Benefits of Connecting GitHub to Windmill
Connecting GitHub to Windmill brings engineering work and collaboration directly into performance conversations — without engineers needing to self-promote or write summaries.- Captures real contributions as they happen (not just at review time)
- Reduces the need for engineers to “re-explain” or defend their work
- Surfaces meaningful patterns in ownership, problem-solving, and collaboration
- Helps managers coach using actual context, not memory or vibe
- Ensures performance reviews recognize both shipped code and behind-the-scenes impact
Connected Data
When connected, Windmill securely reads the following activity signals from GitHub:| Data Type | How Windmill Uses It |
|---|---|
| Pull requests (opened, merged, reviewed) | Highlights ownership, output, and collaboration |
| Code review comments and approvals | Surfaces mentoring, teamwork, and knowledge-sharing |
| Issues created, owned, or completed | Shows project contributions and follow-through |
| Commit metadata (not full code content) | Provides progress patterns without exposing IP |
| Repository and project associations | Helps attribute work to correct individuals and teams |
Windmill does not ingest raw code. Only metadata and activity context.
Permissions
Windmill requests read-only, scoped access through GitHub’s standard OAuth permissions.| Permission | Purpose |
|---|---|
repo:read or equivalent scoped metadata access | To pull PRs, issues, and commit metadata |
| Read collaborator / contributor metadata | To map work to individual profiles in Windmill |
| No write access | Windmill never pushes commits, modifies repos, or comments on PRs |
| Scoped to selected repos or organizations | You choose exactly what is included in sync |
Windmill follows least-privilege access — only activity data required for performance context is synced.
FAQs
Does Windmill access or store code content?No. Windmill only ingests metadata (PR titles, timestamps, labels, review comments). Code bodies are not pulled. Do we need to sync our entire GitHub org?
No. You choose which repos or teams to sync. You can change or revoke access at any time. Does Windmill write anything back to GitHub?
No. The integration is strictly read-only. How often is data synced?
Continuously. Activity appears in Windmill shortly after it happens in GitHub. Is this integration secure?
Yes. All data is encrypted in transit and at rest. Windmill maintains SOC 2 controls and uses scoped OAuth tokens. What happens if an engineer leaves?
Their historical contributions remain available for context, but Windmill stops associating new activity once they are marked inactive. Why do I need to sign my commits?
Signing your Git commits proves that you created the commit and keeps your code secure. It’s like adding your signature to your work. For Windmill, signing commits ensures all your code contributions are properly reflected on the platform. Why aren’t my Github activities showing up?
If GitHub activities aren’t appearing for you or your team members, check the username mapping in Settings > Connections > GitHub > Mapping tab. GitHub usernames might not match email addresses, so they need to be manually mapped to the correct employees.
Username mapping
GitHub uses specific usernames that don’t always map to employee email addresses. If you see GitHub activities that aren’t associated with a team member or are associated with the wrong team member, Windmill Admins can fix this. To update username mapping:- Go to Settings in Windmill
- Select the Connections tab
- Select GitHub
- Select the Mapping tab to see all usernames and their current mappings
- Click Update mapping to edit assignments