diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml
index 4793707..746af4d 100644
--- a/.gitea/workflows/ci.yml
+++ b/.gitea/workflows/ci.yml
@@ -1,4 +1,5 @@
 ---
+# ci-sync: 2026-05-30T01:28:29Z
 # Homelab CI — Node/pages lane (git-ci-01) + secret scan (git-ci-02)
 name: CI
 
@@ -56,7 +57,20 @@ jobs:
         run: npm test --if-present
 
       - name: Build
-        run: npm run build --if-present
+        env:
+          NEXTAUTH_SECRET: ${{ secrets.NEXTAUTH_SECRET }}
+          NEXTAUTH_URL: ${{ secrets.NEXTAUTH_URL }}
+          AUTH_SECRET: ${{ secrets.AUTH_SECRET }}
+          DATABASE_URL: ${{ secrets.DATABASE_URL }}
+        run: |
+          export CI=true
+          # Placeholders so Next.js/NextAuth can compile in CI without real secrets.
+          # Override via Gitea repo Actions secrets when you need production-like builds.
+          export NEXTAUTH_SECRET="${NEXTAUTH_SECRET:-ci-build-placeholder-not-for-production}"
+          export AUTH_SECRET="${AUTH_SECRET:-$NEXTAUTH_SECRET}"
+          export NEXTAUTH_URL="${NEXTAUTH_URL:-http://localhost:3000}"
+          export DATABASE_URL="${DATABASE_URL:-postgresql://ci:ci@127.0.0.1:5432/ci?schema=public}"
+          npm run build --if-present
 
       - name: npm audit (advisory)
         run: npm audit --audit-level=high || true