Improve handling of a signing key with an empty private key

Closes gh-2

src/main/java/io/spring/github/actions/artifactorydeploy/openpgp/ArmoredAsciiSigner.java

@@ -99,13 +99,17 @@ private PGPSecretKey getSigningKey(PGPSecretKeyRingCollection keyrings, String k
 		for (PGPSecretKeyRing keyring : keyrings) {
 			Iterable<PGPSecretKey> secretKeys = keyring::getSecretKeys;
 			for (PGPSecretKey candidate : secretKeys) {
+				String candidateKeyId = String.format("%08X", 0xFFFFFFFFL & candidate.getKeyID());
 				if (keyId != null && keyId.length() > 0) {
-					String candidateKeyId = String.format("%08X", 0xFFFFFFFFL & candidate.getKeyID());
 					if (keyId.equals(candidateKeyId)) {
 						return candidate;
 					}
 				}
 				else if (candidate.isSigningKey()) {
+					if (candidate.isPrivateKeyEmpty()) {
+						throw new IllegalArgumentException("Found signing key '" + candidateKeyId
+								+ "' but its private key is empty. Specify a key ID to use a different signing key.");
+					}
 					return candidate;
 				}
 			}

src/test/java/io/spring/github/actions/artifactorydeploy/openpgp/ArmoredAsciiSignerTests.java

@@ -110,6 +110,16 @@ void getWhenSigningKeyIsSubkeyAndIdMatchesReturnsSigner() throws Exception {
 		assertThat(signer.sign(this.sourceContent)).isEqualTo(this.expectedSubkeySignature);
 	}
 
+	@Test
+	void getWhenSigningKeyIsSubkeyWithoutKeyIdThrowsException() {
+		assertThatIllegalStateException()
+			.isThrownBy(() -> ArmoredAsciiSigner.get(FIXED, this.signingSubkeyContent, this.passphrase, null))
+			.withMessage("Unable to read signing key")
+			.havingCause()
+			.withMessage("Found signing key '414E73D1' but its private key is empty. Specify a key ID to use a "
+					+ "different signing key.");
+	}
+
 	@Test
 	void getWhenSigningKeyIsFileReturnsSigner() throws Exception {
 		ArmoredAsciiSigner signer = ArmoredAsciiSigner.get(FIXED, this.signingKeyFile.getAbsolutePath(),