diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml
new file mode 100644
index 00000000000..9c3aebd428b
--- /dev/null
+++ b/.github/workflows/cd.yml
@@ -0,0 +1,51 @@
+name: cd
+
+on:
+    push:
+        branches: [main]
+
+jobs:
+    deploy:
+        name: Deploy
+        runs-on: ubuntu-latest
+
+        env:
+            DATABASE_URL: ${{ secrets.DATABASE_URL }}
+
+        steps:
+            - name: Checkout code
+              uses: actions/checkout@v4
+
+            - name: Setup Go
+              uses: actions/setup-go@v5
+              with:
+                go-version: "1.25.1"
+
+            - name: Install Goose
+              run: go install github.com/pressly/goose/v3/cmd/goose@latest
+
+            - name: Build app
+              run: ./scripts/buildprod.sh
+
+            - id: 'auth'
+              uses: google-github-actions/auth@v2
+              with:
+                credentials_json: '${{ secrets.GCP_CREDENTIALS }}'
+
+            - name: 'Set up Cloud SDK'
+              uses: 'google-github-actions/setup-gcloud@v3'
+
+            - name: 'Use gcloud CLI'
+              run: 'gcloud info'
+
+            - name: Build docker image and push to Artifact Registry
+              run: gcloud builds submit --tag us-central1-docker.pkg.dev/notely-479911/notely-ar-repo/notely:latest
+
+            - name: Run Migrations script
+              run: ./scripts/migrateup.sh
+
+            - name: Deploy to Cloud Run
+              run: gcloud run deploy notely --image us-central1-docker.pkg.dev/notely-479911/notely-ar-repo/notely:latest --region us-central1 --allow-unauthenticated --project notely-479911 --max-instances=4
+
+            
+
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
new file mode 100644
index 00000000000..0b313f86ca2
--- /dev/null
+++ b/.github/workflows/ci.yml
@@ -0,0 +1,51 @@
+name: ci
+
+on:
+  pull_request:
+    branches: [main]
+
+jobs:
+  tests:
+    name: Tests
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v4
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: "1.25.1"
+
+      - name: Test
+        run: go test ./... -cover
+
+      - name: Install gosec
+        run: go install github.com/securego/gosec/v2/cmd/gosec@latest
+
+      - name: Run gosec
+        run: gosec ./...
+
+  style:
+    name: Style
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v4
+        
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: "1.25.1"
+
+      - name: Code formatting
+        run: test -z $(go fmt ./...)
+
+      - name: Linter
+        uses: dominikh/staticcheck-action@v1
+        with:
+          version: "latest"
+      
+    
\ No newline at end of file
diff --git a/README.md b/README.md
index c2bec0368b7..eef75ff9a19 100644
--- a/README.md
+++ b/README.md
@@ -1,3 +1,4 @@
+![tests](https://github.com/eniolaomotee/learn-cicd-starter/actions/workflows/ci.yml/badge.svg)
 # learn-cicd-starter (Notely)
 
 This repo contains the starter code for the "Notely" application for the "Learn CICD" course on [Boot.dev](https://boot.dev).
@@ -21,3 +22,8 @@ go build -o notely && ./notely
 *This starts the server in non-database mode.* It will serve a simple webpage at `http://localhost:8080`.
 
 You do *not* need to set up a database or any interactivity on the webpage yet. Instructions for that will come later in the course!
+
+"Eniola's version of Boot.dev's Notely app."
+
+
+
diff --git a/internal/auth/auth_test.go b/internal/auth/auth_test.go
new file mode 100644
index 00000000000..368b1ed51c0
--- /dev/null
+++ b/internal/auth/auth_test.go
@@ -0,0 +1,55 @@
+package auth
+
+import (
+	"net/http"
+	"testing"
+)
+
+func TestApiKey(t *testing.T) {
+	tests := []struct {
+		name      string
+		header    http.Header
+		want      string
+		wantedErr bool
+	}{
+		{
+			name: "valid token",
+			header: http.Header{
+				"Authorization": []string{"ApiKey validtoken123"},
+			},
+			want:      "validtoken123",
+			wantedErr: false,
+		},
+		{
+			name:      "missing authorization header",
+			header:    http.Header{},
+			want:      "",
+			wantedErr: true,
+		},
+		{
+			name: "missing ApiKey prefix",
+			header: http.Header{
+				"Authorization": []string{"invalidprefix token123"},
+			},
+			want:      "",
+			wantedErr: true,
+		},
+	}
+
+	for _, test := range tests {
+		t.Run(test.name, func(t *testing.T) {
+
+			got, err := GetAPIKey(test.header)
+
+			// Check error behavior
+			if (err != nil) != test.wantedErr {
+				t.Fatalf("Expected error: %v, got: %v", test.wantedErr, err)
+			}
+
+			// Check token value
+			if got != test.want {
+				t.Fatalf("Expected token: %s, got: %s", test.want, got)
+			}
+		})
+	}
+}
diff --git a/json.go b/json.go
index 1e6e7985e18..c529c90c124 100644
--- a/json.go
+++ b/json.go
@@ -30,5 +30,8 @@ func respondWithJSON(w http.ResponseWriter, code int, payload interface{}) {
 		return
 	}
 	w.WriteHeader(code)
-	w.Write(dat)
+	_, err = w.Write(dat)
+	if err != nil {
+		log.Printf("Critical error writing response: %s", err)
+	}
 }
diff --git a/main.go b/main.go
index 19d7366c5f7..ec86bb7bf95 100644
--- a/main.go
+++ b/main.go
@@ -7,6 +7,7 @@ import (
 	"log"
 	"net/http"
 	"os"
+	"time"
 
 	"github.com/go-chi/chi"
 	"github.com/go-chi/cors"
@@ -89,8 +90,9 @@ func main() {
 
 	router.Mount("/v1", v1Router)
 	srv := &http.Server{
-		Addr:    ":" + port,
-		Handler: router,
+		Addr:              ":" + port,
+		Handler:           router,
+		ReadHeaderTimeout: time.Second * 5,
 	}
 
 	log.Printf("Serving on port: %s\n", port)
diff --git a/static/index.html b/static/index.html
index 72be101028c..5d4ad73c095 100644
--- a/static/index.html
+++ b/static/index.html
@@ -7,7 +7,7 @@
 </head>
 
 <body class="section">
-    <h1>Notely</h1>
+    <h1>Welcome to Notely</h1>
 
     <div id="userCreationContainer" class="section">
         <input id="nameField" type="text" placeholder="Enter your name">