I have a few questions about GitHub Workflows best practices

Hi, I’m new to GH Actions and Workflows, but I was able to create one without much trouble. However, I wanted to know if there was a best practice around what I’m trying to do.

My private repository needs to run a compile and test when code is pushed to the main branch. I created a custom docker image that can do the compile, which is based on CentOS 8 with a bunch of additional packages installed. I configured my workflow to use the docker image, and everything works as expected!

However, I opted to store the Docker image in GH Container Registry. Which means I had to push the docker image to ghcr.io/my-org/my-image and “connect” it to a repository. It now shows up as a package on the sidebar for the repo. The image is really only useful internally and not externally. i.e., it’s only used by workflows and not something you would download from the packages sidebar.

Question (1) is there a way or best-practice of storing docker containers in the registry that are for internal use (workflows only, for example)? Maybe connecting them to some “dummy” private repository that’s not in use? Or do folks just store them in DockerHub instead of GH Container Registry?

Question (2) I had to supply my credentials to pull the docker image in my workflow. I used my personal account and created a secret for it so it’s an encrypted env var. But, do people create “workflow” proxy accounts for this purpose, normally?

Question (3) I have the free plan for orgs, currently. It allows 500mb of space and I was able to upload a 1.7GB (according to docker image ls) image. GitHub’s usage page does not show I’ve used any storage or consumed any minutes of Actions yet. Is this normal?

Thanks in advance!