Use uv pip for workspace dependency installs

[kairin]

Summary

Use comfy-cli's own uv dependency for default workspace dependency installs, while still targeting the selected ComfyUI workspace Python explicitly.

This updates the normal comfy install / comfy update dependency paths to run uv's pip-compatible installer as:

<comfy-cli-python> -m uv pip install --python <workspace-python> ...

instead of requiring the workspace environment itself to provide python -m pip.

Why

uv-created virtual environments can legitimately omit pip. In that setup, a ComfyUI workspace can have a valid Python interpreter but comfy update fails during dependency restore with:

/path/to/ComfyUI/.venv/bin/python: No module named pip

I hit this while trying to keep a ComfyUI install fully uv-managed. After routing the same install/update calls through uv while targeting the workspace interpreter, the flow completed normally and quickly. The dependency step produced uv output such as Resolved, Prepared, and Installed, and comfy install --restore also installed ComfyUI-Manager successfully.

This keeps the default install/update path aligned with the existing uv support advertised by comfy-cli, rather than requiring users to manually repair pip or use a separate restore workaround.

Benefits

• Works with uv-created workspace virtual environments that do not have pip installed.
• Keeps default comfy install, comfy install --restore, and comfy update aligned with uv-backed dependency management.
• Reuses uv's resolver/cache/linking behavior, so warm-cache restores and updates can complete much faster.
• Still falls back to python -m pip if uv is unavailable.

Changes

• Add a shared uv-backed pip-install helper that targets the workspace Python with --python.
• Use that helper for core ComfyUI requirements, PyTorch package installs, ComfyUI-Manager requirements, and comfy update.
• Preserve pip-like multi-index behavior for --extra-index-url installs by adding uv's --index-strategy unsafe-best-match.
• Keep a fallback to python -m pip if uv is unavailable.
• Use uv to bootstrap both pip and uv into the target environment for fast-deps compatibility with remaining pip-based paths.
• Document why uv-backed installs matter for uv-created workspace virtual environments.

Validation

• git diff --check
• python3 -m py_compile comfy_cli/uv.py comfy_cli/command/install.py comfy_cli/cmdline.py
• GitHub checks on draft PR:
  • Socket Security: Pull Request Alerts passed.
  • CodeRabbit passed/skipped review.
  • Socket Security: Project Report was pending when last checked.
• Codacy local analysis:
  • Repository had no committed .codacy/codacy.config.json, so local analysis first required generated config.
  • Generated config enabled Ruff, Bandit, and PyLint against existing repo config.
  • Ruff found 0 issues on changed files.
  • Bandit/PyLint reported broad existing-file findings because the generated config scanned whole changed files rather than clean introduced-line findings; I did not commit the generated local config because it included local absolute paths.
• Codacy Cloud:
  • codacy pull-request gh Comfy-Org comfy-cli 471 returned Not Found with the available token.
  • Codacy UI reports main is not protected by Codacy checks. That requires Comfy-Org repository admin configuration; this PR cannot enforce upstream branch protection by itself.

Targeted pytest was prepared but not completed locally because the sandbox could not resolve PyPI while building the test environment before network escalation was approved.

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.

---

Codex seems not to be a GitHub user. You need a GitHub account to be able to sign the CLA. If you have already a GitHub account, please add the email address used for this commit to your account.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[coderabbitai]

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: d3ffc1ea-c592-4d41-ad76-40c33cf39ba0

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

✨ Simplify code

• Create PR with simplified code

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}