I have these to files required to implement signature verification on the runner side in config.toml file. stages:

$-$ build

verify$\_$signature:

stage: build

script:

$-$ gpg $--$verify $CI$\_$COMMIT$\_$REF$\_$NAME.sig $CI$\_$COMMIT$\_$REF$\_$NAME

tags:

$-$ my$-$runner$-$tag

only:

$-$ main # Adjust this to the branch you want to verify"

and

$"[[$runners$]]$

name $=$ "your$-$runner$-$name"

url $="$my url"

token $="$my token"

executor $=$ "shell"

$[$runners$.$custom$\_$build$\_$dir$]$

$[$runners$.$cache$]$

$[$runners$.$cache.s$3]$

$[$runners$.$cache.gcs$]$

$[$runners$.$custom$]$

run$\_$exec $=$ "give me this script" # This is a placeholder, replace it with your actual custom script path

verify$\_$signature $=$ true # Enable GPG signature verification

verify$\_$signature$\_$key $=$ "ABE$35$DA$323$B$1$D$2669$E$7493$D$30341$EB$30$D$5016$CDF$"$ # Replace with your GPG key ID$"....$ I am beginner in gitlab. can you help me check the correctness of these two configuration files to impelement signature verification GPG on runner side config.toml file. I need from you to give me the correct script to put it in run$\_$exec to implement the verification. help me with all steps to successfully impelemnt and see the result in my pipeline log like this in this picture. Running with gitlab$-$runner $16\mathrm{.}5\mathrm{.}0(853330$f$9)$

on sting$-$virtual$-$machine WD$84$cyvN$,$ system ID: s$\_$fe$63$af$66$a$638$

Preparing the "shell" executor

Using Shell $($bash$)$ executor...

Preparing environment

Running on sting$-$virtual$-$machine...

Getting source from Git repository

Fetching changes with git depth set to $20$dots

Reinitialized existing Git repository in$/$home$/$gitlab$-$runner$/$builds$/$wD$84$cyvN$/$o$/$root$/$my$-$project$/.$git$/$

Checking out ffe$5$cdfa as detached HEAD $($ref is main$)...$

Skipping Git submodules setup

Executing "step$\_$script" stage of the job script

$c$.$

gpg: Signature made BC $12202320$:$55$:$20$ MSK

gpg: $,$ using RSA key ABE$35$DA$323$B$1$D$2669$E$7493$D$30341$EB$30$D$5016$CDF

gpg: Good signature from "sting

admin@example.com" $[$unknown$]$

gpg: WARNING: This key is not certified with a trusted signature!

gpg: There is no indication that the signature belongs to the owner.

Primary key fingerprint: ABE$35$DA$323$B$1$ D$2669$E$7493$ D$30341$ EB$30$ D$5016$CDF