How can I fix "gpg: signing failed: No secret key" for GoReleaser?

Question

Context: Here's a GoReleaser project I'm using.

How to reproduce:

1. Export multiple env vars into .release_env:

GOPATH="..."
GPG_FINGERPRINT="..."
GPG_PASSWORD="..."
GPG_KEY="..."

where GPG_KEY is GPG_PRIVATE_KEY but this project calls it GPG_KEY:

GPG_KEY (optional) - defaults to /secrets/key.gpg. ignored if file not found

2. Run

    docker run \
        --rm \
        --env-file .release-env \
        -v /var/run/docker.sock:/var/run/docker.sock \
        -v `pwd`:/go/src/$(PACKAGE_NAME) \
        -v `pwd`/sysroot:/sysroot \
        -w /go/src/$(PACKAGE_NAME) \
        goreleaser/goreleaser-cross:v1.20 \
        --rm-dist --skip-validate --skip-publish --debug

Then you'll see:

    • signing  artifact=my-app_2.0_SHA256SUMS cmd=gpg signature=dist/terraform-provider-confluent-internal_1.34.111111_SHA256SUMS.sig
gpg: directory '/root/.gnupg' created
gpg: keybox '/root/.gnupg/pubring.kbx' created
gpg: skipped "FOOFOOFOOFOOFOOFOOFOOFOO": No secret key
gpg: signing failed: No secret key
  ⨯ release failed after 51s

where "FOOFOOFOOFOOFOOFOOFOOFOO" has a value of GPG_FINGERPRINT variable.

My ideas:

1. Incorrect values of vars -- I did check they're valid.
2. I should have passed GPG_PUBLIC_KEY instead of GPG_PRIVATE_KEY for GPG_KEY. Based on this code it seems like using GPG_PRIVATE_KEY is the right idea.
3. Enabled --debug mode - did it already and it didn't help much.
4. When I searched for similar questions I could see most of them were about missing gpg executable or something that doesn't seem to be applicable here.
5. Looked at the source code of goreleaser for "signing" stage -- it looks a little bit too advanced for me.
6. I tried passing random strings as GPG and it looks like No secret key might also indicate wrong value of a key.

At this point I'm out of ideas.