I use a gpg subkey to sign my git commits, and on commit page it show a broken lock and prompt "Signature is signed with an unkown key (key ID: xxx)". I use the exact same key pair (the same subkey for signing and uploaded the same public key) on GitHub and it works well.

Upon looking at the source code, I found this logic below (io/onedev/server/git/GitUtils.java:678). It's clear that subkeys don't have the same keyId as the secret key, but the keyId of the subkeys should be included in the public key.

SignatureVerificationKey key = keyLoader.getSignatureVerificationKey(signature.getKeyID());