diff --git a/agents/action.yml b/agents/action.yml
new file mode 100644
index 00000000..62c34477
--- /dev/null
+++ b/agents/action.yml
@@ -0,0 +1,63 @@
+name: 'Agents Production Deployment'
+description: 'Promote staging agent image to enterprise feed in GHCR'
+
+inputs:
+  image_repository:
+    description: 'Full image repository path (e.g., greenbone/scan-agent-app)'
+    required: true
+  staging_version:
+    description: 'Version tag from staging to promote'
+    required: true
+  dry_run:
+    description: 'Dry run mode - verify only, do not push to production'
+    required: false
+    default: 'true'
+  github_token:
+    description: 'GitHub token for GHCR access'
+    required: true
+
+runs:
+  using: "composite"
+  steps:
+    - name: Login to GitHub Container Registry
+      uses: docker/login-action@v3
+      with:
+        registry: ghcr.io
+        username: ${{ github.actor }}
+        password: ${{ inputs.github_token }}
+
+    - name: Verify and pull staging image
+      shell: bash
+      run: |
+        STAGING_IMAGE="ghcr.io/${{ inputs.image_repository }}:${{ inputs.staging_version }}-staging"
+        if ! docker manifest inspect "$STAGING_IMAGE" > /dev/null 2>&1; then
+          echo "Error: Staging image not found: $STAGING_IMAGE"
+          exit 1
+        fi
+        echo "Staging image verified: $STAGING_IMAGE"
+        if [ "${{ inputs.dry_run }}" = "true" ]; then
+          echo "DRY RUN MODE - Skipping pull"
+        else
+          docker pull $STAGING_IMAGE
+        fi
+        echo "STAGING_IMAGE=$STAGING_IMAGE" >> $GITHUB_ENV
+
+    - name: Tag and push to GHCR production
+      if: inputs.dry_run != 'true'
+      shell: bash
+      run: |
+        docker tag $STAGING_IMAGE ghcr.io/${{ inputs.image_repository }}:${{ inputs.staging_version }}
+        docker tag $STAGING_IMAGE ghcr.io/${{ inputs.image_repository }}:enterprise
+        docker tag $STAGING_IMAGE ghcr.io/${{ inputs.image_repository }}:latest
+        docker push ghcr.io/${{ inputs.image_repository }}:${{ inputs.staging_version }}
+        docker push ghcr.io/${{ inputs.image_repository }}:enterprise
+        docker push ghcr.io/${{ inputs.image_repository }}:latest
+
+    - name: Dry run summary for GHCR
+      if: inputs.dry_run == 'true'
+      shell: bash
+      run: |
+        echo "DRY RUN - Would push to GHCR:"
+        echo "  - ghcr.io/${{ inputs.image_repository }}:${{ inputs.staging_version }}"
+        echo "  - ghcr.io/${{ inputs.image_repository }}:enterprise"
+        echo "  - ghcr.io/${{ inputs.image_repository }}:latest"