_posts/2015-05-14-18Fpages.md
---
title: "Moving from GitHub Pages to 18F Pages"
date: 2015-05-14
layout: post
authors:
- mbland
- noah
tags:
- 18f
- how we work
excerpt: "As part of 18F's effort to generate helpful documentation for all digital service teams, we have launched https://pages.18f.gov/, aka “18F Pages,” an ever-growing site that contains guides, best practices, and more."
description: "GitHub Pages is a good way to build static websites using Jekyll. When we, at 18F, increasingly found ourselves putting canonical content on GitHub Pages, we hacked a solution by creating 18F Pages."
image: /assets/blog/18F-Pages/18Fpages.jpg
---
[GitHub Pages](https://pages.github.com/) is an easy, powerful way to
get static websites built using [Jekyll](http://jekyllrb.com/),
published directly from a source repository. As 18F is a heavy user of
Jekyll, we have a need for exactly this kind of functionality,
particularly for public-facing artifacts that aren’t projects for
customers or that should be managed independently of
[https://18f.gsa.gov/](https://18f.gsa.gov/).
However, there is a wrinkle: In order for a government system to be
launched into production, it must first acquire an approval known as an
“authority to operate,” or ATO. This represents formal acceptance, by a
government official, of the security and privacy risk posed by the
system. It also documents the level of the risk and any mitigating
controls.
Two of our standard controls, implementing [HTTPS
Everywhere](https://18f.gsa.gov/2014/11/13/why-we-use-https-in-every-gov-website-we-make/)
and using the
[.gov](https://obamawhitehouse.archives.gov/sites/default/files/omb/egov/memo/policies-for-dot-gov-domain-issuance-for-federal-agency-public-websites.pdf)
and 18F DNS infrastructure, are not available with GitHub Pages.
Increasingly, we found ourselves putting important and canonical content
on GitHub Pages, information that couldn't be found on an official
government system. Implementing these controls also ensures that any
attack to prevent the public from accessing public information is
considered an attack on the U.S. government itself, and therefore serves
as an additional deterrent.
This risk threatened to stall a number of public-facing documentation
efforts currently underway; however, we figured out a hack. The
solution, based on [GitHub
webhooks](https://developer.github.com/webhooks/) and an existing ATO
for our 18f.gsa.gov technical stack, proved surprisingly
straightforward, and now we’re happy to announce
[https://pages.18f.gov/](https://pages.18f.gov/), aka “18F Pages.”
While the site is still in its earliest stages, we will be adding more
content to it over time, as our team generates documentation that we
feel is of benefit not just to 18F, but potentially to other government
digital service teams. The basic publishing flow amounts to:
- An 18F staff member creates a new Jekyll site repository on GitHub, e.g., https://github.com/18F/wonderful-website.
- The staff member adds some content, and pushes to an 18f-pages branch.
- The website appears at https://pages.18f.gov/wonderful-website/.
You can see the webhook listener implementation in our [18F/pages
GitHub repository](https://github.com/18F/pages) and read through the
[18F Guides Template](https://pages.18f.gov/guides-template/) to
understand the details of how our 18F Pages sites are organized and
published.