diff --git a/.gitea/workflows/production-deploy.yml b/.gitea/workflows/production-deploy.yml
index 12d6bbb1..88c7babd 100644
--- a/.gitea/workflows/production-deploy.yml
+++ b/.gitea/workflows/production-deploy.yml
@@ -136,12 +136,7 @@ jobs:
 
       - name: Setup Docker Buildx
         run: |
-          # Install Docker Buildx if not present
-          if ! docker buildx version &>/dev/null; then
-            mkdir -p ~/.docker/cli-plugins
-            curl -L "https://github.com/docker/buildx/releases/latest/download/buildx-$(uname -s | tr '[:upper:]' '[:lower:]')-$(uname -m)" -o ~/.docker/cli-plugins/docker-buildx
-            chmod +x ~/.docker/cli-plugins/docker-buildx
-          fi
+          # Buildx ist bereits im docker-build Image installiert
           docker buildx create --name builder --use || docker buildx use builder
           docker buildx inspect --bootstrap
 
diff --git a/deployment/gitea-runner/build-ci-image.sh b/deployment/gitea-runner/build-ci-image.sh
index ef522e25..78953e81 100755
--- a/deployment/gitea-runner/build-ci-image.sh
+++ b/deployment/gitea-runner/build-ci-image.sh
@@ -1,43 +1,69 @@
 #!/bin/bash
-# Build CI Docker Image for Gitea Actions Runner
-# This image contains PHP 8.5, Composer, Ansible, and other CI tools
+# Build CI Docker Images for Gitea Actions Runner
+# - php-ci: PHP 8.5, Composer, Ansible, and other CI tools
+# - docker-build: Docker CLI, Buildx, Git, Bash
 
 set -e
 
 SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
-IMAGE_NAME="${CI_IMAGE_NAME:-php-ci:latest}"
-REGISTRY="${CI_REGISTRY:-registry.michaelschiemer.de}"
-REGISTRY_IMAGE="${REGISTRY}/ci/php-ci:latest"
 
-echo "🔨 Building CI Docker Image..."
-echo "   Image: ${IMAGE_NAME}"
+# PHP CI Image
+PHP_CI_IMAGE="${CI_IMAGE_NAME:-php-ci:latest}"
+REGISTRY="${CI_REGISTRY:-registry.michaelschiemer.de}"
+PHP_CI_REGISTRY_IMAGE="${REGISTRY}/ci/php-ci:latest"
+
+# Docker Build Image
+DOCKER_BUILD_IMAGE="${DOCKER_BUILD_IMAGE_NAME:-docker-build:latest}"
+DOCKER_BUILD_REGISTRY_IMAGE="${REGISTRY}/ci/docker-build:latest"
+
+echo "🔨 Building CI Docker Images..."
+echo ""
+echo "1. PHP CI Image: ${PHP_CI_IMAGE}"
 echo "   Dockerfile: ${PROJECT_ROOT}/docker/ci/Dockerfile"
+echo ""
+echo "2. Docker Build Image: ${DOCKER_BUILD_IMAGE}"
+echo "   Dockerfile: ${PROJECT_ROOT}/docker/ci/Dockerfile.build"
 
 cd "$PROJECT_ROOT"
 
-# Build the image
+# Build PHP CI image
+echo ""
+echo "📦 Building PHP CI image..."
 docker build \
   -f docker/ci/Dockerfile \
-  -t "${IMAGE_NAME}" \
-  -t "${REGISTRY_IMAGE}" \
+  -t "${PHP_CI_IMAGE}" \
+  -t "${PHP_CI_REGISTRY_IMAGE}" \
+  --platform linux/amd64 \
+  .
+
+# Build Docker Build image
+echo ""
+echo "📦 Building Docker Build image..."
+docker build \
+  -f docker/ci/Dockerfile.build \
+  -t "${DOCKER_BUILD_IMAGE}" \
+  -t "${DOCKER_BUILD_REGISTRY_IMAGE}" \
   --platform linux/amd64 \
   .
 
 echo ""
-echo "✅ Image built successfully!"
+echo "✅ Images built successfully!"
 echo ""
 echo "📋 Next steps:"
 echo ""
 echo "1. Tag and push to registry (if using registry):"
 echo "   docker login ${REGISTRY}"
-echo "   docker push ${REGISTRY_IMAGE}"
+echo "   docker push ${PHP_CI_REGISTRY_IMAGE}"
+echo "   docker push ${DOCKER_BUILD_REGISTRY_IMAGE}"
 echo ""
 echo "2. Update GITEA_RUNNER_LABELS in .env:"
-echo "   Add: php-ci:docker://${IMAGE_NAME}"
+echo "   Add: php-ci:docker://${PHP_CI_IMAGE}"
+echo "   Add: docker-build:docker://${DOCKER_BUILD_IMAGE}"
 echo ""
-echo "3. Or use registry image:"
-echo "   Add: php-ci:docker://${REGISTRY_IMAGE}"
+echo "3. Or use registry images:"
+echo "   Add: php-ci:docker://${PHP_CI_REGISTRY_IMAGE}"
+echo "   Add: docker-build:docker://${DOCKER_BUILD_REGISTRY_IMAGE}"
 echo ""
 echo "4. Restart runner to pick up new labels:"
 echo "   cd deployment/gitea-runner"
@@ -48,13 +74,15 @@ echo ""
 
 # Ask if user wants to push to registry
 if [ -n "$CI_REGISTRY" ] && [ -n "$CI_REGISTRY_USER" ] && [ -n "$CI_REGISTRY_PASSWORD" ]; then
-  read -p "Push image to registry? (y/N) " -n 1 -r
+  read -p "Push images to registry? (y/N) " -n 1 -r
   echo
   if [[ $REPLY =~ ^[Yy]$ ]]; then
     echo "🔐 Logging in to registry..."
     echo "$CI_REGISTRY_PASSWORD" | docker login "$REGISTRY" -u "$CI_REGISTRY_USER" --password-stdin
-    echo "📤 Pushing image..."
-    docker push "${REGISTRY_IMAGE}"
-    echo "✅ Image pushed to ${REGISTRY_IMAGE}"
+    echo "📤 Pushing PHP CI image..."
+    docker push "${PHP_CI_REGISTRY_IMAGE}"
+    echo "📤 Pushing Docker Build image..."
+    docker push "${DOCKER_BUILD_REGISTRY_IMAGE}"
+    echo "✅ Images pushed to registry"
   fi
 fi
diff --git a/docker/ci/Dockerfile.build b/docker/ci/Dockerfile.build
new file mode 100644
index 00000000..e540e835
--- /dev/null
+++ b/docker/ci/Dockerfile.build
@@ -0,0 +1,30 @@
+# Dockerfile für Docker Build Jobs in CI/CD
+# Enthält: Docker CLI, Docker Buildx, Git, Bash
+FROM docker:latest
+
+# Installiere zusätzliche Tools
+RUN apk add --no-cache \
+    git \
+    bash \
+    curl \
+    openssh-client \
+    ca-certificates
+
+# Installiere Docker Buildx
+RUN mkdir -p /root/.docker/cli-plugins && \
+    ARCH=$(uname -m) && \
+    if [ "$ARCH" = "x86_64" ]; then ARCH="amd64"; fi && \
+    curl -L "https://github.com/docker/buildx/releases/download/v0.13.2/buildx-v0.13.2.linux-${ARCH}" \
+    -o /root/.docker/cli-plugins/docker-buildx && \
+    chmod +x /root/.docker/cli-plugins/docker-buildx
+
+# Verifiziere Installation (Buildx wird beim ersten Aufruf initialisiert, daher nur Basis-Checks)
+RUN docker --version && \
+    git --version && \
+    bash --version
+
+# Arbeitsverzeichnis
+WORKDIR /workspace
+
+# Standard-User für CI (UID/GID 1000)
+RUN addgroup -g 1000 ci && adduser -u 1000 -G ci -D ci