The following items are expected to be completed for the project to Pass the M3 API Freeze Milestone.
M3 Release Architecture Milestone overview is available in wiki.
| Practice Area | Checkpoint | Yes/No | Evidences | How to? |
|---|---|---|---|---|
| Architecture | Has the Project team reviewed the APIs with the Architecture Committee (ARC)? | Yes | AAI R3 Architecture Review | Architecture walkthrough to understand how each project contributes on Release Use Case. ARC to organize the walkthrough. |
| Is there a plan to address the findings the API review? | N/A | N/A | The plan could be as simple as a Jira issue to track the implementation of findings or a documented plan within the wiki. | |
| Does the team clearly understand that no changes in the API definition is allowed without formal TSC review and approval? | Yes | NA | In the case some changes are necessary, bring the request to the TSC for review and approval. | |
Is there any changes in the scope, functionalities, deliverable, dependency, resources, API, repositories since M1 milestone? | No | If Yes, please a link to the evidence of these changes. | Critical point to understand is that change is inevitable, and that right timing and clear communication to the community will ease the process of accepting changes. | |
| Provide link to the API Documentation. | Yes | v14 API | ||
| Release Management | Are committed Sprint Backlog Stories been marked as "Done" in Jira board? | Yes | AAI JIRA | |
| Are all tasks associated with Sprint Backlog Stories been marked as "Done" in Jira? | Yes | |||
| Have all findings from previous milestones been addressed? | Yes | Provide link to JIRA findings | ||
| Development | Is there any pending commit request older than 36 Business hours in Gerrit? | No | All commits that are outstanding are being worked actively | |
| Do you have a plan to address by M4 the Critical and High vulnerabilities in the third party libraries used within your project? | Yes; report is incomplete, we have made mulitple upgrades but cannot get new CLM reports due to the license issue in Nexus | AAI R3 Security/Vulnerability Threat Analysis | Ensure by M4 the Nexus-IQ report from “Jenkins CLM” shows 0 critical security vulnerability. Open the Nexus-IQ report for the details on each repo. | |
Are all the Jenkins jobs successfully passed ( Merge-Jobs)? | No - all except new "validation" repo, which is a dependency of POMBA | Critial repos are passing. New seed code hasn't been fully pushed, and is in progress. Validation (brand new microservice) hasn't passed yet but we are working on it | ||
| Are all binaries available in Nexus? | No | Critical AAI binaries are there. Pending some seed code contributions on new repos for Casablanca | ||
| Integration and Testing | Have 50 % of System Integration Testing Use Cases been implemented successfully in Jenkins? | Yes | Provide link to evidence | |
| Has the project code successfully passed the Daily Build process? | No | Validation (brand new microserivce) is still failing daily build | Goal is to ensure the latest project commit has not broken the Integration Daily Build |