From 6f2c4af6b12096e462ca94474183f31c11a71376 Mon Sep 17 00:00:00 2001
From: Marcin <marcin.pastecki@inndei.com>
Date: Wed, 4 Feb 2026 21:50:42 +0100
Subject: [PATCH] fix(ci): add permissions and bump docker pipeline to v0.16.1

---
 .github/workflows/ci.yml | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index cbbf14ae..241580d8 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -24,11 +24,12 @@ jobs:
      gosec-args: "-no-fail ./..."
      
   docker_pipeline:
-    uses: babylonlabs-io/.github/.github/workflows/reusable_docker_pipeline.yml@5151754256060bf160c411d0784f831f29882106 # v0.13.4
-    secrets: inherit
     permissions:
-      security-events: write
-      packages: read
+      contents: read         # Required by reusable workflow
+      id-token: write        # Required for AWS OIDC
+      security-events: write # Required for Trivy SARIF uploads
+    uses: babylonlabs-io/.github/.github/workflows/reusable_docker_pipeline.yml@d2299e834fcbaca4bf2db043a2939798043d5951 # v0.16.1
+    secrets: inherit
     with:
       publish: false
       dockerfile: ./contrib/images/staking-api-service/Dockerfile