fix(update-apps): dry-run uses check_for_gh_release args, not Source header

The # Source: header can point to a different repo than what
check_for_gh_release actually queries (e.g. RustDesk uses
lejianwen fork, not official rustdesk repo).

Now parse both app name and source repo directly from the
check_for_gh_release call in the ct script:
  check_for_gh_release "appname" "owner/repo"

Also fix $HOME/.appname path expansion in pct exec context.

ct/pelican-panel.sh

@@ -46,7 +46,6 @@ function update_script() {
     msg_ok "Stopped Service"
 
     cp -a /opt/pelican-panel/.env /opt/backup
-    mkdir -p /opt/backup/storage/app/
     cp -a /opt/pelican-panel/storage/app/public /opt/backup/storage/app/
     
     SQLITE_INSTALL=$(ls /opt/pelican-panel/database/*.sqlite 1>/dev/null 2>&1 && echo "true" || echo "false")

tools/pve/update-apps.sh

@@ -42,6 +42,17 @@ var_skip_confirm="${var_skip_confirm:-no}"
 #   Options: "yes" | "no" | "" (empty = interactive prompt)
 var_auto_reboot="${var_auto_reboot:-}"
 
+# var_continue_on_error: Continue updating remaining containers if one update fails
+#   Options: "yes" | "no" (default: no = stop on first error)
+#   Note: containers with backups always attempt restore on failure regardless of this setting
+var_continue_on_error="${var_continue_on_error:-no}"
+
+# var_dry_run: Check for available updates without applying them
+#   Options: "yes" | "no" (default: no)
+#   Output: lists each container with current vs. latest version
+#   Note: requires the container to be running; does not modify any container
+var_dry_run="${var_dry_run:-no}"
+
 # var_tags: Optionally override the tags used for auto-detection
 #   Options: "community-script|proxmox-helper-scripts" (default)
 var_tags="${var_tags:-community-script|proxmox-helper-scripts}"
@@ -59,6 +70,8 @@ function export_config_json() {
   "var_unattended": "${var_unattended}",
   "var_skip_confirm": "${var_skip_confirm}",
   "var_auto_reboot": "${var_auto_reboot}",
+  "var_continue_on_error": "${var_continue_on_error}",
+  "var_dry_run": "${var_dry_run}",
   "var_tags": "${var_tags}"
 }
 EOF
@@ -78,10 +91,12 @@ Environment Variables:
   var_backup          Enable backup before update (yes/no)
   var_backup_storage  Storage location for backups
   var_container       Container selection (all/all_running/all_stopped/101,102,...)
-  var_unattended      Run updates unattended (yes/no)
-  var_skip_confirm    Skip initial confirmation (yes/no)
-  var_auto_reboot     Auto-reboot containers if required (yes/no)
-  var_tags            Optionally override auto-detection tags ("prod|smb|community-script")
+  var_unattended         Run updates unattended (yes/no)
+  var_skip_confirm       Skip initial confirmation (yes/no)
+  var_auto_reboot        Auto-reboot containers if required (yes/no)
+  var_continue_on_error  Continue to next container on update failure (yes/no)
+  var_dry_run            Check for updates without applying them (yes/no)
+  var_tags               Optionally override auto-detection tags ("prod|smb|community-script")
 
 Examples:
   # Run interactively
@@ -93,6 +108,12 @@ Examples:
   # Update specific containers without backup
   var_backup=no var_container=101,102,105 var_unattended=yes var_skip_confirm=yes $(basename "$0")
 
+  # Unattended cron-style: skip confirm, continue on error, no backup
+  var_backup=no var_container=all_running var_unattended=yes var_skip_confirm=yes var_continue_on_error=yes $(basename "$0")
+
+  # Dry-run: show available updates for all running containers without applying
+  var_container=all_running var_skip_confirm=yes var_dry_run=yes $(basename "$0")
+
   # Export current configuration
   $(basename "$0") --export-config
 EOF
@@ -131,6 +152,56 @@ function detect_service() {
   popd >/dev/null
 }
 
+function dry_run_container() {
+  local container="$1"
+  local service="$2"
+
+  # Extract app name and source repo directly from check_for_gh_release call in the ct script
+  # Pattern: check_for_gh_release "appname" "owner/repo"
+  local check_line app_name app_lc source_repo
+  check_line=$(echo "$script" | grep -m1 'check_for_gh_release')
+
+  if [[ -z "$check_line" ]]; then
+    echo -e "${YW}[DRY-RUN]${CL} Container $container ($service): no check_for_gh_release found — skipping"
+    return
+  fi
+
+  app_name=$(echo "$check_line" | cut -d'"' -f2)
+  source_repo=$(echo "$check_line" | cut -d'"' -f4)
+  app_lc=$(echo "${app_name,,}" | tr -d ' ')
+
+  if [[ -z "$source_repo" || "$source_repo" != *"/"* ]]; then
+    echo -e "${YW}[DRY-RUN]${CL} Container $container ($service): cannot parse source repo — skipping"
+    return
+  fi
+
+  # Read installed version from container (stored by check_for_gh_release as ~/.<appname>)
+  local current_version
+  current_version=$(pct exec "$container" -- bash -c "cat \$HOME/.${app_lc} 2>/dev/null" 2>/dev/null || true)
+  current_version="${current_version#v}"
+
+  # Query latest release from GitHub API
+  local latest_version
+  latest_version=$(curl -sSL --max-time 10 \
+    -H 'Accept: application/vnd.github+json' \
+    -H 'X-GitHub-Api-Version: 2022-11-28' \
+    "https://api.github.com/repos/${source_repo}/releases/latest" 2>/dev/null \
+    | grep '"tag_name"' | head -1 | cut -d'"' -f4 | sed 's/^v//')
+
+  if [[ -z "$latest_version" ]]; then
+    echo -e "${YW}[DRY-RUN]${CL} Container $container ($service): cannot fetch latest version from $source_repo"
+    return
+  fi
+
+  if [[ -z "$current_version" ]]; then
+    echo -e "${BL}[DRY-RUN]${CL} Container $container ($service): installed version unknown, latest: ${latest_version} (${source_repo})"
+  elif [[ "$current_version" == "$latest_version" ]]; then
+    echo -e "${GN}[DRY-RUN]${CL} Container $container ($service): up to date (${current_version})"
+  else
+    echo -e "${YW}[DRY-RUN]${CL} Container $container ($service): update available ${current_version} → ${latest_version}"
+  fi
+}
+
 function backup_container() {
   msg_info "Creating backup for container $1"
   vzdump $1 --compress zstd --storage $STORAGE_CHOICE -notes-template "{{guestname}} - community-scripts backup updater" >/dev/null 2>&1
@@ -391,17 +462,23 @@ for container in $CHOICE; do
   fi
 
   #3) if build resources are different than run resources, then:
-  if [ "$UPDATE_BUILD_RESOURCES" -eq "1" ]; then
+  if [ "$UPDATE_BUILD_RESOURCES" -eq "1" ] && [[ "$var_dry_run" != "yes" ]]; then
     pct set "$container" --cores "$build_cpu" --memory "$build_ram"
   fi
 
+  #3.5) Dry-run: report update availability without applying
+  if [[ "$var_dry_run" == "yes" ]]; then
+    dry_run_container "$container" "$service"
+    continue
+  fi
+
   #4) Update service, using the update command
   case "$os" in
-  alpine) pct exec "$container" -- ash -c "$UPDATE_CMD" ;;
-  archlinux) pct exec "$container" -- bash -c "$UPDATE_CMD" ;;
-  fedora | rocky | centos | alma) pct exec "$container" -- bash -c "$UPDATE_CMD" ;;
-  ubuntu | debian | devuan) pct exec "$container" -- bash -c "$UPDATE_CMD" ;;
-  opensuse) pct exec "$container" -- bash -c "$UPDATE_CMD" ;;
+  alpine) pct exec "$container" -- ash -c "export TERM=dumb;$UPDATE_CMD" ;;
+  archlinux) pct exec "$container" -- bash -c "export TERM=dumb;$UPDATE_CMD" ;;
+  fedora | rocky | centos | alma) pct exec "$container" -- bash -c "export TERM=dumb;$UPDATE_CMD" ;;
+  ubuntu | debian | devuan) pct exec "$container" -- bash -c "export TERM=dumb;$UPDATE_CMD" ;;
+  opensuse) pct exec "$container" -- bash -c "export TERM=dumb;$UPDATE_CMD" ;;
   esac
   exit_code=$?
 
@@ -446,8 +523,13 @@ for container in $CHOICE; do
       exit 235
     fi
   else
-    msg_error "Update failed for container $container. Exiting"
-    exit "$exit_code"
+    msg_error "Update failed for container $container (exit code: $exit_code)"
+    if [[ "$var_continue_on_error" == "yes" ]]; then
+      echo -e "${YW}[WARN]${CL} Continuing to next container (var_continue_on_error=yes)"
+      continue
+    else
+      exit "$exit_code"
+    fi
   fi
 done