Have the nightly build

[yifanfu]

👉 Describe the problem

We can consider to have nightly build for the image to reduce the CVEs. I have evaluated the nginx unit variant and realised we have 1 high severity CVE as shown below:

$ docker scout cves ghcr.io/serversideup/php:8.3-unit
    i New version 1.13.0 available (installed version is 1.10.0) at https://github.com/docker/scout-cli
          ✓ SBOM of image already cached, 249 packages indexed
    ✗ Detected 26 vulnerable packages with a total of 45 vulnerabilities


## Overview

                    │           Analyzed Image
────────────────────┼──────────────────────────────────────
  Target            │  ghcr.io/serversideup/php:8.3-unit
    digest          │  e610e17c3efc
    platform        │ linux/arm64
    vulnerabilities │    0C     1H     2M    40L     2?
    size            │ 206 MB
    packages        │ 249


## Packages and Vulnerabilities

   0C     1H     0M     0L  postgresql-15 15.7-0+deb12u1
pkg:deb/debian/postgresql-15@15.7-0%2Bdeb12u1?os_distro=bookworm&os_name=debian&os_version=12

    ✗ HIGH CVE-2024-7348
      https://scout.docker.com/v/CVE-2024-7348
      Affected range : <15.8-0+deb12u1
      Fixed version  : 15.8-0+deb12u1

👥 Problem evidence & reach

I guess whoever cares about security would be affected. Evidence shown above.

🏆 How to solve this problem

1. Have nightly build in the github actions should massively help of solving this issue.
2. Have the trusted scanning tool to scan the container image after the image been built.

🥰 Describe the "impact" on users?

CVEs (espacially critical and high ones) would cause some security issue to customer and potentially lead to be hacked.

💯 How do we validate the problem is solved?

Using some scanning tools like docker scout or trivy to scan the CVEs after the image been built. Fail the pipeline if critical or high CVE been detected.