I have been deploying websites that run 100% on Github, using Github Pages and Jekyll for a while now. I'm pushing forward with different approaches to deploying sites and applications using this model, and my recent evolution is securing a website, only allowing specific people to access and interact with the site or application.
In this case, I have a web application that I am developing, and will run on Github, but I'm not ready for it to be public. So I created a private repository, then using the Automatic Page Generator under Github settings, I created a public site for the repository using Github Pages.
Next I created a JSON file that contained the navigation for the site, and each page and its content:
Before the page will build, you have to have a valid oAuth token for the repository. In this particular scenario I am just passing the oAuth token through URL as a parameter, and if the variable isn't present or is invalid, the request for the JSON file just returns a 404 and none of the navigation or site content is updated. For other version I will be using oAuth.io to secure the application and just add people as Github team members if I want them to have access to the application.
Once I'm done with this particular application, and I am ready to make public, I will just make the Github repository public and replace the pulling of master JSON file with a regular JQuery getJSON call, and use the JSON to build out the site just like I do now.
This approach is definitely not for all applications, but easily allows me to run applications on Github while maintaining a private, secure back-end. I am just using Github OAuth security to access any files I want to keep private, and make only what I need public. In this case, unless I have granted you access, you will just see a splash page.