chore: Improve GPG key handling and configuration in GitHub Actions workflow

- Enhanced the GPG key import process by creating a dedicated directory and writing the key to a file before importing.
- Added steps to ensure proper GPG directory permissions and configuration, including loopback pinentry settings.
- Cleaned up temporary files after key import to maintain security.

Author: Marvin Zhang

.github/workflows/publish.yml

@@ -74,15 +74,34 @@ jobs:
 
       - name: Import GPG key
         run: |
-          echo "${{ secrets.GPG_PRIVATE_KEY }}" | base64 -d | gpg --batch --import
+          # Create GPG directory
+          mkdir -p ~/.gnupg/
+          chmod 700 ~/.gnupg/
+          
+          # Write key to file first
+          echo "${{ secrets.GPG_PRIVATE_KEY }}" > ~/private-key.asc
+          gpg --batch --import ~/private-key.asc
+          rm ~/private-key.asc  # Clean up
+          
+          # Verify the key was imported
           gpg --list-secret-keys --keyid-format LONG
         env:
           GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
 
       - name: Set up GPG
         run: |
+          # Ensure directory exists
+          mkdir -p ~/.gnupg/
+          
+          # Configure GPG
           echo "allow-loopback-pinentry" >> ~/.gnupg/gpg-agent.conf
           echo "pinentry-mode loopback" >> ~/.gnupg/gpg.conf
+          
+          # Set permissions
+          chmod 700 ~/.gnupg
+          chmod 600 ~/.gnupg/*
+          
+          # Restart agent
           gpgconf --kill gpg-agent
           gpg-agent --daemon