Gitolite logs (in .gitolite/logs/gitolite-* ) by Gitolite for each click. There is a bit more work to determine the push that introduced a specific commit, but it should be straightforward (one way: discard light tags at the end of each click, and then use git name-rev to find the first tag after the commit).
Most Gitolite users may have only one SSH key associated with them ( keydir/user.pub ), but one user can have multiple SSH keys ( keydir/ user@ *.pub ).
So, for SSH-based Gitolite, you can map each commit to one (or more) SSH keys.
If you trust an SSH key to accurately identify a specific person, this is another question (i.e. do you trust users to keep their SSH private keys?).
Gitolit can also mitigate Git access to intelligent HTTP. In this case, the web server supplies the Gitolite username in the REMOTE_USER environment variable (i.e. instead of using the .ssh/authorized_keys file to identify the user based on the SSH key). Authentication and authentication are fully consistent with the web server itself (usually itβs just a username and password, but SSL certificates for each user can be used to make something more like SSH access).
So, for HTTP-based Gitolite, you can map each commit to the authentication performed by the web server.
GitHub has some similar information and can be requested through the Events part of the GitHub API (previously it was only available as part of the "Newsfeed" entries for your observed repositories). Each PushEvent identifies the GitHub user who performed the push, the name ref (branch) was updated, the name (SHA1 hash), the new ref-head (new tip of the updated branch), and the list of commits.