diff --git a/actions/build-push-docker/action.yml b/actions/build-push-docker/action.yml
index 29b4ba44b..109ebf830 100644
--- a/actions/build-push-docker/action.yml
+++ b/actions/build-push-docker/action.yml
@@ -45,6 +45,13 @@ inputs:
       caching for the specific runner architecture.
     required: false
     default: "type=gha,timeout=10m,mode=max,ignore-error=true"
+  docker-build-cache-scope:
+    description: |
+      Custom scope for Docker build cache. If not set, defaults to runner.arch.
+      Useful for separating caches when multiple Dockerfiles build on the same
+      architecture (e.g. "core" vs "plugins").
+    required: false
+    default: ""
   docker-push:
     description: "Push the docker image. Build only (no push) if: false."
     required: false
@@ -211,14 +218,14 @@ runs:
 
     - name: Login to private ECR registries for base images
       if: ${{ steps.dockerfile-ecr-parse.outputs.needs-ecr-login == 'true' }}
-      uses: aws-actions/amazon-ecr-login@062b18b96a7aff071d4dc91bc00c4c1a7945b076 # v2.0.1
+      uses: aws-actions/amazon-ecr-login@183a1442edf41672e66566b7fc560e297a290896 # v2.1.1
       with:
         registries: ${{ steps.dockerfile-ecr-parse.outputs.ecr-registries }}
 
     - name: Login to ECR for publishing
       if: ${{ inputs.docker-push == 'true' }}
       id: login-ecr
-      uses: aws-actions/amazon-ecr-login@062b18b96a7aff071d4dc91bc00c4c1a7945b076 # v2.0.1
+      uses: aws-actions/amazon-ecr-login@183a1442edf41672e66566b7fc560e297a290896 # v2.1.1
       with:
         registry-type: >-
           ${{
@@ -229,14 +236,14 @@ runs:
         registries: ${{ inputs.aws-account-number }}
 
     - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca # v3.9.0
+      uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
       with:
         version: latest
 
     - name: Docker meta
       if: ${{ inputs.docker-push == 'true' }}
       id: docker-meta
-      uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1
+      uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0
       with:
         images:
           ${{ format('{0}/{1}', inputs.docker-registry-url,
@@ -287,27 +294,29 @@ runs:
         DOCKER_SAVE_CACHE: ${{ inputs.docker-save-cache }}
         DOCKER_BUILD_CACHE_FROM: >-
           ${{
-            format('{0},scope={1}', inputs.docker-build-cache-from, runner.arch)
+            format('{0},scope={1}', inputs.docker-build-cache-from,
+            inputs.docker-build-cache-scope || runner.arch)
           }}
         DOCKER_BUILD_CACHE_TO: >-
           ${{
-            format('{0},scope={1}', inputs.docker-build-cache-to, runner.arch)
+            format('{0},scope={1}', inputs.docker-build-cache-to,
+            inputs.docker-build-cache-scope || runner.arch)
           }}
       run: |
         if [[ "${DOCKER_RESTORE_CACHE}" == "true" ]]; then
           echo "no-cache=false" | tee -a "${GITHUB_OUTPUT}"
-          echo "cache-from=${DOCKER_BUILD_CACHE_FROM}" | tee -a "${GITHUB_OUTPUT}"
+          echo "docker-cache-from=${DOCKER_BUILD_CACHE_FROM}" | tee -a "${GITHUB_OUTPUT}"
         else
           echo "no-cache=true" | tee -a "${GITHUB_OUTPUT}"
         fi
 
         if [[ "${DOCKER_SAVE_CACHE}" == "true" ]]; then
-          echo "cache-to=${DOCKER_BUILD_CACHE_TO}" | tee -a "${GITHUB_OUTPUT}"
+          echo "docker-cache-to=${DOCKER_BUILD_CACHE_TO}" | tee -a "${GITHUB_OUTPUT}"
         fi
 
     - name: Build & push image
       id: build-image
-      uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6.13.0
+      uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0
       env:
         DOCKER_BUILD_CHECKS_ANNOTATIONS: true
         DOCKER_BUILD_SUMMARY: true
diff --git a/actions/ctf-build-image/action.yml b/actions/ctf-build-image/action.yml
index 5421736ef..e03818c0a 100644
--- a/actions/ctf-build-image/action.yml
+++ b/actions/ctf-build-image/action.yml
@@ -108,6 +108,14 @@ inputs:
       go get github.com/smartcontractkit/chainlink-solana@abc123
       go get github.com/smartcontractkit/chainlink-evm@def456
 
+  cache-scope:
+    required: false
+    description: |
+      Custom scope for Docker build cache. Separates caches when multiple
+      Dockerfiles build on the same architecture (e.g. "core" vs "plugins").
+      If not set, defaults to runner architecture.
+    default: ""
+
 outputs:
   docker-image-sha-digest-amd64:
     description: "Docker image SHA digest for platform: amd64"
@@ -168,7 +176,7 @@ runs:
 
     - name: Build push docker image
       id: build-image
-      uses: smartcontractkit/.github/actions/build-push-docker@build-push-docker/v1
+      uses: smartcontractkit/.github/actions/build-push-docker@1a13ba524ffc26e40952e02b5847a2225766afaf # DEBUG: Checking if this version works
       with:
         context: .
         platform: ${{ inputs.platform }}
@@ -182,10 +190,9 @@ runs:
         docker-registry-url: ${{ inputs.docker-registry-url }}
         docker-repository-name: ${{ inputs.docker-repository-name }}
 
-        docker-restore-cache:
-          ${{ github.event_name == 'pull_request' || github.event_name ==
-          'merge_group' }}
+        docker-restore-cache: "true"
         docker-save-cache: ${{ github.event_name == 'push' }}
+        docker-build-cache-scope: ${{ inputs.cache-scope }}
 
         tags: type=raw,value=${{ inputs.image-tag }}
         aws-account-number: ${{ inputs.aws-account-number }}