GitHub Integration Guide
Work with Devin directly in your repos
Why integrate Devin into GitHub?
Integrating Devin into your GitHub organization allows Devin to create pull requests, read and respond to your PR comments, etc. This lets Devin be a true collaborator on your engineering team.
The setup is easy! Go to app.devin.ai > Settings > Integrations > Github, click Connect, and follow the GitHub app integration steps on the screen. Make sure to select access to the relevant repos and review permissions
Setting up the Integration
-
In your Devin account at app.devin.ai, go to Settings > Integrations > Github, and click the “Connect” button to integrate your organization with the Devin GitHub app.
-
This will redirect you to GitHub where you can select the GitHub account and repositories to connect Devin, and review the relevant permissions.
- If you’re setting up the GitHub integration on behalf of your organization, make sure to select your company’s account.
- Once you’ve completed all the set up steps in Github, you will be directed to the Devin account settings page where you can confirm the integration is set up.
- [For Enterprise customers only] Add the
cognition-teamGitHub account to the relevant repositories. This gives us the ability to help onboard Devin onto your codebase and monitor Devin’s activity.
Using Devin with the GitHub Integration
Once the integration is set up, you can go to the Devin web application and you should be able to @mention the repo in your prompt!
If you are using a repository for the first time, we recommend going through the development environment setup process in the onboarding flow to ensure that Devin has the most accurate and up to date information about working with your codebase.
Setting Devin’s Permissions
Managing Permissions
You can always adjust permissions through the Integration configuration page in Github once the app is connected:
- Step 1: Go to the GitHub Integration settings
- Step 2: Navigate to Devin.ai Integration and click “Configure”
- Step 3: Scroll to the “Repository access” section to manage permissions
Devin requires the following permissions:
Read access to:
| Permission | Description |
|---|---|
| `dependabot alerts | Allows Devin to resolve dependabot alerts on your behalf (i.e. bumping dependency versions) |
actions | Allows Devin to view the actions configured for a repository in order to understand if Devin’s changes pass CI |
checks | Allows Devin to view the checks configured for a repository in order to understand if Devin’s changes pass CI |
commit statuses | Allow Devin to view if a commit passes CI |
deployments | Allow Devin to view which versions of a repository were deployed |
metadata | Allow Devin to view crucial metadata about a repository such as who owns it |
packages | Allow Devin to view which versions of a repository were shipped as a package |
pages | Allow Devin to consult pages associated with a repository, e.g. to view documentation |
repository advisories | Allow Devin to view security advisories related to a repo in order to help fix security issues |
repository hooks | Allow Devin to view the hooks configured for a repository, e.g. linting and type checking |
repository projects | Allow Devin to view projects associated with a repository, e.g. to retrieve information about a task |
Read and write access to:
| Permission | Description |
|---|---|
code | Allow Devin to contribute to the codebase |
discussions | Allow Devin to contribute to discussions |
issues | Allow Devin to open new issues |
pull requests | Allow Devin to create new PRs |
workflows | Allow Devin to set up new workflows, e.g. to help configure CI/CD |
We request these permissions so that Devin can work in your repository just as a regular contributor. Specifically, we permit Devin to push new branches, open PRs, and contribute to PR discussions, which is essential for Devin to productively contribute to your codebase.
Commit Signing
During your repository setup, you can use Devin’s Terminal to generate a GPG key that will be used to sign commits, as per the GPG process outlined in GitHub’s docs. We would recommend creating a dummy GitHub account in your organization to upload the GPG key to (e.g. devin@company.com) so that you can verify which commits are coming from Devin.
Security Considerations
Some additional information regarding Devin’s permissions in GitHub:
- We recommend enabling branch protections on master to ensure checks are enforced before Devin can merge any changes.
- If Devin is connected to your organization’s GitHub account then it will have the same permissions for any user with access to the GitHub and Devin organizations.
- Devin will not mirror the permissions of the user running a session with Devin, it will retain the permissions granted at the org-level.
- Devin cannot create new repos in your GitHub account.
IP Whitelisting
If you need to whitelist Devin’s services for access to your organization’s GitHub resources, please add the following IP addresses:
- 100.20.50.251
- 44.238.19.62
- 52.10.84.81
- 52.183.72.253
(Please note these IPs may change in future updates.)
GitHub Integration FAQs
Can I connect my Personal GitHub account to my organization’s Devin account?
Can I connect my Personal GitHub account to my organization’s Devin account?
Yes, a user can choose to connect a GitHub Organization or Personal account to their organization’s Devin account, but we recommend connecting the account that will have the relevant permissions for Devin to run sessions for the organization.
How does the GitHub app handle user authentication?
How does the GitHub app handle user authentication?
Only users authenticated with access/permissions to the organization that the GitHub integration was connected to can use it in their Devin runs. In other words, Devin(s) will only have access to a GitHub integration if they are launched by the people part of the organizations that installed that GitHub integration.
How does Devin manage and rotate encryption keys?
How does Devin manage and rotate encryption keys?
Encryption keys are managed by AWS KMS and rotated periodically.