Fix critical bugs and add production-readiness features

.env.example

@@ -0,0 +1,52 @@
+# Django Backend Environment Variables
+# Copy this file to .env and fill in your values
+
+# =========================
+# SECURITY SETTINGS
+# =========================
+
+# Generate a new secret key for production!
+# Run: python -c 'from django.core.management.utils import get_random_secret_key; print(get_random_secret_key())'
+SECRET_KEY=django-insecure-CHANGE-THIS-IN-PRODUCTION
+
+# Debug mode - MUST be False in production
+DEBUG=False
+
+# =========================
+# ALLOWED HOSTS
+# =========================
+
+# Comma-separated list of allowed host/domain names
+# Example: your-app.railway.app,www.your-domain.com
+ALLOWED_HOSTS=localhost,127.0.0.1
+
+# =========================
+# DATABASE
+# =========================
+
+# Railway automatically sets this - don't override it in production
+# For local development with Railway database:
+# DATABASE_URL=postgresql://user:password@host:5432/dbname
+
+# =========================
+# CORS CONFIGURATION
+# =========================
+
+# Comma-separated list of allowed origins (frontend URLs)
+# Example: https://your-frontend.railway.app,https://www.your-domain.com
+CORS_ALLOWED_ORIGINS=http://localhost:3000,http://localhost:8000
+
+# =========================
+# CSRF CONFIGURATION
+# =========================
+
+# Comma-separated list of trusted origins for CSRF
+# Should match your frontend URLs
+CSRF_TRUSTED_ORIGINS=http://localhost:3000
+
+# =========================
+# EXTERNAL SERVICES
+# =========================
+
+# OpenAI API Key (for AI features)
+OPENAI_API_KEY=your-openai-api-key-here

.github/workflows/README.md

@@ -0,0 +1,129 @@
+# GitHub Actions CI/CD Setup
+
+This repository uses GitHub Actions to automatically test and deploy to Railway.
+
+## Workflow Overview
+
+The `test-and-deploy.yml` workflow runs on:
+- **Push to main branch**: Runs all tests, then deploys if tests pass
+- **Pull requests to main**: Runs all tests (no deployment)
+
+## Jobs
+
+### 1. Backend Tests
+- Sets up Python 3.10
+- Runs PostgreSQL 13 service
+- Installs dependencies from `requirements.txt`
+- Runs Django test suite (28 tests)
+
+### 2. Frontend Tests
+- Sets up Node.js 24
+- Installs npm dependencies
+- Runs Jest unit tests (16 tests)
+- Generates coverage report (96.31% coverage)
+
+### 3. Deploy Backend (main branch only)
+- Only runs if both test jobs pass
+- Deploys Django backend to Railway
+- Requires `RAILWAY_TOKEN` secret
+
+### 4. Deploy Frontend (main branch only)
+- Only runs if both test jobs pass
+- Deploys Next.js frontend to Railway
+- Requires `RAILWAY_TOKEN` secret
+
+## Setup Instructions
+
+### 1. Get Your Railway Token
+
+```bash
+# Install Railway CLI
+npm install -g @railway/cli
+
+# Login to Railway
+railway login
+
+# Get your token (this will open Railway dashboard)
+railway whoami
+```
+
+Then go to Railway Dashboard → Account Settings → Tokens → Create New Token
+
+### 2. Add Railway Token to GitHub Secrets
+
+1. Go to your GitHub repository
+2. Navigate to Settings → Secrets and variables → Actions
+3. Click "New repository secret"
+4. Name: `RAILWAY_TOKEN`
+5. Value: (paste your Railway token)
+6. Click "Add secret"
+
+### 3. Configure Railway Services
+
+Make sure you have two services set up in Railway:
+- **backend**: Your Django application
+- **frontend**: Your Next.js application
+
+The service names in the workflow must match your Railway service names. If your services have different names, update the workflow file:
+
+```yaml
+# Update these lines with your actual service names
+run: railway up --service YOUR_BACKEND_SERVICE_NAME
+run: railway up --service YOUR_FRONTEND_SERVICE_NAME --directory frontend/next-app
+```
+
+## Testing the Workflow
+
+### Test on Pull Request (Safe)
+```bash
+git checkout -b test-workflow
+git add .
+git commit -m "Test GitHub Actions workflow"
+git push origin test-workflow
+# Create PR on GitHub - tests will run but won't deploy
+```
+
+### Deploy to Production
+```bash
+git checkout main
+git add .
+git commit -m "Add CI/CD workflow"
+git push origin main
+# Tests will run, then deploy to Railway if tests pass
+```
+
+## Monitoring
+
+- View workflow runs: GitHub repository → Actions tab
+- Each job shows real-time logs
+- Failed tests will block deployment
+- You'll get email notifications for failed workflows
+
+## Local Testing
+
+Before pushing, you can run the same tests locally:
+
+```bash
+# Run all tests
+make test
+
+# Or individually
+make test-backend
+make test-frontend
+```
+
+## Troubleshooting
+
+**Tests pass locally but fail in CI:**
+- Check Python/Node versions match
+- Verify all dependencies are in requirements.txt/package.json
+- Check for environment-specific code
+
+**Deployment fails:**
+- Verify RAILWAY_TOKEN is correctly set in GitHub secrets
+- Verify Railway service names match the workflow
+- Check Railway dashboard for service status
+
+**Token expired:**
+- Generate a new Railway token
+- Update the RAILWAY_TOKEN secret in GitHub

.github/workflows/test-and-deploy.yml

@@ -0,0 +1,105 @@
+name: Test and Deploy
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+jobs:
+  test-backend:
+    name: Backend Tests
+    runs-on: ubuntu-latest
+
+    services:
+      postgres:
+        image: postgres:13
+        env:
+          POSTGRES_HOST_AUTH_METHOD: trust
+        options: >-
+          --health-cmd pg_isready
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
+        ports:
+          - 5432:5432
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.10'
+          cache: 'pip'
+
+      - name: Install dependencies
+        run: |
+          pip install -r requirements.txt
+
+      - name: Run Django tests
+        env:
+          DATABASE_URL: postgresql://postgres@localhost:5432/postgres
+          SECURE_SSL_REDIRECT: "False"
+        run: |
+          python manage.py test
+
+  test-frontend:
+    name: Frontend Tests
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '24'
+          cache: 'npm'
+          cache-dependency-path: frontend/next-app/package-lock.json
+
+      - name: Install dependencies
+        working-directory: frontend/next-app
+        run: npm ci
+
+      - name: Run Jest tests
+        working-directory: frontend/next-app
+        run: npm test
+
+      - name: Run test coverage
+        working-directory: frontend/next-app
+        run: npm run test:coverage
+
+  deploy-backend:
+    name: Deploy Backend to Railway
+    needs: [test-backend, test-frontend]
+    runs-on: ubuntu-latest
+    if: github.ref == 'refs/heads/main' && github.event_name == 'push'
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install Railway CLI
+        run: npm install -g @railway/cli
+
+      - name: Deploy to Railway
+        env:
+          RAILWAY_TOKEN: ${{ secrets.RAILWAY_TOKEN }}
+        run: railway up --service backend
+
+  deploy-frontend:
+    name: Deploy Frontend to Railway
+    needs: [test-backend, test-frontend]
+    runs-on: ubuntu-latest
+    if: github.ref == 'refs/heads/main' && github.event_name == 'push'
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install Railway CLI
+        run: npm install -g @railway/cli
+
+      - name: Deploy to Railway
+        env:
+          RAILWAY_TOKEN: ${{ secrets.RAILWAY_TOKEN }}
+        run: railway up --service frontend --directory frontend/next-app

Dockerfile

@@ -14,4 +14,10 @@ COPY ./requirements.txt .
 RUN pip install -r requirements.txt
 
 # Copy project
-COPY . .
+COPY . .
+
+# Collect static files for production
+RUN python manage.py collectstatic --noinput
+
+# Run gunicorn in production (Railway will use this)
+CMD gunicorn django_project.wsgi:application --bind 0.0.0.0:$PORT