sounds like a problem to solve. build in both places, verify build hashes agree, upstream dev infra signs and sends signed build to f-droid, f-droid verifies hash against its own build, verifies upstream signature, signs and then lists. apks can have more than one signature.