ci: verify changes to Maintainers.yaml made by the bot

.github/workflows/verify-maintainers.yaml

@@ -0,0 +1,81 @@
+name: Verify Maintainers Changes
+
+on:
+  pull_request:
+    types: [synchronize, opened]
+    paths:
+      - "MAINTAINERS.yaml"
+
+jobs:
+  verify-changes:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout main branch
+        uses: actions/checkout@v3
+        with:
+          ref: master
+          path: community-main
+
+      - name: Checkout PR branch
+        uses: actions/checkout@v3
+        with:
+          ref: ${{ github.head_ref }}
+          path: pr-branch
+
+      - name: Install Dependencies
+        run: npm install yaml
+
+      - name: Verify changes in MAINTAINERS.yaml
+        id: verify-changes
+        uses: actions/github-script@v5
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            const yaml = require("yaml");
+            const fs = require("fs");
+
+            const mainFile = yaml.parse(fs.readFileSync("./community-main/MAINTAINERS.yaml", "utf8"));
+            const prFile = yaml.parse(fs.readFileSync("./pr-branch/MAINTAINERS.yaml", "utf8"));
+
+            const beforeMaintainers = new Map(mainFile.map((maintainer) => [maintainer.name, {github: maintainer.github, repos: maintainer.repos || []}]));
+            let isCriticalChangeDetected = false;
+
+            const owner = "${{ github.repository_owner }}";
+            const repo = "${{ github.event.repository.name }}";
+            const pull_number = "${{ github.event.pull_request.number }}";
+
+            if (prFile.length < mainFile.length) {
+              core.error(`Critical changes have been made to Maintainers.yaml. A maintainer has been removed. Please review.`);
+              isCriticalChangeDetected = true;
+            }
+
+            for (const maintainer of prFile) {
+              const previousData = beforeMaintainers.get(maintainer.name);
+              if (!previousData) {
+                core.error(`Critical changes have been made to Maintainers.yaml by ${maintainer.name}. A new maintainer has been added. Please review.`);
+                isCriticalChangeDetected = true;
+                break;
+              } else {
+                const previousGithub = previousData.github;
+                const previousRepos = previousData.repos;
+
+                if (previousGithub !== maintainer.github || JSON.stringify(previousRepos) !== JSON.stringify(maintainer.repos || [])) {
+                  core.error(`Critical changes have been made to Maintainers.yaml by ${maintainer.name}. GitHub key or repos list has been modified. Please review.`);
+                  isCriticalChangeDetected = true;
+                  break;
+                }
+              }
+            }
+
+            // If critical change is detected, create a comment on the PR and close it.
+            if (isCriticalChangeDetected) {
+                github.rest.issues.createComment({ owner, repo, issue_number: pull_number, body: 'Critical changes detected in Maintainers.yaml. A maintainer has been added, removed, or had their GitHub key or repos list modified. Please review.' });
+
+                // Close the PR
+                github.rest.pulls.update({
+                    owner,
+                    repo,
+                    pull_number,
+                    state: 'closed'
+                });
+            }