I’ll be the first to admit that this is pretty slow for continuous delivery, as the default configuration for unattended upgrades is daily. Adjust the cron configuration at your discretion.
- CI system which builds apt source packages and dputs them to a PPA.
- Machine instances configured with these PPA and with unattended-upgrade
The unattended-upgrades package, by default only installs security updates. We can configure it to install updates to packages in our PPA by adding the correct package origin to the config. We get the package origin from apt-cache policy.
$ apt-cache policy
500 http://ppa.launchpad.net/evarlast/experimental/ubuntu/ trusty/main amd64 Packages
release v=14.04,o=LP-PPA-evarlast-experimental,a=trusty,n=trusty,l=ex per ee m3nt4l,c=main
Extract that LP-PPA-evarlast-experimental from that output and add it to a new section in /etc/apt/apt.conf.d/50unattended-upgrades. If you want, use `cat >> /etc/apt/apt.conf.d/50unattended-upgrades`
Now when unattended-upgrades run, packages from that PPA are considered important enough that they will be installed.
The details for the configuration are in the README here: https://github.com/mvo5/unattended-upgrades