Make action more modular, improve security and docs

[devgioele]

• Use GPG instead of OpenSSL without IV
• Let users decide when to download or upload the state, like already suggested at V2 of this repo
• Update integration testing to fit changes

[devgioele]

Of course, all links currently refer to my repo. To do if these changes are accepted:

• Update repo links
• Update version of action

[sturlabragason]

Hey @devgioele thanks for your PR ❤️ Very happy that someone found my experiment interesting. Sorry for the late reply I've been away and I wont have time for proper feedback for the next couple of days either. At a quick glance everything looks good though.

A side-note; a caveat i discovered the other day which made me question keeping this action or adding yet another disclaimer. If no commit is made to the repository for some time it will disable workflows despite cron schedules, potentially causing the destruction of the statefile artifact.

Some potential workarounds are creating dummy commits etc... https://stackoverflow.com/questions/67184368/prevent-scheduled-github-actions-from-becoming-disabled. Food for thought.

I'll try to get to the PR review ASAP.

Thanks!

[devgioele]

That's unfortunate. I honestly don't like the idea of dummy commits. It shows that artifacts are not meant for permanent storage. I would just add it as a side-note. This solution is kind of a hack anyway.

Sorry for the late reply.