You can't submit an apk to Google Play with a different signature (without opening a ticket and asking for manual intervention). Developer keys are decoupled from Github and Google Play accounts. Even if those online accounts get compromised, it's up to those original keys to assuee authenticity.