fix(action): fix gpg

.github/workflows/verify-commits.yml

@@ -20,7 +20,7 @@ jobs:
           sudo apt-get update
           sudo apt-get install -y gnupg
 
-      - name: Import GPG keys
+      - name: Import and Trust GPG Key
         run: |
           # Create a directory for GPG operations
           mkdir -p ~/.gnupg
@@ -29,14 +29,24 @@ jobs:
           # Configure GPG
           echo "use-agent" > ~/.gnupg/gpg.conf
           echo "no-tty" >> ~/.gnupg/gpg.conf
-          echo "personal-digest-preferences SHA256" >> ~/.gnupg/gpg.conf
-          echo "default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed" >> ~/.gnupg/gpg.conf
           
           # Import public key from GitHub
           curl -s https://github.com/${{ github.actor }}.gpg | gpg --import --quiet
           
-          # List keys for debugging
+          # List keys to confirm import
           gpg --list-keys
+          
+          # Explicitly trust the imported GPG key
+          KEY_ID=$(gpg --list-keys --with-colons | grep '^pub' | cut -d':' -f5)
+          echo "$KEY_ID:6:" | gpg --import-ownertrust
+
+      - name: Debug GPG Setup
+        if: failure()
+        run: |
+          echo "GPG directory contents:"
+          ls -la ~/.gnupg
+          echo "GPG config:"
+          cat ~/.gnupg/gpg.conf
 
       - name: Verify Latest Commit
         shell: bash
@@ -47,7 +57,6 @@ jobs:
           echo "Verifying signature for commit: $LATEST_COMMIT"
           
           # Show commit details
-          echo "Commit details:"
           git log -1 --show-signature
           echo -e "\n-----------------------------------"
           
@@ -95,10 +104,3 @@ jobs:
               exit 1
               ;;
           esac
-
-      - name: Debug GPG setup (Optional)
-        if: failure()
-        run: |
-          echo "GPG configuration:"
-          ls -la ~/.gnupg
-          cat ~/.gnupg/gpg.conf