diff --git a/build/README.md b/build/README.md
new file mode 100644
index 0000000..eebba74
--- /dev/null
+++ b/build/README.md
@@ -0,0 +1,44 @@
+# Build resources
+
+The resources in this folder are used for building WHATWG specifications.
+
+## `deploy.sh`
+
+The `deploy.sh` script is used by most WHATWG specifications and is meant to run either on Travis CI, or locally with the `--local` command-line flag for preview purposes. It performs the following steps:
+
+- Running [Bikeshed](https://github.com/tabatkins/bikeshed), through its [web API](https://api.csswg.org/bikeshed/), to produce:
+ - If on master, the built living standard, as well as a commit snapshot
+ - Otherwise, a branch snapshot of the specification
+- Running the [Nu HTML checker](http://checker.html5.org/) on the build results
+- Deploying the build results to the WHATWG web server
+
+For non-local deploys, it is dependent on the following environment setup:
+
+- `deploy_key.enc` must contain a SSH private key, [encrypted for Travis](https://docs.travis-ci.com/user/encrypting-files/) for the appropriate repository.
+- The environment variable `$ENCRYPTION_LABEL` must contain the encryption label produced by the Travis encryption process.
+- The environment variable `$DEPLOY_USER` must contain the username used to SSH into the WHATWG web server.
+
+An example `.travis.yml` file that uses this script would then be as follows:
+
+```yaml
+language: generic
+
+env:
+ global:
+ - ENCRYPTION_LABEL="1337deadb33f"
+ - DEPLOY_USER="yourusername"
+
+script:
+ - curl --remote-name https://resources.whatwg.org/build/deploy.sh && bash ./deploy.sh
+
+notifications:
+ email:
+ on_success: never
+ on_failure: always
+```
+
+Similarly, a local deploy can be performed with
+
+```bash
+curl --remote-name https://resources.whatwg.org/build/deploy.sh && bash ./deploy.sh --local
+```
diff --git a/build/deploy.sh b/build/deploy.sh
new file mode 100644
index 0000000..96865f2
--- /dev/null
+++ b/build/deploy.sh
@@ -0,0 +1,103 @@
+#!/bin/bash
+set -e
+
+# See ./README.md for documentation.
+
+SHORTNAME=`git config --local remote.origin.url | sed -n "s#.*/\([^.]*\)\.git#\1#p"`
+INPUT_FILE=`find . -name "*.bs"`
+TITLE=`cat $INPUT_FILE | grep "^Title: .*$" | sed -e "s/Title: //"`
+
+LS_URL="https://$SHORTNAME.spec.whatwg.org/"
+COMMIT_URL_BASE="https://github.com/whatwg/$SHORTNAME/commit/"
+BRANCH_URL_BASE="https://github.com/whatwg/$SHORTNAME/tree/"
+WEB_ROOT="$SHORTNAME.spec.whatwg.org"
+COMMITS_DIR="commit-snapshots"
+BRANCHES_DIR="branch-snapshots"
+
+SERVER="75.119.197.251"
+SERVER_PUBLIC_KEY="ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDM6WJlvCc/+Zy2wrdzfKMv0Mb2Pmf9INvJPOH/zFrG5TbrKWY2LbNB6m3kkYTDQJzc0EuxCytuDsGhTuzTgc3drHwe2dys7cUQyQzS0iue50r6nBMfr1x2h6WhV3OZHkzFgqS17vlVdlLcGHCCwYgm19TGlrqY5RDnE+jTEAC/9AN7YFbbyfZV5fzToXwA2sFyj9TtwKfu/EeZAInPBpaLumu/glhr+rFXwhQQdNFh7hth8b4flG5mOqODju94wtbuDa4Utw1+S/zCeFIU55R7JHa29Pz3rL6Rpiiin9SpenjkD3UpP+y8WC1OaMImEh1XNUuomQa+6qxXEjxQAW1r"
+
+if [ "$1" != "--local" -a "$DEPLOY_USER" == "" ]; then
+ echo "No deploy credentials present; skipping deploy"
+ exit 0
+fi
+
+if [ "$1" == "--local" ]; then
+ echo "Running a local deploy into $WEB_ROOT directory"
+ echo ""
+fi
+
+SHA="`git rev-parse HEAD`"
+BRANCH="`git rev-parse --abbrev-ref HEAD`"
+if [ "$BRANCH" == "HEAD" ]; then # Travis does this for some reason
+ BRANCH=$TRAVIS_BRANCH
+fi
+
+if [ "$BRANCH" == "master" -a "$TRAVIS_PULL_REQUEST" != "false" -a "$TRAVIS_PULL_REQUEST" != "" ]; then
+ echo "Skipping deploy for a pull request; the branch build will suffice"
+ exit 0
+fi
+
+BACK_TO_LS_LINK="Go to the living standard"
+SNAPSHOT_LINK="Snapshot as of this commit"
+
+echo "Branch = $BRANCH"
+echo "Commit = $SHA"
+echo ""
+
+rm -rf $WEB_ROOT || exit 0
+
+if [ $BRANCH != "master" ] ; then
+ # Branch snapshot, if not master
+ BRANCH_DIR=$WEB_ROOT/$BRANCHES_DIR/$BRANCH
+ mkdir -p $BRANCH_DIR
+ curl https://api.csswg.org/bikeshed/ -f -F file=@$INPUT_FILE -F md-status=LS-BRANCH \
+ -F md-warning="Branch $BRANCH $BRANCH_URL_BASE$BRANCH replaced by $LS_URL" \
+ -F md-title="$TITLE (Branch Snapshot $BRANCH)" \
+ -F md-Text-Macro="SNAPSHOT-LINK $SNAPSHOT_LINK" \
+ > $BRANCH_DIR/index.html;
+ echo "Branch snapshot output to $WEB_ROOT/$BRANCHES_DIR/$BRANCH"
+else
+ # Commit snapshot, if master
+ COMMIT_DIR=$WEB_ROOT/$COMMITS_DIR/$SHA
+ mkdir -p $COMMIT_DIR
+ curl https://api.csswg.org/bikeshed/ -f -F file=@$INPUT_FILE -F md-status=LS-COMMIT \
+ -F md-warning="Commit $SHA $COMMIT_URL_BASE$SHA replaced by $LS_URL" \
+ -F md-title="$TITLE (Commit Snapshot $SHA)" \
+ -F md-Text-Macro="SNAPSHOT-LINK $BACK_TO_LS_LINK" \
+ > $COMMIT_DIR/index.html;
+ echo "Commit snapshot output to $WEB_ROOT/$COMMITS_DIR/$SHA"
+ echo ""
+
+ # Living standard, if master
+ curl https://api.csswg.org/bikeshed/ -f -F file=@$INPUT_FILE \
+ -F md-Text-Macro="SNAPSHOT-LINK $SNAPSHOT_LINK" \
+ > $WEB_ROOT/index.html
+ cp .htaccess $WEB_ROOT/.htaccess 2>/dev/null || :
+ echo "Living standard output to $WEB_ROOT"
+fi
+
+echo ""
+find $WEB_ROOT -type f -print
+echo ""
+
+# Run the HTML checker when building on Travis
+if [ "$TRAVIS" == "true" ]; then
+ curl -O https://sideshowbarker.net/nightlies/jar/vnu.jar
+ /usr/lib/jvm/java-8-oracle/jre/bin/java -jar vnu.jar --skip-non-html $WEB_ROOT
+fi
+
+if [ "$1" != "--local" ]; then
+ # Get the deploy key by using Travis's stored variables to decrypt deploy_key.enc
+ ENCRYPTED_KEY_VAR="encrypted_${ENCRYPTION_LABEL}_key"
+ ENCRYPTED_IV_VAR="encrypted_${ENCRYPTION_LABEL}_iv"
+ ENCRYPTED_KEY=${!ENCRYPTED_KEY_VAR}
+ ENCRYPTED_IV=${!ENCRYPTED_IV_VAR}
+ openssl aes-256-cbc -K $ENCRYPTED_KEY -iv $ENCRYPTED_IV -in deploy_key.enc -out deploy_key -d
+ chmod 600 deploy_key
+ eval `ssh-agent -s`
+ ssh-add deploy_key
+
+ echo "$SERVER $SERVER_PUBLIC_KEY" > known_hosts
+ scp -r -o UserKnownHostsFile=known_hosts $WEB_ROOT $DEPLOY_USER@$SERVER:
+fi