apt-get update and apt-get upgrade in Chef

The Opscode "apt" cookbook's default recipe will run apt-get update to ensure that the package cache is updated. We recommend putting that early in your node's run list so later on packages can be installed with the correct versions.

We generally don't recommend that users use "apt-get upgrade" in a recipe, for a couple reasons.

1. apt-get may upgrade a package that has conflicting configuration or other issues that cannot be resolved without running the command again, or running other apt/dpkg commands manually.
2. Automated upgrades of all packages on the system can have unintended side effects on the running system (the edge cases are many and possibly thorny, so I can't cover them all).

Instead, use the "upgrade" action for packages that should always update to the latest version.

package "nginx" do
  action :upgrade
end

If you're reusing a cookbook that defines the cookbook, you can write a recipe that modifies the action of the existing resource, like this:

resources("package[nginx]").action(:upgrade)

The #resources method in a recipe will look up in the Resource Collection the specified resource (package nginx). Then sending the #action method with the argument :upgrade will tell Chef that the action should be to upgrade.

Edit Update: Do be careful when choosing packages that would be upgraded automatically in this way. An upstream change in a package can cause detrimental effects on the system. This is especially true if such a package does a restart of services it manages during the post installation scripts. Know your infrastructure, and if in doubt run your own package repository that has the critical packages you need for the application stack.