docs: add GitHub Actions CI/CD use case page

Author: beran-t

docs.json

@@ -45,7 +45,8 @@
           {
             "group": "Use cases",
             "pages": [
-              "docs/use-cases/computer-use"
+              "docs/use-cases/computer-use",
+              "docs/use-cases/ci-cd"
             ]
           },
           {

docs/use-cases/ci-cd.mdx

@@ -0,0 +1,283 @@
+---
+title: "GitHub Actions CI/CD"
+description: "Run AI-powered code review, testing, and validation in secure E2B sandboxes from your GitHub Actions workflows."
+icon: "gears"
+---
+
+CI/CD pipelines can use AI agents to review pull requests, generate tests, and validate code changes automatically. E2B sandboxes provide the secure, isolated execution environment where these agents can safely clone repositories, run untrusted code, and report results — all triggered by [GitHub Actions](https://docs.github.com/en/actions) on every pull request. Since each run gets a fresh sandbox, malicious or buggy PR code never touches your CI runner.
+
+## How It Works
+
+The AI-powered CI/CD workflow follows this pattern:
+
+1. **A pull request is opened or updated** — GitHub Actions triggers a workflow
+2. **The workflow creates an E2B sandbox** — a fresh Linux environment isolated from the CI runner
+3. **The repository is cloned into the sandbox** — the PR branch is checked out using E2B's [git integration](/docs/sandbox/git-integration)
+4. **An LLM analyzes the changes** — the diff is sent to a language model (e.g., OpenAI GPT-4o, Anthropic Claude) for review or test generation
+5. **Tests run inside the sandbox** — the project's test suite executes in isolation, with output streamed back to the workflow
+6. **Results are reported** — the workflow posts findings as PR comments via the GitHub API
+
+## Install the E2B SDK
+
+The [E2B SDK](https://github.com/e2b-dev/e2b) provides sandbox creation, command execution, file operations, and git integration for your CI/CD scripts.
+
+<CodeGroup>
+```bash JavaScript & TypeScript
+npm i e2b
+```
+```bash Python
+pip install e2b
+```
+</CodeGroup>
+
+## GitHub Actions Workflow
+
+Define a workflow that triggers on pull request events and runs your AI review script. Store your `E2B_API_KEY` and LLM API key as [GitHub Actions secrets](https://docs.github.com/en/actions/security-for-github-actions/security-guides/using-secrets-in-github-actions) — the built-in `GITHUB_TOKEN` is available automatically.
+
+```yaml .github/workflows/ai-review.yml
+name: AI Code Review
+
+on:
+  pull_request:
+    types: [opened, synchronize]
+
+permissions:
+  pull-requests: write
+
+jobs:
+  ai-review:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: "20"
+
+      - name: Install dependencies
+        run: npm install e2b openai
+
+      - name: Run AI review
+        env:
+          E2B_API_KEY: ${{ secrets.E2B_API_KEY }}
+          OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          PR_REPO: ${{ github.event.pull_request.head.repo.full_name }}
+          PR_BRANCH: ${{ github.event.pull_request.head.ref }}
+          PR_NUMBER: ${{ github.event.pull_request.number }}
+          GITHUB_REPOSITORY: ${{ github.repository }}
+        run: node review.mjs
+```
+
+For Python, replace the setup step with `actions/setup-python@v5`, install with `pip install e2b openai`, and run `python review.py` instead.
+
+## Core Implementation
+
+The following snippets show how to build an AI-powered code review script that runs inside the GitHub Actions workflow above.
+
+### Cloning the pull request
+
+Create a sandbox and clone the PR branch. The `GITHUB_TOKEN` provided by GitHub Actions works as the git password when paired with `x-access-token` as the username — this is the standard [GitHub Apps authentication pattern](https://docs.github.com/en/apps/creating-github-apps/authenticating-with-a-github-app/authenticating-as-a-github-app-installation).
+
+<CodeGroup>
+```typescript JavaScript & TypeScript
+import { Sandbox } from 'e2b'
+
+// Create a sandbox with a 5-minute timeout
+const sandbox = await Sandbox.create({ timeoutMs: 300_000 })
+
+const repoUrl = `https://github.com/${process.env.PR_REPO}.git`
+
+// Clone the PR branch into the sandbox
+await sandbox.git.clone(repoUrl, {
+  path: '/home/user/repo',
+  branch: process.env.PR_BRANCH,
+  username: 'x-access-token',
+  password: process.env.GITHUB_TOKEN,
+  depth: 1,
+})
+
+console.log('Repository cloned successfully')
+```
+```python Python
+import os
+from e2b import Sandbox
+
+# Create a sandbox with a 5-minute timeout
+sandbox = Sandbox.create(timeout=300)
+
+repo_url = f"https://github.com/{os.environ['PR_REPO']}.git"
+
+# Clone the PR branch into the sandbox
+sandbox.git.clone(
+    repo_url,
+    path="/home/user/repo",
+    branch=os.environ["PR_BRANCH"],
+    username="x-access-token",
+    password=os.environ["GITHUB_TOKEN"],
+    depth=1,
+)
+
+print("Repository cloned successfully")
+```
+</CodeGroup>
+
+### Running AI code review
+
+Run `git diff` inside the sandbox to collect the changes, then send them to an LLM for analysis. Because the diff is extracted inside the sandbox, even repositories with malicious build hooks cannot affect the CI runner.
+
+<CodeGroup>
+```typescript JavaScript & TypeScript
+import { Sandbox } from 'e2b'
+import OpenAI from 'openai'
+
+const sandbox = await Sandbox.create({ timeoutMs: 300_000 })
+
+// ... clone step from above
+
+// Get the diff against the base branch
+const diffResult = await sandbox.commands.run(
+  'cd /home/user/repo && git diff origin/main...HEAD'
+)
+const diff = diffResult.stdout
+
+// Send the diff to an LLM for review
+const openai = new OpenAI()
+const response = await openai.chat.completions.create({
+  model: 'gpt-4o',
+  messages: [
+    {
+      role: 'system',
+      content:
+        'You are a senior code reviewer. Analyze the following git diff and provide a concise review with actionable feedback. Focus on bugs, security issues, and code quality.',
+    },
+    {
+      role: 'user',
+      content: `Review this diff:\n\n${diff}`,
+    },
+  ],
+})
+
+const review = response.choices[0].message.content
+console.log('AI Review:', review)
+```
+```python Python
+import os
+from e2b import Sandbox
+from openai import OpenAI
+
+sandbox = Sandbox.create(timeout=300)
+
+# ... clone step from above
+
+# Get the diff against the base branch
+diff_result = sandbox.commands.run(
+    "cd /home/user/repo && git diff origin/main...HEAD"
+)
+diff = diff_result.stdout
+
+# Send the diff to an LLM for review
+client = OpenAI()
+response = client.chat.completions.create(
+    model="gpt-4o",
+    messages=[
+        {
+            "role": "system",
+            "content": "You are a senior code reviewer. Analyze the following git diff and provide a concise review with actionable feedback. Focus on bugs, security issues, and code quality.",
+        },
+        {
+            "role": "user",
+            "content": f"Review this diff:\n\n{diff}",
+        },
+    ],
+)
+
+review = response.choices[0].message.content
+print("AI Review:", review)
+```
+</CodeGroup>
+
+### Running tests in the sandbox
+
+Use the sandbox to run the project's test suite in isolation, streaming output in real time to the GitHub Actions logs. This ensures that untrusted PR code executes in a sandboxed environment rather than on the CI runner itself.
+
+The `commands.run()` method throws when a command exits with a non-zero code — `CommandExitError` in JavaScript and `CommandExitException` in Python. Catch these to handle test failures gracefully.
+
+<CodeGroup>
+```typescript JavaScript & TypeScript
+import { Sandbox, CommandExitError } from 'e2b'
+
+const sandbox = await Sandbox.create({ timeoutMs: 300_000 })
+
+// ... clone step from above
+
+// Install dependencies with streaming output
+await sandbox.commands.run('cd /home/user/repo && npm install', {
+  onStdout: (data) => console.log(data),
+  onStderr: (data) => console.error(data),
+})
+
+// Run the test suite
+try {
+  await sandbox.commands.run('cd /home/user/repo && npm test', {
+    onStdout: (data) => console.log(data),
+    onStderr: (data) => console.error(data),
+  })
+  console.log('All tests passed')
+} catch (err) {
+  if (err instanceof CommandExitError) {
+    console.error('Tests failed with exit code:', err.exitCode)
+    process.exit(1)
+  }
+  throw err
+}
+
+await sandbox.kill()
+```
+```python Python
+import sys
+from e2b import Sandbox, CommandExitException
+
+sandbox = Sandbox.create(timeout=300)
+
+# ... clone step from above
+
+# Install dependencies with streaming output
+sandbox.commands.run(
+    "cd /home/user/repo && npm install",
+    on_stdout=lambda data: print(data),
+    on_stderr=lambda data: print(data, file=sys.stderr),
+)
+
+# Run the test suite
+try:
+    sandbox.commands.run(
+        "cd /home/user/repo && npm test",
+        on_stdout=lambda data: print(data),
+        on_stderr=lambda data: print(data, file=sys.stderr),
+    )
+    print("All tests passed")
+except CommandExitException as err:
+    print(f"Tests failed with exit code: {err.exit_code}", file=sys.stderr)
+    sys.exit(1)
+
+sandbox.kill()
+```
+</CodeGroup>
+
+To post the AI review as a PR comment, use the GitHub REST API with the `GITHUB_TOKEN`. See [Using the GitHub CLI in workflows](https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/using-github-cli-in-workflows) for more ways to interact with GitHub from your workflow scripts.
+
+## Related Guides
+
+<CardGroup cols={3}>
+  <Card title="Git Integration" icon="code-branch" href="/docs/sandbox/git-integration">
+    Clone repos, manage branches, and push changes from sandboxes
+  </Card>
+  <Card title="Connect LLMs" icon="brain" href="/docs/quickstart/connect-llms">
+    Integrate AI models with sandboxes using tool calling
+  </Card>
+  <Card title="Custom Templates" icon="cube" href="/docs/template/quickstart">
+    Build reproducible sandbox environments for your pipelines
+  </Card>
+</CardGroup>