Not sure. I think this has to be done by Laurent, unless he distributes a gpg key I can use to sign the packages. But we’d still need a script that downloads the packages in question and adds the signatures. This has to be automated. I certainly don’t want to do this manually nor am I sure where to put the signatures.
At one point I looked at the gh api, but I haven’t found an easy way to use it in scripts and I don’t have the time to code it from scratch.