Government Digital Service, part of Cabinet Office

WP1453 - GOV.UK Ruby and Rails application dependency upgrades

7 Incomplete applications

6 SME, 1 large

6 SME, 0 large

Summary of the work: Upgrade up to 30 GOV.UK Rails applications from Ruby 2.2 to Ruby 2.3 and Rails 4.2 or 5.0 to Rails 5.1. We estimate this will take between 70 and 80 working days. Minimal existing context of the GOV.UK platform is required to perform this work.
Latest start date: Monday 23 October 2017
Expected contract length: 4-5 months (not beyond 31/03/2018)
Location: London
Organisation the work is for: Government Digital Service, part of Cabinet Office
Budget range: £65-70K

Why the work is being done: Supports delivery of critical GOV.UK roadmap by reducing the need for product teams to complete unrelated but essential application upgrades.
Problem to be solved: 30 GOV.UK applications are running on out of date frameworks with a limited support timeline. The vendors will stop supplying security updates in March 2018. The applications must be upgraded to framework versions that will receive longer term support
Who the users are and what they need to do: As a publisher on GOV.UK
I want to use applications that are secure
So that I can be confident that my sensitive content won't be leaked
Early market engagement: None
Any work that’s already been done: All applications have good test coverage and are part of a Continuous Integration and Continuous Delivery pipeline
Existing team: The existing team of GOV.UK developers will be available to review Pull Requests and answer questions on undocumented application behaviour. They will specify the versions of dependencies to be upgraded at the time the engagement begins. The work will be co-ordinated by a GOV.UK Delivery Manager and overseen by a GOV.UK Senior Technologist.
Current phase: Live

Address where the work will take place: The White Chapel Building, 10 Whitechapel High Street, London, E1 8QS
Working arrangements: The team should work in the GDS office for an initial period to gain context, but are encouraged to work remotely afterwards. Fortnightly check in meetings on progress are required.
Security clearance: SC.

Additional terms and conditions: Cabinet Office (CO) Travel and Subsistence policy will apply. All expenses must be pre-agreed with between the parties and must comply with the CO T&S policy.

Buyers will use the essential and nice-to-have skills and experience to help them evaluate suppliers’ technical competence.

Essential skills and experience: 3+ years experience of Ruby, Rails and Sinatra

2+ years experience working in a Continuous Integration environment

2+ years experience working with Git

2+ years experience with Test Driven Development
Nice-to-have skills and experience: 5+ years experience of Ruby

Experience of managing at least 2 complex Rails projects over multiple major Rails versions

Recent experience working with the GOV.UK stack

At least one example of experience with non-standard Rails applications that use APIs rather than ActiveRecord

At least one example of experience performing long-running Ruby and Rails upgrades while development occurs in parallel

At least one example of ability to research and understand from stakeholders issues that arise during upgrades

At least one example of experience with changes to assets in Rails 5.1

At least one example of experience working with 12 factor applications

How many suppliers to evaluate

Proposal criteria

Technical solution
Approach and methodology
How the approach or solution improves the velocity of GOV.UK developers
How the approach or solution meets security needs
Estimated timeframes for the work
How they’ve identified risks and dependencies and offered approaches to manage them
Team structure
Value for money
How the approach works to minimise the need for similar work in the future

Cultural fit criteria

Evidence of experience working in an Agile environment with Kanban
Evidence of experience reporting progress to Senior Management on a regular basis
Experience communicating with other developers via Slack or similar tools
Demonstrated understanding of the need to ask well defined questions of other developers
Examples of sharing learnings with other developers
Experience of pair or mob programming and understanding of the benefits

Payment approach

Capped time and materials

Assessment methods

Evaluation weighting

Technical competence

75%

Cultural fit

Price

20%

1. Will GDS sponsor SC clearance - as this is not something a supplier can apply for by themselves? We are happy to pay for the costs of the application, but can we start work while the application is in progress.: If not currently held, the candidates must be willing to undertake the SC clearance process. As the DOS requirement makes it clear that SC clearance is required then suppliers are required to pay for that security clearance themselves as to become eligible and compliant to perform the contract.

We can however arrange for special dispensation to allow suppliers to begin their contract whilst the security process is underway.
A caveat to this is that the suppliers contract would be terminated if SC clearance was not granted.
2. Based on our experience the days estimate for this project is underestimated by half. We would normally budget around 5 days per Rails app. Could you publish the exact list of the applications required, along with the current version of Ruby/Rails. So that we can see if we are able to do this project within the budget. Could you also clarify if 3rd party gem dependencies are also to be upgraded, or just Rails/Ruby.: The answer can be accessed via the link below.
https://drive.google.com/file/d/0B-264nLyB1zdZE5jTXFEZEoxV0k/view?usp=sharing