store gpg_key_primary_keyid for unknown gpg keys

we need to store the keyid to be able to update the signature later in
case the missing key is added later.

app/models/gpg_signature.rb

@@ -4,4 +4,5 @@ class GpgSignature < ActiveRecord::Base
 
   validates :commit_sha, presence: true
   validates :project, presence: true
+  validates :gpg_key_primary_keyid, presence: true
 end

lib/gitlab/gpg/commit.rb

@@ -43,12 +43,14 @@ module Gitlab
       end
 
       def create_cached_signature!(gpg_key)
+        verified_signature_result = verified_signature
+
         GpgSignature.create!(
           commit_sha: commit.sha,
           project: commit.project,
           gpg_key: gpg_key,
-          gpg_key_primary_keyid: gpg_key&.primary_keyid,
-          valid_signature: !!(gpg_key && gpg_key.verified? && verified_signature.valid?)
+          gpg_key_primary_keyid: gpg_key&.primary_keyid || verified_signature_result.fingerprint,
+          valid_signature: !!(gpg_key && gpg_key.verified? && verified_signature_result.valid?)
         )
       end
     end

spec/lib/gitlab/gpg/commit_spec.rb

@@ -100,7 +100,7 @@ RSpec.describe Gitlab::Gpg::Commit do
           commit_sha: '0beec7b5ea3f0fdbc95d0dd47f3c5bc275da8a33',
           project: project,
           gpg_key: nil,
-          gpg_key_primary_keyid: nil,
+          gpg_key_primary_keyid: GpgHelpers::User1.primary_keyid,
           valid_signature: false
         )
       end

spec/models/gpg_signature_spec.rb

@@ -10,5 +10,6 @@ RSpec.describe GpgSignature do
     subject { described_class.new }
     it { is_expected.to validate_presence_of(:commit_sha) }
     it { is_expected.to validate_presence_of(:project) }
+    it { is_expected.to validate_presence_of(:gpg_key_primary_keyid) }
   end
 end