diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 64735d49..e97d5455 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -14,9 +14,10 @@ variables:
 
 workflow:
   rules:
-    # run untuk push & MR
-    - if: '$CI_PIPELINE_SOURCE == "push"'
-    - if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
+    # run untuk branch utama & MR
+    - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH == "development"'
+    - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH == "production"'
+    - if: '$CI_PIPELINE_SOURCE == "merge_request_event" && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "production"'
     - when: never
 
 # =========================
@@ -40,12 +41,9 @@ workflow:
   echo "$PASS" | docker login --username AWS --password-stdin "$ECR_REGISTRY"
 
 # =========================
-# PROD
-# 1) MR ke target production: build (optional push)
-# 2) Push ke production: build + push + update gitops
+# MR
 # =========================
-
-build_prod_mr:
+build_mr:
   stage: build
   image: public.ecr.aws/docker/library/docker:27
   tags: [self-hosted-dev]
@@ -53,8 +51,6 @@ build_prod_mr:
     - if: '$CI_PIPELINE_SOURCE == "merge_request_event" && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "production"'
   variables:
     IMAGE_TAG: "prod-mr-${CI_COMMIT_SHORT_SHA}"
-    # kalau mau push juga saat MR, set di project/CI variable: PUSH_IMAGE=true
-    PUSH_IMAGE: "${PUSH_IMAGE:-false}"
   before_script:
     - set -eu
     - docker version
@@ -64,14 +60,34 @@ build_prod_mr:
     set -eu
     echo "Build (MR) : $ECR_REPOSITORY:$IMAGE_TAG"
     docker build -f Dockerfile -t "$ECR_REPOSITORY:$IMAGE_TAG" .
+    echo "Pushing image for MR..."
+    docker push "$ECR_REPOSITORY:$IMAGE_TAG"
 
-    if [ "$PUSH_IMAGE" = "true" ]; then
-      echo "Pushing image for MR..."
-      docker push "$ECR_REPOSITORY:$IMAGE_TAG"
-    else
-      echo "Skip push (MR)."
-    fi
+# =========================
+# DEVELOPMENT (push branch development)
+# =========================
+build_push_dev:
+  stage: build
+  image: public.ecr.aws/docker/library/docker:27
+  tags: [self-hosted-dev]
+  rules:
+    - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH == "development"'
+  variables:
+    IMAGE_TAG: "dev-${CI_COMMIT_SHORT_SHA}"
+  before_script:
+    - set -eu
+    - docker version
+    - docker info
+    - *ecr_login
+  script: |
+    set -eu
+    echo "Build & push (dev): $ECR_REPOSITORY:$IMAGE_TAG"
+    docker build -f Dockerfile -t "$ECR_REPOSITORY:$IMAGE_TAG" .
+    docker push "$ECR_REPOSITORY:$IMAGE_TAG"
 
+# =========================
+# PRODUCTION (push branch production)
+# =========================
 build_push_prod:
   stage: build
   image: public.ecr.aws/docker/library/docker:27