diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml
new file mode 100644
index 00000000000..e516b5dc1fb
--- /dev/null
+++ b/.github/workflows/cd.yml
@@ -0,0 +1,46 @@
+name: ci
+
+on:
+  push:
+    branches: [main]
+
+jobs:
+  Deploy:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v4
+
+      - name: Set up Go 
+        uses: actions/setup-go@v5 
+        with:
+          go-version: "1.26.0"
+
+      - name: Build Application
+        run: |
+           chmod +x scripts/buildprod.sh
+           ./scripts/buildprod.sh
+
+      - id: auth
+        uses: google-github-actions/auth@v2
+        with:
+          credentials_json: ${{secrets.GCP_CREDENTIALS}}
+
+      - name: Set up Cloud SDK
+        uses: google-github-actions/setup-gcloud@v3
+        with:
+          version: '>= 363.0.0'
+
+      - name: Use gcloud CLI
+        run: gcloud info
+
+      - name: Build image
+        run: gcloud builds submit --tag us-central1-docker.pkg.dev/notely-494716/notely-ar-repo/notely:latest .
+
+      - name: deploy
+        run: gcloud run deploy notely --image us-central1-docker.pkg.dev/notely-494716/notely-ar-repo/notely:latest --region us-central1 --allow-unauthenticated --project notely-494716 --max-instance=4
+            
+
+
+       
\ No newline at end of file
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
new file mode 100644
index 00000000000..237aa92ad09
--- /dev/null
+++ b/.github/workflows/ci.yml
@@ -0,0 +1,51 @@
+name: ci
+
+on:
+  pull_request:
+    branches: [main]
+
+jobs:
+  tests:
+    name: Tests
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v4
+
+      - name: Set up Go 
+        uses: actions/setup-go@v5 
+        with:
+          go-version: "1.26.0"
+
+      - name: run my tests
+        run: go test -cover ./...
+
+      - name: Install gosec
+        run: go install github.com/securego/gosec/v2/cmd/gosec@latest
+
+      - name: run gosec
+        run: gosec ./...
+  
+  style:
+    name: Style
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v4
+
+      - name: Set up Go
+        uses: actions/setup-go@v5 
+        with:
+          go-version: "1.26.0"
+        
+      - name: formot code
+        run: test -z $(go fmt ./...)
+
+      - name: Install staticcheck
+        run: go install honnef.co/go/tools/cmd/staticcheck@latest
+        
+      - name: run staticcheck
+        run: staticcheck ./...
+
diff --git a/README.md b/README.md
index c2bec0368b7..3df0f6994b2 100644
--- a/README.md
+++ b/README.md
@@ -1,3 +1,5 @@
+![alt text goes here](https://github.com/abioludipe/learn-cicd-starter/actions/workflows/ci.yml/badge.svg)
+
 # learn-cicd-starter (Notely)
 
 This repo contains the starter code for the "Notely" application for the "Learn CICD" course on [Boot.dev](https://boot.dev).
@@ -21,3 +23,5 @@ go build -o notely && ./notely
 *This starts the server in non-database mode.* It will serve a simple webpage at `http://localhost:8080`.
 
 You do *not* need to set up a database or any interactivity on the webpage yet. Instructions for that will come later in the course!
+
+"Abimbola's version of Boot.dev's Notely app"
diff --git a/internal/auth/get_api_key_test.go b/internal/auth/get_api_key_test.go
new file mode 100644
index 00000000000..5ac1cd99d36
--- /dev/null
+++ b/internal/auth/get_api_key_test.go
@@ -0,0 +1,62 @@
+package auth
+
+import (
+	"fmt"
+	"net/http"
+	"strings"
+	"testing"
+)
+
+func TestGetAPIKey(t *testing.T) {
+	tests := []struct {
+		key       string
+		value     string
+		expect    string
+		expectErr string
+	}{
+		{
+			expectErr: "no authorization header",
+		},
+		{
+			key:       "Authorization",
+			expectErr: "no authorization header",
+		},
+		{
+			key:       "Authorization",
+			value:     "-",
+			expectErr: "malformed authorization header",
+		},
+		{
+			key:       "Authorization",
+			value:     "Bearer xxxxxx",
+			expectErr: "malformed authorization header",
+		},
+		{
+			key:       "Authorization",
+			value:     "ApiKey xxxxxx",
+			expect:    "xxxxxx",
+			expectErr: "not expecting an error",
+		},
+	}
+
+	for i, test := range tests {
+		t.Run(fmt.Sprintf("TestGetAPIKey Case #%v:", i), func(t *testing.T) {
+			header := http.Header{}
+			header.Add(test.key, test.value)
+
+			output, err := GetAPIKey(header)
+			if err != nil {
+				if strings.Contains(err.Error(), test.expectErr) {
+					return
+				}
+				t.Errorf("Unexpected: TestGetAPIKey:%v\n", err)
+				return
+			}
+
+			if output != test.expect {
+				t.Errorf("Unexpected: TestGetAPIKey:%s", output)
+				return
+			}
+		})
+	}
+}
diff --git a/json.go b/json.go
index 1e6e7985e18..c529c90c124 100644
--- a/json.go
+++ b/json.go
@@ -30,5 +30,8 @@ func respondWithJSON(w http.ResponseWriter, code int, payload interface{}) {
 		return
 	}
 	w.WriteHeader(code)
-	w.Write(dat)
+	_, err = w.Write(dat)
+	if err != nil {
+		log.Printf("Critical error writing response: %s", err)
+	}
 }
diff --git a/main.go b/main.go
index 19d7366c5f7..e7362cf29ee 100644
--- a/main.go
+++ b/main.go
@@ -7,6 +7,7 @@ import (
 	"log"
 	"net/http"
 	"os"
+	"time"
 
 	"github.com/go-chi/chi"
 	"github.com/go-chi/cors"
@@ -89,10 +90,11 @@ func main() {
 
 	router.Mount("/v1", v1Router)
 	srv := &http.Server{
-		Addr:    ":" + port,
-		Handler: router,
+		Addr:              ":" + port,
+		Handler:           router,
+		ReadHeaderTimeout: time.Second * 5,
 	}
 
-	log.Printf("Serving on port: %s\n", port)
+	log.Println("Serving HTTP server")
 	log.Fatal(srv.ListenAndServe())
 }
diff --git a/static/index.html b/static/index.html
index 72be101028c..5d4ad73c095 100644
--- a/static/index.html
+++ b/static/index.html
@@ -7,7 +7,7 @@
 </head>
 
 <body class="section">
-    <h1>Notely</h1>
+    <h1>Welcome to Notely</h1>
 
     <div id="userCreationContainer" class="section">
         <input id="nameField" type="text" placeholder="Enter your name">