diff --git a/.ansible-lint b/.ansible-lint
new file mode 100644
index 0000000..d7921d7
--- /dev/null
+++ b/.ansible-lint
@@ -0,0 +1,20 @@
+---
+profile: production
+
+exclude_paths:
+  - .gitea/
+  - changelogs/
+  - tests/output/
+  - '*.tar.gz'
+
+skip_list:
+  - experimental  # Allow experimental features
+  - ignore-errors  # For development
+
+warn_list:
+  - role-name[path]  # Role naming convention
+
+# Enable all rules by default
+enable_list:
+  - no-log-password
+  - no-same-owner
diff --git a/.gitea/workflows/README.md b/.gitea/workflows/README.md
new file mode 100644
index 0000000..edbb03f
--- /dev/null
+++ b/.gitea/workflows/README.md
@@ -0,0 +1,124 @@
+# Gitea Actions CI/CD
+
+This collection includes automated testing and publishing workflows using Gitea Actions.
+
+## Workflows
+
+### Test Workflow (`.gitea/workflows/test.yml`)
+
+Automatically runs on push and pull requests to main/master/develop branches.
+
+**Jobs:**
+
+1. **Sanity Tests** - Runs ansible-test sanity checks across multiple Ansible versions (2.15, 2.16, 2.17, devel)
+2. **Python Syntax Check** - Validates Python syntax for all module files
+3. **Build Collection** - Builds the collection tarball and verifies contents
+4. **YAML/Ansible Lint** - Runs yamllint and ansible-lint (non-blocking)
+5. **Documentation Check** - Validates module documentation can be parsed
+6. **Unit Tests** - Runs unit tests when available (non-blocking)
+
+**Trigger manually:**
+```bash
+git push origin main
+# Or create a pull request
+```
+
+### Publish Workflow (`.gitea/workflows/publish.yml`)
+
+Publishes the collection to Ansible Galaxy.
+
+**Triggers:**
+- Automatically on GitHub/Gitea release
+- Manually via workflow dispatch
+
+**Setup:**
+
+1. Generate an API token from [Ansible Galaxy](https://galaxy.ansible.com/me/preferences)
+2. Add the token as a secret in your repository:
+   - Go to repository Settings → Secrets
+   - Add new secret: `GALAXY_API_TOKEN`
+   - Paste your Galaxy API token
+
+**Manual trigger:**
+- Go to Actions tab
+- Select "Publish to Galaxy" workflow
+- Click "Run workflow"
+- Enter version number (e.g., 1.0.0)
+
+## Running Tests Locally
+
+### Python Syntax Check
+```bash
+python -m py_compile plugins/modules/nsupdate_zone.py
+python -m py_compile plugins/module_utils/deps.py
+```
+
+### Build Collection
+```bash
+ansible-galaxy collection build
+```
+
+### Sanity Tests
+```bash
+# Setup collection path structure
+mkdir -p ansible_collections/valid
+ln -s $(pwd) ansible_collections/valid/nsupdate_zone
+cd ansible_collections/valid/nsupdate_zone
+
+# Run sanity tests
+ansible-test sanity --docker
+```
+
+### YAML Lint
+```bash
+pip install yamllint
+yamllint .
+```
+
+### Ansible Lint
+```bash
+pip install ansible-lint
+ansible-lint
+```
+
+## Workflow Status
+
+Add a badge to your README:
+
+```markdown
+![Test](https://your-gitea-instance.com/your-username/valid.nsupdate_zone/actions/workflows/test.yml/badge.svg)
+```
+
+## Troubleshooting
+
+### Sanity Tests Fail
+
+- Ensure all Python files have correct syntax
+- Check that DOCUMENTATION, EXAMPLES, and RETURNS are valid YAML
+- Verify module follows Ansible module development guidelines
+
+### Build Fails
+
+- Check `galaxy.yml` is valid
+- Ensure all required files are present
+- Verify file permissions are correct
+
+### Publish Fails
+
+- Verify `GALAXY_API_TOKEN` secret is set correctly
+- Check that version in `galaxy.yml` is incremented
+- Ensure no version conflicts on Galaxy
+
+## Required Secrets
+
+For the publish workflow to work, configure this secret in your repository:
+
+- `GALAXY_API_TOKEN` - Your Ansible Galaxy API token
+
+## Supported Ansible Versions
+
+The CI tests against:
+- Ansible 2.15 (stable)
+- Ansible 2.16 (stable)
+- Ansible 2.17 (stable)
+- Ansible devel (latest development version)
diff --git a/.gitea/workflows/publish.yml b/.gitea/workflows/publish.yml
new file mode 100644
index 0000000..cbef439
--- /dev/null
+++ b/.gitea/workflows/publish.yml
@@ -0,0 +1,51 @@
+name: Publish to Galaxy
+
+on:
+  workflow_dispatch:
+    inputs:
+      version:
+        description: 'Version to publish (e.g., 1.0.0)'
+        required: true
+        type: string
+
+jobs:
+  publish:
+    name: Publish Collection to Ansible Galaxy
+    runs-on: ubuntu-latest
+    
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+      
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.11'
+      
+      - name: Install Ansible
+        run: pip install ansible-core
+      
+      - name: Build collection
+        run: ansible-galaxy collection build
+      
+      - name: Verify build
+        run: |
+          echo "Built collection:"
+          ls -lh valid-nsupdate_zone-*.tar.gz
+          echo ""
+          echo "Contents preview:"
+          tar -tzf valid-nsupdate_zone-*.tar.gz | head -30
+      
+      - name: Publish to Ansible Galaxy
+        run: |
+          ansible-galaxy collection publish valid-nsupdate_zone-*.tar.gz --token ${{ secrets.GALAXY_API_TOKEN }}
+        if: github.event_name == 'release' || github.event_name == 'workflow_dispatch'
+        env:
+          GALAXY_API_TOKEN: ${{ secrets.GALAXY_API_TOKEN }}
+      
+      - name: Upload collection artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: collection-release
+          path: valid-nsupdate_zone-*.tar.gz
+          retention-days: 90
diff --git a/.gitea/workflows/test.yml b/.gitea/workflows/test.yml
new file mode 100644
index 0000000..2a7f8d2
--- /dev/null
+++ b/.gitea/workflows/test.yml
@@ -0,0 +1,182 @@
+name: Test Collection
+
+on:
+  push:
+    branches: [main, master, develop]
+  pull_request:
+    branches: [main, master, develop]
+  workflow_dispatch:
+
+jobs:
+  sanity:
+    name: Sanity Tests (Ansible ${{ matrix.ansible-version }})
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        ansible-version:
+          - stable-2.15
+          - stable-2.16
+          - stable-2.17
+          - devel
+    
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          path: ansible_collections/valid/nsupdate_zone
+      
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.11'
+      
+      - name: Install Ansible
+        run: pip install https://github.com/ansible/ansible/archive/${{ matrix.ansible-version }}.tar.gz --disable-pip-version-check
+      
+      - name: Install collection dependencies
+        run: pip install -r requirements.txt
+        working-directory: ansible_collections/valid/nsupdate_zone
+      
+      - name: Run sanity tests
+        run: ansible-test sanity --docker -v --color
+        working-directory: ansible_collections/valid/nsupdate_zone
+
+  syntax:
+    name: Python Syntax Check
+    runs-on: ubuntu-latest
+    
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+      
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.11'
+      
+      - name: Check Python syntax
+        run: |
+          python -m py_compile plugins/modules/nsupdate_zone.py
+          python -m py_compile plugins/module_utils/deps.py
+          echo "✓ All Python files have valid syntax"
+
+  build:
+    name: Build Collection
+    runs-on: ubuntu-latest
+    
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+      
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.11'
+      
+      - name: Install Ansible
+        run: pip install ansible-core
+      
+      - name: Build collection
+        run: ansible-galaxy collection build
+      
+      - name: Verify tarball
+        run: |
+          if [ -f valid-nsupdate_zone-*.tar.gz ]; then
+            echo "✓ Collection built successfully"
+            ls -lh valid-nsupdate_zone-*.tar.gz
+            tar -tzf valid-nsupdate_zone-*.tar.gz | head -20
+          else
+            echo "✗ Collection build failed"
+            exit 1
+          fi
+      
+      - name: Upload collection artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: collection
+          path: valid-nsupdate_zone-*.tar.gz
+          retention-days: 7
+
+  lint:
+    name: YAML and Ansible Lint
+    runs-on: ubuntu-latest
+    
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          path: ansible_collections/valid/nsupdate_zone
+      
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.11'
+      
+      - name: Install dependencies
+        run: |
+          pip install ansible-core ansible-lint yamllint
+      
+      - name: Run yamllint
+        run: yamllint .
+        working-directory: ansible_collections/valid/nsupdate_zone
+        continue-on-error: true
+      
+      - name: Run ansible-lint
+        run: ansible-lint
+        working-directory: ansible_collections/valid/nsupdate_zone
+        continue-on-error: true
+
+  documentation:
+    name: Documentation Check
+    runs-on: ubuntu-latest
+    
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          path: ansible_collections/valid/nsupdate_zone
+      
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.11'
+      
+      - name: Install Ansible
+        run: pip install ansible-core
+      
+      - name: Validate module documentation
+        run: |
+          ansible-doc valid.nsupdate_zone.nsupdate_zone
+        working-directory: ansible_collections/valid/nsupdate_zone
+
+  unit:
+    name: Unit Tests
+    runs-on: ubuntu-latest
+    
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          path: ansible_collections/valid/nsupdate_zone
+      
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.11'
+      
+      - name: Install Ansible and dependencies
+        run: |
+          pip install ansible-core
+          pip install -r requirements.txt
+        working-directory: ansible_collections/valid/nsupdate_zone
+      
+      - name: Run unit tests
+        run: |
+          if [ -d "tests/unit/plugins/modules" ] && [ "$(ls -A tests/unit/plugins/modules)" ]; then
+            ansible-test units --docker -v --color
+          else
+            echo "⚠ No unit tests found - skipping"
+          fi
+        working-directory: ansible_collections/valid/nsupdate_zone
+        continue-on-error: true
diff --git a/.yamllint b/.yamllint
new file mode 100644
index 0000000..69b5da2
--- /dev/null
+++ b/.yamllint
@@ -0,0 +1,31 @@
+---
+extends: default
+
+rules:
+  line-length:
+    max: 160
+    level: warning
+  
+  comments:
+    min-spaces-from-content: 1
+  
+  indentation:
+    spaces: 2
+    indent-sequences: true
+  
+  truthy:
+    allowed-values: ['true', 'false', 'yes', 'no']
+    check-keys: false
+  
+  braces:
+    max-spaces-inside: 1
+  
+  brackets:
+    max-spaces-inside: 1
+  
+  comments-indentation: disable
+
+ignore: |
+  .gitignore
+  changelogs/
+  tests/output/
diff --git a/README.md b/README.md
index 36bdc96..e90b42b 100644
--- a/README.md
+++ b/README.md
@@ -2,6 +2,10 @@
 
 Efficient DNS zone management for Ansible using AXFR and atomic batched DNS UPDATE messages.
 
+## CI/CD Status
+
+Automated testing with Gitea Actions. See [.gitea/workflows/README.md](.gitea/workflows/README.md) for details.
+
 ## Requirements
 
 - **Ansible**: >= 2.15