Expired PGP keys: can we fail the release immediately, with clearer messaging?

The current error message for an expired PGP key is quite hard to find, and happens at the `Sign` stage, when we could probably establish the key is bad earlier on, at the `Init` stage - and maybe provide a better message:

https://github.com/guardian/mobile-apps-api-models/actions/runs/12107847148/job/33755258485#step:9:113

```
Creating release tag (including artifact hashes)
error: gpg failed to sign the data:
[GNUPG:] KEYEXPIRED 1732894550
[GNUPG:] KEY_CONSIDERED E3A34749D7B9948D0AA146D06950682D8454F077 3
gpg: skipped "E3A34749D7B9948D0AA146D06950682D8454F077": Unusable secret key
[GNUPG:] INV_SGNR 9 E3A34749D7B9948D0AA146D06950682D8454F077
[GNUPG:] FAILURE sign 54
gpg: signing failed: Unusable secret key

error: unable to sign the tag
The tag message has been left in .git/TAG_EDITMSG
Error: Process completed with exit code 128.
```

![Image](https://github.com/user-attachments/assets/73f3bff8-7b44-4f31-bf52-caf410b69134)

See also #48 .

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Expired PGP keys: can we fail the release immediately, with clearer messaging? #49

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Expired PGP keys: can we fail the release immediately, with clearer messaging? #49

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions