add github sonarqube guide

Author: sarahsanders-docker

content/guides/github-sonarqube-sandbox/_index.md

@@ -0,0 +1,51 @@
+---
+title: Automate code quality workflows with GitHub and SonarQube in E2B sandboxes
+linkTitle: GitHub and SonarQube quality checks
+summary: Build AI-powered code quality workflows using E2B sandboxes with Docker's MCP catalog to automate GitHub and SonarQube integration.
+description: Learn how to create E2B sandboxes with MCP servers, analyze code quality with SonarQube, and generate quality-gated pull requests using GitHub—all through natural language interactions with Claude.
+tags: [devops]
+params:
+  featured: true
+  time: 40 minutes
+  image:
+  resource_links:
+    - title: E2B Documentation
+      url: https://e2b.dev/docs
+    - title: Docker MCP Catalog
+      url: https://hub.docker.com/mcp
+    - title: Sandboxes
+      url: https://docs.docker.com/ai/mcp-catalog-and-toolkit/sandboxes/
+---
+
+This guide demonstrates how to build an AI-powered code quality workflow using
+[E2B sandboxes](https://e2b.dev/docs) with Docker’s MCP catalog. You’ll create
+a system that automatically analyzes code quality issues in GitHub repositories
+using SonarQube, then generate pull requests with fixes.
+
+## What you'll build
+
+You'll build a Node.js script that spins up an E2B sandbox, connects GitHub
+and SonarQube MCP servers, and uses Claude to analyze code quality and propose
+improvements.
+
+## What you'll learn
+
+In this guide, you'll learn:
+
+- How to create E2B sandboxes with multiple MCP servers
+- How to configure GitHub and SonarQube MCP servers for AI workflows
+- How to use Claude CLI inside sandboxes to interact with external tools
+- How to build automated code review workflows that create quality-gated
+pull requests
+
+## Why use E2B sandboxes?
+
+Running this workflow in E2B sandboes provides several advantages over
+local execution:
+
+- Security: AI-generated code runs in isolated containers, protecting your
+local environment and credentials
+- Zero setup: No need to install SonarQube, GitHub CLI, or manage dependencies
+locally
+- Scalability: Resource-intensive operations like code scanning run in the
+cloud without consuming local resources

content/guides/github-sonarqube-sandbox/customize.md

@@ -0,0 +1,88 @@
+---
+title: Customize a code quality check workflow
+linkTitle: Customize workflow
+summary: Adapt your GitHub and SonarQube workflow to focus on specific quality issues, integrate with CI/CD, and set custom thresholds.
+description: Learn how to customize prompts for specific quality issues, filter by file patterns, set quality thresholds, and integrate your workflow with GitHub Actions for automated code quality checks.
+weight: 20
+---
+
+Now that you understand the basics of automating code quality workflows with
+GitHub and SonarQube in E2B sandboxes, you can customize the workflow
+for your needs.
+
+## Focus on specific quality issues
+
+Modify the prompt to prioritize certain issue types:
+
+```javascript
+const prompt = `Using SonarQube and GitHub MCP tools:
+
+Focus only on:
+- Security vulnerabilities (CRITICAL priority)
+- Bugs (HIGH priority)
+- Skip code smells for this iteration
+
+Analyze "${repoPath}" and fix the highest priority issues first.`;
+```
+
+## Integrate with CI/CD
+
+Add this workflow to GitHub actions to run automatically on pull requests:
+
+```yaml
+name: Automated quality checks
+on:
+  pull_request:
+    types: [opened, synchronize]
+
+jobs:
+  quality:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version: '18'
+      - run: npm install
+      - run: node 06-quality-gated-pr.js
+        env:
+          E2B_API_KEY: ${{ secrets.E2B_API_KEY }}
+          ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          SONARQUBE_TOKEN: ${{ secrets.SONARQUBE_TOKEN }}
+          GITHUB_OWNER: ${{ github.repository_owner }}
+          GITHUB_REPO: ${{ github.event.repository.name }}
+          SONARQUBE_ORG: your-org-key
+```
+
+## Filter by file patterns
+
+Target specific parts of your codebase:
+
+```javascript
+const prompt = `Analyze code quality but only consider:
+- Files in src/**/*.js
+- Exclude test files (*.test.js, *.spec.js)
+- Exclude build artifacts in dist/
+
+Focus on production code only.`;
+```
+
+## Set quality thresholds
+
+Define when PRs should be created:
+
+```javascript
+const prompt = `Quality gate thresholds:
+- Only create PR if:
+  * Bug count decreases by at least 1
+  * No new security vulnerabilities introduced
+  * Code coverage doesn't decrease
+  * Technical debt reduces by at least 15 minutes
+
+If changes don't meet these thresholds, explain why and skip PR creation.`;
+```
+
+## Next steps
+
+Learn how to troubleshoot common issues.

content/guides/github-sonarqube-sandbox/troubleshoot.md

@@ -0,0 +1,63 @@
+---
+title: Troubleshoot code quality workflow issues
+linkTitle: Troubleshooting
+summary: Resolve common issues with E2B sandboxes, MCP server connections, and GitHub/SonarQube integration.
+description: Solutions for MCP tools not loading, authentication errors, permission issues, workflow timeouts, and other common problems when building code quality workflows with E2B.
+weight: 30
+---
+
+This page covers common issues you might encounter when building code quality
+workflows with E2B sandboxes and MCP servers, along with their solutions.
+
+If you're experiencing problems not covered here, check the
+[E2B documentation](https://e2b.dev/docs).
+
+## MCP tools not available
+
+Issue: Claude reports `I don't have any MCP tools available`.
+
+Solution:
+
+1. Verify you're using the authorization header:
+
+    ```plaintext
+    --header "Authorization: Bearer ${mcpToken}"
+    ```
+
+2. Check you're waiting for MCP initialization:
+
+    ```javascript
+    await new Promise(resolve => setTimeout(resolve, 1000));
+    ```
+
+3. Ensure credentials are in both `envs` and `mcp` configuration.
+4. Verify your API tokens are valid and have proper scopes.
+
+## GitHub tools work but SonarQube doesn't
+
+Issue: GitHub MCP tools load but SonarQube tools don't appear.
+
+Solution: SonarQube MCP server requires GitHub to be configured simultaneously.
+Always include both servers in your sandbox configuration, even if you're only
+testing one.
+
+## Claude can’t access private repositories
+
+Issue: “I don’t have access to that repository”.
+
+Solution:
+
+1. Verify your GitHub token has `repo` scope (not just `public_repo`).
+2. Test with a public repository first.
+3. Ensure the repository owner and name are correct in your `.env`.
+
+## Workflow times out or runs too long
+
+Issue: Workflow doesn’t complete or Claude credits run out.
+
+Solutions:
+
+1. Use `timeoutMs: 0` for complex workflows to allow unlimited time.
+2. Break complex workflows into smaller, focused tasks.
+3. Monitor your Anthropic API credit usage.
+4. Add checkpoints in prompts: “After each step, show progress before continuing”.