xlabs" ] && cd "${ROOT}/models" && ln -sT /data/models/xlabs xlabs && cd ..
 fi