diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
new file mode 100644
index 0000000000..3938afaa13
--- /dev/null
+++ b/.github/workflows/ci.yml
@@ -0,0 +1,22 @@
+name: ci
+
+on:
+  pull_request:
+    branches: [main]
+
+jobs:
+  tests:
+    name: Tests
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v4
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: "1.25.1"
+
+      - name: run tests
+        run: go test -cover ./...
diff --git a/README.md b/README.md
index c2bec0368b..5c2290e4b3 100644
--- a/README.md
+++ b/README.md
@@ -1,3 +1,4 @@
+![Tests](https://github.com/gewnthar/cicd/actions/workflows/ci.yml/badge.svg)
 # learn-cicd-starter (Notely)
 
 This repo contains the starter code for the "Notely" application for the "Learn CICD" course on [Boot.dev](https://boot.dev).
@@ -21,3 +22,5 @@ go build -o notely && ./notely
 *This starts the server in non-database mode.* It will serve a simple webpage at `http://localhost:8080`.
 
 You do *not* need to set up a database or any interactivity on the webpage yet. Instructions for that will come later in the course!
+
+Gewnthar's version of a Boot.dev's Notely app
diff --git a/internal/auth/auth_test.go b/internal/auth/auth_test.go
new file mode 100644
index 0000000000..2f84eafd95
--- /dev/null
+++ b/internal/auth/auth_test.go
@@ -0,0 +1,62 @@
+package auth
+
+import (
+	"net/http"
+	"testing"
+)
+
+func TestGetAPIKey(t *testing.T) {
+	tests := []struct {
+		name          string
+		headers       http.Header
+		expectedKey   string
+		expectedError error
+	}{
+		{
+			name: "Valid API Key",
+			headers: http.Header{
+				"Authorization": []string{"ApiKey my-secret-api-key"},
+			},
+			expectedKey:   "my-secret-api-key",
+			expectedError: nil,
+		},
+		{
+			name:          "No Authorization Header",
+			headers:       http.Header{},
+			expectedKey:   "",
+			expectedError: ErrNoAuthHeaderIncluded,
+		},
+		{
+			name: "Malformed Authorization Header",
+			headers: http.Header{
+				"Authorization": []string{"Bearer my-secret-api-key"},
+			},
+			expectedKey:   "",
+			expectedError: nil,
+		},
+	}
+
+	for _, tc := range tests {
+		t.Run(tc.name, func(t *testing.T) {
+			key, err := GetAPIKey(tc.headers)
+			if tc.expectedError != nil {
+				if err != tc.expectedError {
+					t.Errorf("expected error %v, got %v", tc.expectedError, err)
+				}
+				return
+			}
+			if tc.name == "Malformed Authorization Header" {
+				if err == nil {
+					t.Error("expected an error for malformed header, but got none")
+				}
+				return
+			}
+			if err != nil {
+				t.Fatalf("unexpected error: %v", err)
+			}
+			if key != tc.expectedKey {
+				t.Errorf("expected key %v, got %v", tc.expectedKey, key)
+			}
+		})
+	}
+}