Release 2026-05-23.1

[jammsen]

Features:

• Added the function to run a custom script, that the user can place at /palworld/custom-script - Off by default, completely opt-in and added a very explicit PSA in the README.md for it by @jammsen for @Jadiction ([Feature Request] The ability to allow advanced custom scripts #273)
• Made envsubst integration complete and useful, added strtolower checks, removed obsolete moreutils package from PR, removed trailing spaces, added more error-fallbacks in config.sh around the envsubst integration - by @jammsen (idea by @codebam) (use envsubst instead of sed #311)

General:

• gosu from 1.17 to 1.19 and supercronic from 0.2.34 to 0.2.45 - by @jammsen ([Feature Request] Patchmanagement of tools #312)
• Updated docker-image pinning and github-actions versions by @jammsen ([Feature Request] Patchmanagement of tools #312)
• Refactored from docker-compose.yml to new standard compose.yml including gitignore by @jammsen ([Feature Request] Patchmanagement of tools #312)
• Implemented finally a version of auto-updating the compose.yml @jahusa02 (ci: add github action to paste docker-compose.yml in readme #188)

Summary by CodeRabbit

• New Features

  • Added opt-in custom script execution feature with security safeguards
  • Implemented automated README updates for Compose configuration

• Chores

  • Updated base container images and key dependencies (gosu, supercronic)
  • Migrated from docker-compose.yml to standardized compose.yml
  • Upgraded GitHub Actions versions for improved CI/CD reliability
  • Enhanced environment variable handling for better consistency

• Documentation

  • Added Docker Compose examples and custom script usage guidelines
  • Updated configuration documentation with new feature details

[coderabbitai]

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 74a67d76-cd6d-4958-b6d7-dc292872f326

📥 Commits

Reviewing files that changed from the base of the PR and between 75084f6 and 1516757.

📒 Files selected for processing (25)

• .github/actions/unittest-on-build/action.yml
• .github/dependabot.yml
• .github/workflows/auto-merge-master-to-develop.yml
• .github/workflows/docker-build-and-push-develop.yml
• .github/workflows/docker-build-and-push-prod.yml
• .github/workflows/unittest-on-pr.yml
• .github/workflows/update-readme.yml
• .gitignore
• CHANGELOG.md
• Dockerfile
• README.md
• compose.yml
• configs/PalWorldSettings.ini.template
• configs/rcon.yaml
• default.env
• docker-build.sh
• docs/ENV_VARS.md
• gosu-amd64
• includes/config.sh
• includes/playerdetection.sh
• includes/server.sh
• scripts/backupmanager.sh
• scripts/rconcli.sh
• scripts/restart.sh
• scripts/servermanager.sh

---

📝 Walkthrough

Walkthrough

This PR introduces three major functional areas: an opt-in custom script execution feature with security validation; refactoring of configuration template generation from sed-based marker substitution to envsubst-driven variable expansion; and standardized case-insensitive boolean environment variable handling across all scripts. It also upgrades base images, GitHub Actions workflows, adds Dependabot automation, and migrates from docker-compose.yml to the standardized compose.yml format.

Changes

Core Feature and Infrastructure Updates

Layer / File(s)	Summary
Base Images, Dependencies, and Custom Script Environment Variables Dockerfile, default.env	Go builder updated to 1.26.3-bookworm, steamcmd base digest-pinned, supercronic and gosu versions updated, gettext-base package added for template expansion, and CUSTOM_SCRIPT_* environment variables introduced.
Custom Script Execution Feature includes/server.sh, docs/ENV_VARS.md, README.md	New check_and_run_custom_script() function enforces path security (absolute, no .., regular file), executes custom scripts before server startup, integrated into start_server() with case-insensitive *_ENABLED checks, and documented with security caution notices.
Configuration Template Refactoring includes/config.sh, configs/PalWorldSettings.ini.template, configs/rcon.yaml	PalWorldSettings.ini and rcon.yaml generation switches from sed marker-by-marker substitution to envsubst-driven expansion with stricter validation, atomic temp-file-based replacement, and expanded variable coverage for server configuration settings.
Case-Insensitive Boolean Environment Variables includes/playerdetection.sh, includes/server.sh, scripts/backupmanager.sh, scripts/rconcli.sh, scripts/restart.sh, scripts/servermanager.sh	All boolean environment variable checks (RCON_ENABLED, WEBHOOK_ENABLED, CUSTOM_SCRIPT_ENABLED, STEAMCMD_VALIDATE_FILES, LOCAL_BACKUP_*) now use lowercased comparisons via ${VAR,,} syntax, making them case-insensitive across all scripts.
GitHub Actions Workflow Version Upgrades .github/workflows/*, .github/actions/unittest-on-build/action.yml	actions/checkout v4→v6, docker/setup-qemu-action v3→v4, docker/setup-buildx-action v3→v4, docker/metadata-action v5→v6, docker/build-push-action v5→v7, docker/login-action v3→v4, peter-evans/dockerhub-description v4→v5; additional runner diagnostics added to unittest workflows.
Dependabot Configuration, README Auto-Update, and Compose Migration .github/dependabot.yml, .github/workflows/update-readme.yml, compose.yml, .gitignore, docker-build.sh, README.md	Added Dependabot v2 config for weekly Docker and GitHub Actions updates, new workflow to auto-embed compose.yml in README, migrated to standardized compose.yml format, updated build script with --no-cache and --progress plain flags.
Release Notes CHANGELOG.md	Documented 2026-05-23 release including dependency upgrades, image pinning updates, compose.yml migration, auto-update mechanism, and custom script opt-in feature.

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly Related PRs

• jammsen/docker-palworld-dedicated-server#311: Both PRs refactor includes/config.sh to replace sed-based placeholder substitutions with envsubst-driven template variable expansion for generating PalWorldSettings.ini and rcon.yaml, including SERVER_NAME randomization behavior changes.

🐰 A rabbit's ode to your code upgrade so fine,
Custom scripts now run, with security in line,
Templates dance graceful with ${VAR} delight,
Case-insensitive booleans shining bright,
From sed's old ways to envsubst's new gleam, ✨

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch develop

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[jammsen]

@coderabbitai What setting to i have to setup for the .coderabbit.yaml to cover pull-request from develop to main, when develop is the default branch?

[coderabbitai]

Tip

For best results, initiate chat on the files or code changes.

@jammsen Great question! Since develop is your default branch, CodeRabbit automatically reviews PRs that target develop. However, for PRs targeting main (which is not the default branch), you need to explicitly configure it.

The base_branches setting covers base branches other than the default branch and accepts regex patterns. The default branch is always included — base_branches extends the set of reviewed branches; it does not replace the default branch.

So you just need to add main to base_branches in your .coderabbit.yaml:

reviews:
  auto_review:
    enabled: true
    base_branches:
      - "main"

This tells CodeRabbit to also review PRs whose target/base branch is main — which covers your develop → main release PRs.

Important: CodeRabbit reads configuration from the default branch, not from the PR branch. So make sure your .coderabbit.yaml with this setting is committed to your develop branch (your default), and it will take effect on the next PR.

[jammsen]

@coderabbitai full review

[coderabbitai]

✅ Actions performed

Full review triggered.