diff --git a/.github/actions/deploy_on_prem/action.yaml b/.github/actions/deploy_on_prem/action.yaml
new file mode 100644
index 000000000..201420941
--- /dev/null
+++ b/.github/actions/deploy_on_prem/action.yaml
@@ -0,0 +1,96 @@
+# SPDX-FileCopyrightText: (C) 2025 Intel Corporation
+# SPDX-License-Identifier: Apache-2.0
+
+name: "Deploy on Prem Orchestrator"
+description: "Creates a VM and Deploys the Orchestrator on it"
+inputs:
+  orch_version:
+    required: false
+    description: "Orchestrator version to deploy"
+    default: "main"
+  docker_username:
+    required: true
+    description: "Docker Hub username for pulling images"
+  docker_password:
+    required: true
+    description: "Docker Hub password for pulling images"
+
+runs:
+  using: "composite"
+  steps:
+    - name: Checkout Orchestrator repo
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683  # v4.2.2
+      with:
+        repository: open-edge-platform/edge-manageability-framework
+        ref: ${{ inputs.orch_version }}
+        persist-credentials: false
+
+    - name: Setup asdf and install dependencies
+      id: install-deps
+      uses: open-edge-platform/orch-utils/.github/actions/setup-asdf@main  # zizmor: ignore[unpinned-uses]
+
+    - name: Check Oras
+      run: |
+        oras version
+      shell: bash
+
+    - name: Set deploy tag
+      id: deploy-tag
+      shell: bash
+      working-directory: on-prem-installers
+      # NOTE: The terraform deploy tag is different than the git ref, it's calucated using this mage target
+      run: |
+        mage build:debVersion
+        echo "DEPLOY_TAG=$(mage build:debVersion)" >> "$GITHUB_ENV"
+
+    - name: Deploy Orchestrator
+      env:
+        TF_VAR_deploy_tag: ${{ env.DEPLOY_TAG }}
+        TF_VAR_FILE: ${{ github.workspace }}/terraform/orchestrator/terraform.tfvars
+        TF_VAR_docker_username: ${{ inputs.docker_username }}
+        TF_VAR_docker_password: ${{ inputs.docker_password }}
+        KUBECONFIG: ${{ github.workspace }}/terraform/orchestrator/files/kubeconfig
+      shell: bash
+      run: mage deploy:onPrem
+
+    - name: Verify deployment
+      shell: bash
+      env:
+        KUBECONFIG: ${{ github.workspace }}/terraform/orchestrator/files/kubeconfig
+      run: mage -v deploy:waitUntilComplete
+
+    - name: Setup test environment
+      shell: bash
+      env:
+        KUBECONFIG: ${{ github.workspace }}/terraform/orchestrator/files/kubeconfig
+      run: mage -v gen:orchCA deploy:orchCA deploy:edgeNetworkDNS
+
+    - name: Get diagnostic information
+      id: get-diagnostic-info
+      if: always() && steps.install-deps.conclusion == 'success'
+      env:
+        SSH_HOST: 192.168.99.10
+        SSH_USER: ubuntu
+        SSH_PASSWORD: ubuntu
+        KUBECONFIG: ${{ github.workspace }}/terraform/orchestrator/files/kubeconfig
+      shell: bash
+      run: |
+        mkdir -p onprem-diagnostics
+        kubectl config set-cluster default --server="https://${SSH_HOST}:6443" --insecure-skip-tls-verify
+        kubectl get pods -o wide -A | tee onprem-diagnostics/pods-list.txt
+        kubectl describe pods -A | tee onprem-diagnostics/pods-describe.txt
+        mage logutils:collectArgoDiags | tee onprem-diagnostics/argo-diag.txt
+        kubectl get applications -o yaml -A | tee onprem-diagnostics/argocd-applications.yaml
+        kubectl get events -o yaml -A | tee onprem-diagnostics/events.yaml
+
+    - name: Upload diagnostic information to CI artifact store
+      if: always() && steps.get-diagnostic-info.conclusion == 'success'
+      uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02  # v4.6.2
+      with:
+        name: onprem-diagnostics
+        path: |
+          onprem-diagnostics/pods-list.txt
+          onprem-diagnostics/pods-describe.txt
+          onprem-diagnostics/argo-diag.txt
+          onprem-diagnostics/argocd-applications.yaml
+          onprem-diagnostics/events.yaml
\ No newline at end of file
diff --git a/.github/workflows/virtual-integration.yml b/.github/workflows/virtual-integration.yml
index a4fc12506..d7c61402b 100644
--- a/.github/workflows/virtual-integration.yml
+++ b/.github/workflows/virtual-integration.yml
@@ -323,6 +323,7 @@ jobs:
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683  # v4.2.2
         with:
           persist-credentials: false
+          ref:  ${{ github.event.pull_request.head.sha }}
 
       - uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684  # v4.2.3
         with:
@@ -355,7 +356,9 @@ jobs:
       - name: Set DEB_VERSION
         id: set-version
         working-directory: on-prem-installers
-        run: echo "DEB_VERSION=$(mage build:debVersion)" >> "$GITHUB_OUTPUT"
+        run: |
+          mage build:debVersion
+          echo "DEB_VERSION=$(mage build:debVersion)" >> "$GITHUB_OUTPUT"
 
       - name: Configure AWS credentials
         uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722  # v4.0.1
@@ -686,31 +689,18 @@ jobs:
     env:
       KUBECONFIG: ${{ github.workspace }}/terraform/orchestrator/files/kubeconfig
     steps:
-      - name: Checkout code
+      - name: Checkout Orchestrator repo
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683  # v4.2.2
         with:
           persist-credentials: false
 
-      - name: Setup asdf and install dependencies
-        id: install-deps
-        uses: open-edge-platform/orch-utils/.github/actions/setup-asdf@main  # zizmor: ignore[unpinned-uses]
-
-      - name: Deploy Orchestrator
-        env:
-          TF_VAR_intel_release_service_refresh_token: value-not-used
-          TF_VAR_deploy_tag: ${{ needs.build-publish.outputs.deb-version }}
-          TF_VAR_FILE: ${{ github.workspace }}/terraform/orchestrator/terraform.tfvars
-          TF_VAR_docker_username: ${{ secrets.SYS_DOCKERHUB_USERNAME }}
-          TF_VAR_docker_password: ${{ secrets.SYS_DOCKERHUB_RO }}
-        timeout-minutes: 90
-        run: mage deploy:onPrem
-
-      - name: Verify deployment
-        timeout-minutes: 60
-        run: mage -v deploy:waitUntilComplete
-
-      - name: Setup test environment
-        run: mage -v gen:orchCA deploy:orchCA deploy:edgeNetworkDNS
+      - name: Deploy On-Prem Orchestrator
+        id: deploy-on-prem
+        uses: ./.github/actions/deploy_on_prem
+        with:
+          orch_version: ${{ github.event.pull_request.head.sha }}
+          docker_username: ${{ secrets.SYS_DOCKERHUB_USERNAME }}
+          docker_password: ${{ secrets.SYS_DOCKERHUB_RO }}
 
       - name: Run E2E tests
         env:
@@ -730,34 +720,6 @@ jobs:
           needs.check-changed-files.outputs.ci == 'true'
         run: mage test:onboarding
 
-      - name: Get diagnostic information
-        id: get-diagnostic-info
-        if: always() && steps.install-deps.conclusion == 'success'
-        env:
-          SSH_HOST: 192.168.99.10
-          SSH_USER: ubuntu
-          SSH_PASSWORD: ubuntu
-        run: |
-          mkdir -p onprem-diagnostics
-          kubectl config set-cluster default --server="https://${SSH_HOST}:6443" --insecure-skip-tls-verify
-          kubectl get pods -o wide -A | tee onprem-diagnostics/pods-list.txt
-          kubectl describe pods -A | tee onprem-diagnostics/pods-describe.txt
-          mage logutils:collectArgoDiags | tee onprem-diagnostics/argo-diag.txt
-          kubectl get applications -o yaml -A | tee onprem-diagnostics/argocd-applications.yaml
-          kubectl get events -o yaml -A | tee onprem-diagnostics/events.yaml
-
-      - name: Upload diagnostic information to CI artifact store
-        if: always() && steps.get-diagnostic-info.conclusion == 'success'
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02  # v4.6.2
-        with:
-          name: onprem-diagnostics
-          path: |
-            onprem-diagnostics/pods-list.txt
-            onprem-diagnostics/pods-describe.txt
-            onprem-diagnostics/argo-diag.txt
-            onprem-diagnostics/argocd-applications.yaml
-            onprem-diagnostics/events.yaml
-
   tag-repo:
     permissions:
       contents: read