The following items are expected to be completed for the project to Pass the M4 Code Freeze Milestone.
M4 Release Code Freeze Milestone overview is available in wiki.
| Practice Area | Checkpoint | Yes/No | Evidences | How to? |
|---|---|---|---|---|
| Product Management | Have all JIRA Stories supporting the release use case been implemented? | Yes | ||
| List the Stories that will not be implemented in this current Release. | None | |||
| Are committed Sprint Backlog Stories been coded and marked as "Closed" in Jira? | Yes | Getting issues... | ||
| Are all tasks associated with committed Sprint Backlog Stories been marked as "Closed" in Jira? | Yes | Getting issues... | ||
| Release Management | Have all issues pertaining to FOSS been addressed? | Yes | ||
| Have all findings from previous milestones been addressed? | Yes | List previous milestone issues that have not been addressed. | For M2 and M3 Milestones, ensure all findings have been closed. | |
Has the Project Team reviewed and understood the most recent license scan reports from the LF, for both (a) licenses within the codebase and (b) licenses for third-party build time dependencies? | Yes | |||
| For both (a) and (b), have all high priority non-Project Licenses been either removed or escalated as likely exception requests? | Yes | All these have been covered. Only "Cassandra", which may be lack of data in the License tool. | ||
| Development | Are all Defects of priority Highest and High in status "Closed" in Jira? | Yes | Provide link to JIRA issue (type bug) of priority Highest and High. | |
| Has the project team reach the Automated Unit Test Code Coverage expectation? (Refer to artifacts available in Sonar) | No | aaf-authz is 32.5%, passing for Beijing, but not to 50% wanted to Casablanca. We did not make much progress here, because of loss of resources... needed to focus on delivery. aaf-cadi, for some reason isn't reporting. Will figure this out as we can. It is similar to aaf-authz percentage. SMS Coverage is here: Code Coverage for Casablanca Release SoftHSMv2 and TPM2-Plugin Coverage is here: Code coverage for SoftHSMv2 and TPM2-Plugin | ||
| Is there any binaries (jar, war, tar, gz, gzip, zip files) in Gerrit project repository? | Yes | There are several binaries held over from Beijing. These are "TrustStores", etc. AAF has only just recently discovered an approach that somewhat alleviates this. We will clean those out for Dublin. | Refer to CI Development Best Practices | |
| Is there any pending commit request older than 36 hours in Gerrit? | No | |||
| Provide the "% Achived" on the CII Best Practices program. | https://bestpractices.coreinfrastructure.org/en/projects?q=aaf 98% Passing, 2% Silver | As documented in CII Badging Program, teams have to fill out CII Best Practices | ||
Is there any Critical and Severe level security vulnerabilities older than 60 days old in the third party libraries used within your project unaddressed? Nexus-IQ classifies level as the following:
which is complaint with CVSS V2.0 rating. | AAF core (authz/aaf) has eliminated all security vulnerabilities. CADI repo (contains plugins) has listed vulnerabilities due entirely to Shiro (It is a CADI Shiro plugin) https://jenkins.onap.org/view/aaf/job/aaf-authz-maven-clm-master/ https://jenkins.onap.org/view/aaf/job/aaf-cadi-maven-clm-master/ https://jenkins.onap.org/view/aaf/job/aaf-luaplugin-maven-clm-master/ | There is 1 Critical error in CADI, but that is for Shiro dependency for Shiro Plugin, only used by Shiro APPs. (in that case, they have larger issues) | ||
| Are all the Jenkins jobs successfully passed (verify + merge jobs)? | Yes | |||
| Have all OOM Staging Healtcheck related to your project passed? | Yes | http://onapci.org/grafana/d/8cGRqBOmz/daily-summary?panelId=9&fullscreen&orgId=1 | ||
| Are all snapshot binaries available in Nexus-staging? | Yes | https://nexus.onap.org/#nexus-search;gav~org.onap.aaf.authz~~2.1.2-SNAPSHOT~~ | ||
| Do you have a clear plan to implement the Independent Versioning and Release Process by RC0? | Yes | We are waiting for final data updates for applications before we move from "SNAPSHOT" to normal release version. | ||
| Integration and Testing | Have 100% of Continuous System Integration Testing (CSIT) Use Cases been implemented successfully in Jenkins? | Yes | https://jenkins.onap.org/view/CSIT/ | |
| Is there a Docker images available for your project deliverable? | Yes | https://nexus3.onap.org/#browse/search=keyword%3Daaf | ||
| Has the project code successfully passed the Daily Build process? | Yes, qualified | AAF proved daily HEAT. As of 9/20/2018, problems have shown up in OOM. We have a severe resource issue... assigned person has been gone for most of 2 weeks. PTL will take on this work to get it done as soon as feasible. | Goal is to ensure the latest project commit has not broken the Integration Daily Build | |
| Doc | Has the team created a docs folder and Development and Release Notes documentation templates in Readthedocs? | Yes | https://onap.readthedocs.io/en/latest/submodules/aaf/authz.git/docs/index.html https://onap.readthedocs.io/en/latest/submodules/aaf/authz.git/docs/sections/release-notes.html https://onap.readthedocs.io/en/latest/submodules/aaf/sms.git/docs/index.html | |
| Is the API documentation section populated? | Yes | https://onap.readthedocs.io/en/latest/release/repolist.html |