ci(github): action

add github action to verify commit

.github/workflows/verify-commits.yml

@@ -0,0 +1,41 @@
+name: Verify Commit Signatures
+
+on:
+  pull_request:
+    branches:
+      - master
+      - develop
+  push:
+    branches:
+      - master
+      - develop
+
+jobs:
+  verify-commit-signature:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0  # Important: fetch all history for all branches and tags
+
+      - name: Verify commit signatures
+        run: |
+          # Check all commits in the push or pull request
+          unsigned_commits=$(git log --pretty=format:'%H %an %ae' --no-merges | while read -r commit author email; do
+            # Verify signature for each commit
+            if ! git verify-commit "$commit" 2>/dev/null; then
+              echo "Unsigned commit detected: $commit by $author <$email>"
+              echo "$commit"
+            fi
+          done)
+          
+          # If there are any unsigned commits, fail the workflow
+          if [ -n "$unsigned_commits" ]; then
+            echo "Error: The following commits are not signed:"
+            echo "$unsigned_commits"
+            exit 1
+          fi
+          
+          echo "All commits are properly signed!"