diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index e027ac2d..9e0eb79b 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -39,96 +39,16 @@ workflow:
   fi
   echo "$PASS" | docker login --username AWS --password-stdin "$ECR_REGISTRY"
 
-# =========================
-# DEV (push ke development)
-# =========================
-build_push_dev:
-  stage: build
-  image: public.ecr.aws/docker/library/docker:27
-  tags: [self-hosted-dev]
-  rules:
-    - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH == "development"'
-  variables:
-    IMAGE_TAG: "dev-${CI_COMMIT_SHORT_SHA}"
-  before_script:
-    - set -eu
-    - docker version
-    - docker info
-    - *ecr_login
-  script: |
-    set -eu
-    echo "Build & push: $ECR_REPOSITORY:$IMAGE_TAG"
-    BASE_IMAGE="${NODE_BASE_IMAGE:-public.ecr.aws/docker/library/node:20-alpine}"
-
-    n=1
-    until [ "$n" -gt 3 ]; do
-      docker pull "$BASE_IMAGE" && break
-      echo "Pull base image failed (attempt $n/3), retrying..."
-      sleep $((n * 10))
-      n=$((n + 1))
-    done
-    [ "$n" -le 3 ] || (echo "ERROR: Failed pulling base image: $BASE_IMAGE" && exit 1)
-
-    docker build \
-      --build-arg NODE_IMAGE="$BASE_IMAGE" \
-      --build-arg NODE_ENV="${NODE_ENV:-dev}" \
-      --build-arg PORT="${PORT:-3000}" \
-      --build-arg NEXT_PUBLIC_API_BASE_URL="${NEXT_PUBLIC_API_BASE_URL:-/api}" \
-      --build-arg DATABASE_URL="${DATABASE_URL:-}" \
-      --build-arg AUTH_JWT_SECRET="${AUTH_JWT_SECRET:-}" \
-      --build-arg NEXT_PUBLIC_POWERSYNC_URL="${NEXT_PUBLIC_POWERSYNC_URL:-}" \
-      --build-arg POWERSYNC_PRIVATE_KEY="${POWERSYNC_PRIVATE_KEY:-}" \
-      --build-arg POWERSYNC_PUBLIC_KEY="${POWERSYNC_PUBLIC_KEY:-}" \
-      -t "$ECR_REPOSITORY:$IMAGE_TAG" \
-      .
-
-    docker push "$ECR_REPOSITORY:$IMAGE_TAG"
-
-update_gitops_dev_presensi:
-  stage: gitops
-  image: public.ecr.aws/docker/library/alpine:3.20
-  tags: [self-hosted-dev]
-  rules:
-    - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH == "development"'
-  needs: ["build_push_dev"]
-  variables:
-    IMAGE_TAG: "dev-${CI_COMMIT_SHORT_SHA}"
-    GITOPS_BRANCH: main
-    VALUES_FILE: environments/mas-presensi/dev/mas-presensi-values-dev.yaml
-    GITOPS_REPO_URL: https://oauth2:${GITOPS_TOKEN}@gitlab.com/cristian.anggita.parjaman/gitops.git
-  before_script:
-    - set -eu
-    - apk add --no-cache git yq
-    - git config --global user.email "ci@gitlab"
-    - git config --global user.name "gitlab-ci"
-  script: |
-    set -eu
-    rm -rf gitops
-    git clone --depth 1 --branch "$GITOPS_BRANCH" "$GITOPS_REPO_URL" gitops
-    cd gitops
-
-    echo "Updating dev image.tag to $IMAGE_TAG"
-    yq -i '.image.tag = strenv(IMAGE_TAG)' "$VALUES_FILE"
-
-    git add "$VALUES_FILE"
-    if git diff --cached --quiet; then
-      echo "No changes to commit"
-      exit 0
-    fi
-    git commit -m "mas-presensi dev deploy ${IMAGE_TAG}"
-    git push origin "$GITOPS_BRANCH"
-
 # =========================
 # PROD
-# 1) MR dev -> prod (merge_request_event, target production) : build optional push
-# 2) Setelah merge (push ke branch production) : build + push + update gitops
+# 1) MR ke target production: build (optional push)
+# 2) Push ke production: build + push + update gitops
 # =========================
 
-# (A) MR pipeline (validate build dari state MR)
 build_prod_mr:
   stage: build
   image: public.ecr.aws/docker/library/docker:27
-  tags: [self-hosted-dev]
+  tags: [self-hosted-prod]
   rules:
     - if: '$CI_PIPELINE_SOURCE == "merge_request_event" && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "production"'
   variables:
@@ -143,21 +63,7 @@ build_prod_mr:
   script: |
     set -eu
     echo "Build (MR) : $ECR_REPOSITORY:$IMAGE_TAG"
-    BASE_IMAGE="${NODE_BASE_IMAGE:-public.ecr.aws/docker/library/node:20-alpine}"
-    docker pull "$BASE_IMAGE" || true
-
-    docker build \
-    --build-arg NODE_IMAGE="$BASE_IMAGE" \
-    --build-arg NODE_ENV="${NODE_ENV:-production}" \
-    --build-arg PORT="${PORT:-3000}" \
-    --build-arg NEXT_PUBLIC_API_BASE_URL="${NEXT_PUBLIC_API_BASE_URL:-/api}" \
-    --build-arg DATABASE_URL="${DATABASE_URL:-}" \
-    --build-arg AUTH_JWT_SECRET="${AUTH_JWT_SECRET:-}" \
-    --build-arg NEXT_PUBLIC_POWERSYNC_URL="${NEXT_PUBLIC_POWERSYNC_URL:-}" \
-    --build-arg POWERSYNC_PRIVATE_KEY="${POWERSYNC_PRIVATE_KEY:-}" \
-    --build-arg POWERSYNC_PUBLIC_KEY="${POWERSYNC_PUBLIC_KEY:-}" \
-    -t "$ECR_REPOSITORY:$IMAGE_TAG" \
-    .
+    docker build -f Dockerfile -t "$ECR_REPOSITORY:$IMAGE_TAG" .
 
     if [ "$PUSH_IMAGE" = "true" ]; then
       echo "Pushing image for MR..."
@@ -166,11 +72,10 @@ build_prod_mr:
       echo "Skip push (MR)."
     fi
 
-# (B) push ke production (hasil merge) => ini yang "build dari code merge"
 build_push_prod:
   stage: build
   image: public.ecr.aws/docker/library/docker:27
-  tags: [self-hosted-dev]
+  tags: [self-hosted-prod]
   rules:
     - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH == "production"'
   variables:
@@ -183,43 +88,20 @@ build_push_prod:
   script: |
     set -eu
     echo "Build & push (prod): $ECR_REPOSITORY:$IMAGE_TAG"
-    BASE_IMAGE="${NODE_BASE_IMAGE:-public.ecr.aws/docker/library/node:20-alpine}"
-
-    n=1
-    until [ "$n" -gt 3 ]; do
-      docker pull "$BASE_IMAGE" && break
-      echo "Pull base image failed (attempt $n/3), retrying..."
-      sleep $((n * 10))
-      n=$((n + 1))
-    done
-    [ "$n" -le 3 ] || (echo "ERROR: Failed pulling base image: $BASE_IMAGE" && exit 1)
-
-    docker build \
-      --build-arg NODE_IMAGE="$BASE_IMAGE" \
-      --build-arg NODE_ENV="${NODE_ENV:-production}" \
-      --build-arg PORT="${PORT:-3000}" \
-      --build-arg NEXT_PUBLIC_API_BASE_URL="${NEXT_PUBLIC_API_BASE_URL:-/api}" \
-      --build-arg DATABASE_URL="${DATABASE_URL:-}" \
-      --build-arg AUTH_JWT_SECRET="${AUTH_JWT_SECRET:-}" \
-      --build-arg NEXT_PUBLIC_POWERSYNC_URL="${NEXT_PUBLIC_POWERSYNC_URL:-}" \
-      --build-arg POWERSYNC_PRIVATE_KEY="${POWERSYNC_PRIVATE_KEY:-}" \
-      --build-arg POWERSYNC_PUBLIC_KEY="${POWERSYNC_PUBLIC_KEY:-}" \
-      -t "$ECR_REPOSITORY:$IMAGE_TAG" \
-      .
-
+    docker build -f Dockerfile -t "$ECR_REPOSITORY:$IMAGE_TAG" .
     docker push "$ECR_REPOSITORY:$IMAGE_TAG"
 
-update_gitops_prod_presensi:
+update_gitops_prod_lti:
   stage: gitops
   image: public.ecr.aws/docker/library/alpine:3.20
-  tags: [self-hosted-dev]
+  tags: [self-hosted-prod]
   rules:
     - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH == "production"'
   needs: ["build_push_prod"]
   variables:
     IMAGE_TAG: "prod-${CI_COMMIT_SHORT_SHA}"
     GITOPS_BRANCH: main
-    VALUES_FILE: environments/lti/prod/lti-values-prod.yaml .yaml
+    VALUES_FILE: environments/lti/prod/lti-values-prod.yaml
     GITOPS_REPO_URL: https://oauth2:${GITOPS_TOKEN}@gitlab.com/cristian.anggita.parjaman/gitops.git
   before_script:
     - set -eu
@@ -240,5 +122,5 @@ update_gitops_prod_presensi:
       echo "No changes to commit"
       exit 0
     fi
-    git commit -m "mas-presensi prod deploy ${IMAGE_TAG}"
+    git commit -m "lti prod deploy ${IMAGE_TAG}"
     git push origin "$GITOPS_BRANCH"