Why connect GitHub
Connecting GitHub to Windmill brings your engineering work directly into performance conversations—without needing to self-promote or write summaries.- Your contributions are captured as they happen (commits, PRs, code reviews)
- Surfaces patterns in collaboration, code ownership, and problem-solving
- Helps managers coach using actual context from your work
- Ensures reviews recognize both shipped code and behind-the-scenes contributions like code review
What Windmill accesses
Windmill stores git diffs—including the actual code changes. We analyze file diffs in PRs to understand the work you’re contributing, contextualize PR comments and code reviews, and surface collaboration patterns. While those diffs could theoretically be used to reconstruct your codebase, we don’t store complete source files or attempt to reassemble your code. We focus on understanding how your code evolves and how teams collaborate.Code changes and commits
Windmill reads commit metadata and diffs to understand:- Who is making changes – Attribution based on git author configuration
- What changed – The scope and nature of contributions (lines added/removed, files modified)
- Collaboration patterns – Who’s working on the same code or projects
Pull requests and code reviews
Pull requests are a key signal for understanding engineering work and collaboration. Windmill tracks:- Who opened, merged, or contributed to PRs
- Code review activity – Who’s reviewing, approving, and commenting on code
- Review cycle time – How long PRs spend in review
- Collaboration and feedback – The back-and-forth between engineers during code review
Issues and project work
Windmill reads issue metadata to show:- Issues created, owned, or completed
- Follow-through on project contributions
- Attribution to the right individuals and teams
How Windmill uses GitHub data
When connected, Windmill securely reads the following activity signals from GitHub:| Data Type | How Windmill Uses It |
|---|---|
| Pull requests (opened, merged, reviewed) | Surfaces in Recaps, 1:1s, and performance reviews to highlight shipped work and ownership |
| Code review comments and approvals | Shows collaboration, mentoring, and teamwork; appears in stats and organizational insights |
| Issues created, owned, or completed | Tracks project contributions and follow-through |
| Commit metadata and diffs | Analyzes actual code changes to understand contribution patterns and contextualize PR activity |
| Repository and project associations | Maps work to the right individuals and teams |
Permissions
Windmill requests read-only access through GitHub’s standard OAuth flow.| Permission | Purpose |
|---|---|
repo:read (or scoped metadata access) | Read PRs, issues, commits, and diffs |
| Read collaborator/contributor metadata | Map contributions to individuals in Windmill |
| No write access | Windmill never modifies repos, pushes commits, or comments |
| Scoped to selected repos or organizations | You choose what’s included—you can change this anytime |
Attribution
Windmill attributes work based on git author configuration and GitHub activity.Commits
Commits are attributed based on the git author configured locally (not your GitHub username). To ensure correct attribution, set your git config:Coding agents
If you use coding agents, attribution depends on how the agent commits code: Attributed to a bot user:- Devin
- Claude Code (via GitHub Actions)
- OpenAI Codex
- Cursor
- Claude Code (locally)
Username mapping
GitHub usernames don’t always match work email addresses, which can cause attribution issues. If your GitHub activity isn’t showing up—or is attributed to the wrong person—an admin can fix this. Admins can map GitHub usernames to employees at Settings > Integrations > Mapping. You’ll see both GitHub usernames and local machine names used in commits. To check for unmapped users, go to External Users and filter by GitHub.FAQs
Why does Windmill need access to the actual code?
Why does Windmill need access to the actual code?
Windmill stores git diffs, which include the actual code you wrote—the
lines added, removed, and modified. We analyze file diffs to understand the
work you’re contributing, contextualize PR comments and code reviews, and
measure impact. While diffs could theoretically reconstruct your codebase,
we don’t store complete source files or attempt to reassemble your code. We
focus on understanding how your codebase evolves over time.
Does Windmill store my code?
Does Windmill store my code?
Windmill stores git diffs, which include the actual code changes you
make—not just metadata. We analyze these diffs to understand who
contributed what, how code evolves, and how teams collaborate.
While diffs could theoretically be used to reconstruct your codebase, we
don’t store complete source files or attempt to reassemble your code.
Do I have to connect GitHub?
Do I have to connect GitHub?
No. GitHub is a very powerful integration for engineers—it surfaces
contributions, code reviews, and collaboration patterns that help in
performance conversations. However, you don’t have to connect GitHub to use
Windmill. The platform works with or without it.
Do we need to sync our entire GitHub org?
Do we need to sync our entire GitHub org?
No. You choose which repos or teams to sync. You can change or revoke access
at any time from your GitHub settings.
Does Windmill write anything back to GitHub?
Does Windmill write anything back to GitHub?
No. The integration is strictly read-only. Windmill never pushes commits,
modifies repos, or comments on PRs.
How often is data synced?
How often is data synced?
Continuously. Activity appears in Windmill shortly after it happens in
GitHub—usually within minutes.
Is this integration secure?
Is this integration secure?
Yes. All data is encrypted in transit and at rest. Windmill maintains SOC 2
compliance and uses scoped OAuth tokens. You control which repos are synced.
What happens if an engineer leaves?
What happens if an engineer leaves?
Their historical contributions remain visible for context, but Windmill
stops associating new activity once they’re marked as an Archived user.
Why aren't my GitHub activities showing up?
Why aren't my GitHub activities showing up?
This usually happens when your GitHub username doesn’t match your work
email. Check the Settings > Integrations > GitHub > Mapping tab to map
your GitHub username to your employee profile. Admins can fix this at
Settings > Integrations >
Mapping.
Why do I need to sign my commits?
Why do I need to sign my commits?
Signing commits proves you created them and keeps your work secure. For
Windmill, signing commits ensures your contributions are properly attributed
to you in stats, recaps, and performance reviews.
Do you support other code repositories like GitLab?
Do you support other code repositories like GitLab?
Currently, Windmill only supports GitHub. We’re planning to add GitLab and
other repositories in the future.