Awarded to Made Tech Ltd

Start date: Wednesday 25 October 2017
Value: £64,800
Company size: SME
Government Digital Service, part of Cabinet Office

WP1453 - GOV.UK Ruby and Rails application dependency upgrades

7 Incomplete applications

6 SME, 1 large

6 Completed applications

6 SME, 0 large

Important dates

Published
Tuesday 22 August 2017
Deadline for asking questions
Tuesday 29 August 2017 at 11:59pm GMT
Closing date for applications
Tuesday 5 September 2017 at 11:59pm GMT

Overview

Summary of the work
Upgrade up to 30 GOV.UK Rails applications from Ruby 2.2 to Ruby 2.3 and Rails 4.2 or 5.0 to Rails 5.1. We estimate this will take between 70 and 80 working days. Minimal existing context of the GOV.UK platform is required to perform this work.
Latest start date
Monday 23 October 2017
Expected contract length
4-5 months (not beyond 31/03/2018)
Location
London
Organisation the work is for
Government Digital Service, part of Cabinet Office
Budget range
£65-70K

About the work

Why the work is being done
Supports delivery of critical GOV.UK roadmap by reducing the need for product teams to complete unrelated but essential application upgrades.
Problem to be solved
30 GOV.UK applications are running on out of date frameworks with a limited support timeline. The vendors will stop supplying security updates in March 2018. The applications must be upgraded to framework versions that will receive longer term support
Who the users are and what they need to do
As a publisher on GOV.UK
I want to use applications that are secure
So that I can be confident that my sensitive content won't be leaked
Early market engagement
None
Any work that’s already been done
All applications have good test coverage and are part of a Continuous Integration and Continuous Delivery pipeline
Existing team
The existing team of GOV.UK developers will be available to review Pull Requests and answer questions on undocumented application behaviour. They will specify the versions of dependencies to be upgraded at the time the engagement begins. The work will be co-ordinated by a GOV.UK Delivery Manager and overseen by a GOV.UK Senior Technologist.
Current phase
Live

Work setup

Address where the work will take place
The White Chapel Building, 10 Whitechapel High Street, London, E1 8QS
Working arrangements
The team should work in the GDS office for an initial period to gain context, but are encouraged to work remotely afterwards. Fortnightly check in meetings on progress are required.
Security clearance
SC.

Additional information

Additional terms and conditions
Cabinet Office (CO) Travel and Subsistence policy will apply. All expenses must be pre-agreed with between the parties and must comply with the CO T&S policy.

Skills and experience

Buyers will use the essential and nice-to-have skills and experience to help them evaluate suppliers’ technical competence.

Essential skills and experience
  • 3+ years experience of Ruby, Rails and Sinatra
  • 2+ years experience working in a Continuous Integration environment
  • 2+ years experience working with Git
  • 2+ years experience with Test Driven Development
Nice-to-have skills and experience
  • 5+ years experience of Ruby
  • Experience of managing at least 2 complex Rails projects over multiple major Rails versions
  • Recent experience working with the GOV.UK stack
  • At least one example of experience with non-standard Rails applications that use APIs rather than ActiveRecord
  • At least one example of experience performing long-running Ruby and Rails upgrades while development occurs in parallel
  • At least one example of ability to research and understand from stakeholders issues that arise during upgrades
  • At least one example of experience with changes to assets in Rails 5.1
  • At least one example of experience working with 12 factor applications

How suppliers will be evaluated

How many suppliers to evaluate
3
Proposal criteria
  • Technical solution
  • Approach and methodology
  • How the approach or solution improves the velocity of GOV.UK developers
  • How the approach or solution meets security needs
  • Estimated timeframes for the work
  • How they’ve identified risks and dependencies and offered approaches to manage them
  • Team structure
  • Value for money
  • How the approach works to minimise the need for similar work in the future
Cultural fit criteria
  • Evidence of experience working in an Agile environment with Kanban
  • Evidence of experience reporting progress to Senior Management on a regular basis
  • Experience communicating with other developers via Slack or similar tools
  • Demonstrated understanding of the need to ask well defined questions of other developers
  • Examples of sharing learnings with other developers
  • Experience of pair or mob programming and understanding of the benefits
Payment approach
Capped time and materials
Assessment methods
  • Written proposal
  • Work history
  • Reference
  • Presentation
Evaluation weighting

Technical competence

75%

Cultural fit

5%

Price

20%

Questions asked by suppliers

1. Will GDS sponsor SC clearance - as this is not something a supplier can apply for by themselves? We are happy to pay for the costs of the application, but can we start work while the application is in progress.
If not currently held, the candidates must be willing to undertake the SC clearance process. As the DOS requirement makes it clear that SC clearance is required then suppliers are required to pay for that security clearance themselves as to become eligible and compliant to perform the contract.

We can however arrange for special dispensation to allow suppliers to begin their contract whilst the security process is underway.
A caveat to this is that the suppliers contract would be terminated if SC clearance was not granted.
2. Based on our experience the days estimate for this project is underestimated by half. We would normally budget around 5 days per Rails app. Could you publish the exact list of the applications required, along with the current version of Ruby/Rails. So that we can see if we are able to do this project within the budget. Could you also clarify if 3rd party gem dependencies are also to be upgraded, or just Rails/Ruby.
The answer can be accessed via the link below.
https://drive.google.com/file/d/0B-264nLyB1zdZE5jTXFEZEoxV0k/view?usp=sharing