apt-get install unattended-upgrades

vi /etc/apt/apt.conf.d/50unattended-upgrades
#uncomment the desired origin. For only security updates, comment out everything else
Unattended-Upgrade::Origins-Pattern {
      "o=Debian,n=stretch";
      "o=Debian,n=stretch-updates";
      "o=Debian,n=stretch-proposed-updates";
      "o=Debian,n=stretch,l=Debian-Security";
};

#blacklist packages as required (mysql-server,mysql-client,apache,php etc)
Unattended-Upgrade::Package-Blacklist {
	"mysql-server*";
	"mysql-common*";
	"default-mysql-server";
	"php7.0-*";
	"apache2*";
	"blink";
	"python-sipsimple";
};

#Don't force updates
Unattended-Upgrade::AutoFixInterruptedDpkg "false";


#set mail to whoever should receive it and make sure bsd-mailx or sendmail 
#is installed and able to send mails
Unattended-Upgrade::Mail "root";

#configure reboot if desired.
Unattended-Upgrade::Automatic-Reboot "false";

to enable the automatic updates:

vi /etc/apt/apt.conf.d/20auto-upgrades
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "3";
APT::Periodic::Unattended-Upgrade "1";

To increase the frequency from daily to every 4 hours, this can be entered into cron.d. This will override the time period configured in /etc/apt/apt.conf.d (note, in Ubuntu systems the timer daily cron timer is triggered via the systemd apt-daily.timer:

vi /etc/cron.d/unattended-upgrade 
0 */4 * * * root sleep $(( $RANDOM \% 14400 ));PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin unattended-upgrade

To include additional repositories, the origin and suite (archive) names need to be identified first:

grep "Origin:" /var/lib/apt/lists/*Release
/var/lib/apt/lists/gb.archive.ubuntu.com_ubuntu_dists_bionic-backports_InRelease:Origin: Ubuntu
/var/lib/apt/lists/gb.archive.ubuntu.com_ubuntu_dists_bionic_InRelease:Origin: Ubuntu
/var/lib/apt/lists/gb.archive.ubuntu.com_ubuntu_dists_bionic-updates_InRelease:Origin: Ubuntu
/var/lib/apt/lists/ppa.launchpad.net_team-xbmc_xbmc-nightly_ubuntu_dists_bionic_InRelease:Origin: LP-PPA-team-xbmc-xbmc-nightly
/var/lib/apt/lists/security.ubuntu.com_ubuntu_dists_bionic-security_InRelease:Origin: Ubuntu

grep "Suite:" /var/lib/apt/lists/*Release
/var/lib/apt/lists/gb.archive.ubuntu.com_ubuntu_dists_bionic-backports_InRelease:Suite: bionic-backports
/var/lib/apt/lists/gb.archive.ubuntu.com_ubuntu_dists_bionic_InRelease:Suite: bionic
/var/lib/apt/lists/gb.archive.ubuntu.com_ubuntu_dists_bionic-updates_InRelease:Suite: bionic-updates
/var/lib/apt/lists/ppa.launchpad.net_team-xbmc_xbmc-nightly_ubuntu_dists_bionic_InRelease:Suite: bionic
/var/lib/apt/lists/security.ubuntu.com_ubuntu_dists_bionic-security_InRelease:Suite: bionic-security

These details are needed to edit the 50unattended-upgrades file and add the lines using this format “<origin>:<archive>”; of for this examples sake “Google\, Inc.:stable”;.
Example for Kodi on ubuntu:

        //Kodi Nightly
        "LP-PPA-team-xbmc-xbmc-nightly:${distro_codename}";

Test the configuration using:

sudo unattended-upgrades --dry-run

tail /var/log/unattended-upgrades/unattended-upgrades.log

To allow unattended upgrades for all packages, use:

Unattended-Upgrade::Origins-Pattern {
        "site=*";
};