bootdotdev · Simonbunse · Apr 2, 2026 · Apr 2, 2026 · Apr 2, 2026 · Apr 2, 2026
diff --git a/.github/workflows/badge.svg b/.github/workflows/badge.svg
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -0,0 +1,38 @@
+name: ci
+
+on:
+  pull_request:
+    branches: [main]
+
+jobs:
+  tests:
+    name: Tests
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v4
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: "1.26.0"
+
+      - name: Run tests
+        run: go test ./... -cover
+
+  style:
+    name: Style
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v4
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: "1.26.0"
+
+      - name: Check formatting
+        run: test -z $(go fmt ./...)
diff --git a/README.md b/README.md
@@ -1,5 +1,6 @@
 # learn-cicd-starter (Notely)
 
+![Tests](https://github.com/Simonbunse/learn-cicd-starter/actions/workflows/ci.yml/badge.svg)
 This repo contains the starter code for the "Notely" application for the "Learn CICD" course on [Boot.dev](https://boot.dev).
 
 ## Local Development
@@ -21,3 +22,5 @@ go build -o notely && ./notely
 *This starts the server in non-database mode.* It will serve a simple webpage at `http://localhost:8080`.
 
 You do *not* need to set up a database or any interactivity on the webpage yet. Instructions for that will come later in the course!
+
+Simon's version of Boot.dev's Notely app.
diff --git a/internal/auth/auth_test.go b/internal/auth/auth_test.go
@@ -0,0 +1,58 @@
+package auth
+
+import (
+	"errors"
+	"net/http"
+	"testing"
+)
+
+func TestGetAPIKeyReturnsKey(t *testing.T) {
+	headers := http.Header{}
+	headers.Set("Authorization", "ApiKey secret-key")
+
+	got, err := GetAPIKey(headers)
+	if err != nil {
+		t.Fatalf("expected no error, got %v", err)
+	}
+
+	if got != "secret-key" {
+		t.Fatalf("expected API key %q, got %q", "secret-key", got)
+	}
+}
+
+func TestGetAPIKeyErrors(t *testing.T) {
+	tests := []struct {
+		name    string
+		header  string
+		wantErr error
+	}{
+		{
+			name:    "missing authorization header",
+			header:  "",
+			wantErr: ErrNoAuthHeaderIncluded,
+		},
+		{
+			name:    "malformed authorization header",
+			header:  "Bearer secret-key",
+			wantErr: errors.New("malformed authorization header"),
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			headers := http.Header{}
+			if tt.header != "" {
+				headers.Set("Authorization", tt.header)
+			}
+
+			_, err := GetAPIKey(headers)
+			if err == nil {
+				t.Fatal("expected an error, got nil")
+			}
+
+			if err.Error() != tt.wantErr.Error() {
+				t.Fatalf("expected error %q, got %q", tt.wantErr.Error(), err.Error())
+			}
+		})
+	}
+}