Could you add where gpg before calls to gpg just to make sure it's running from an alternative location? Also, you can login to VM via RDP to see what's going on on/after those commands: https://www.appveyor.com/docs/how-to/rdp-to-build-worker/ I bet there is some child process (gpg-agent maybe?) preventing gpg from exiting.
I just wanted to follow up on this closed discussion (it can be closed again).
I had not gotten around to following your last suggestion of RDP-ing into the worker, but when I finally did, the RDP session made the problem obvious.
The new version of GPG was prompting for a passphrase when importing a secret key. Apparently this was added in GPG 2.1 (the current version in the appveyor builds is GPG 2.2.20). There appear to be some command line options I can use to work around this, so I will try those. Apparently gpg --batch --import pathToKey instead of gpg --import pathToKey will do the trick, but I need to verify that.
But in the worst case for now, I can RDP into the worker and manually enter the passphrase, since this deployment build needs to run only once every 3 months.