The following items are expected to be completed for the project to Pass the M4 Code Freeze Milestone.
|Practice Area||Checkpoint||Yes/No||Evidences||How to?|
|Security||Has the Release Security/Vulnerability table been filled out in the protected Security Vulnerabilities wiki space?||Yes||Table in in the protected Security Vulnerabilities wiki space corresponds to the latest NexusIQ scan; all NexusIQ finding are marked as false positive or exploitable with the supporting analysis.||PTL reviews the NexusIQ scans for their project repos and fills out the vulnerability review table|
|Are all Defects of priority Highest and High in status "Closed" in Jira? (this includes the Jira for Critical and Severe NexusIQ findings)||Yes||All Jira tickets for vulnerability elimination are complete.||Complete Jira tickets|
|Did the project achieve the enablement of transport level encryption on all interfaces and the option of disabling transport level encryption?||N/A||All interfaces are exposed over TLS and the secure protocol can optionally be turned off|
|Do all containers run as a non-root user and is documentation available for those containers that must run as root in order to enable ONAP features?||N/A||https://wiki.onap.org/display/DW/Best+Practices|
|Provide the "% Achieved" on the CII Best Practices program.||N/A||Provide link to your project CII Best Practices page.||As documented in CII Badging Program, teams have to fill out CII Best Practices|
|Product Management||Have all JIRA Stories supporting the release use case been implemented?||In Progress|
|For each JIRA story that are implemented in the current release, you have to setup in JIRA the JIRA fixVersion="Dublin Release"|
|List the Stories that will not be implemented in this current Release.||Yes|
For each JIRA story that will not be implemented in the current Release, you have to setup in JIRA the JIRA fixVersion="El Alto Release"
|Are committed Sprint Backlog Stories been coded and marked as "Closed" in Jira?||Yes|
|Are all tasks associated with committed Sprint Backlog Stories been marked as "Closed" in Jira?||Yes|
Is there any Critical and Severe level security vulnerabilities older than 60 days old in the third party libraries used within your project unaddressed?
Nexus-IQ classifies level as the following:
which is complaint with CVSS V2.0 rating.
|No||In the case critical known vulnerability are still showing in the report, fill out the Security/Vulnerability Threat Template - Beijing, Casablanca, Dublin in your project.||Ensure the Nexus-IQ report from “Jenkins CLM” shows 0 critical security vulnerability. Open the Nexus-IQ report for the details on each repo.|
|Release Management||Have all issues pertaining to FOSS been addressed?||Yes|
|Have all findings from previous milestones been addressed?||Yes||List previous milestone issues that have not been addressed.||For M2 and M3 Milestones, ensure all findings have been closed.|
Has the Project Team reviewed and understood the most recent license scan reports from the LF, for both (a) licenses within the codebase and (b) licenses for third-party build time dependencies?
|For both (a) and (b), have all high priority non-Project Licenses been either removed or escalated as likely exception requests?||N/A|
|Development||Are all Defects of priority Highest and High in status "Closed" in Jira?||Yes||Provide link to JIRA issue (type bug) of priority Highest and High.|
|Has the Platform Maturity Table been updated with implementation Status at M4?||Yes||For each Release, there is a Platform Maturity table created for PTLs to record their goals and achievement at M4 (Example: Casablanca Release Platform Maturity)|
|Has the project team reach the Automated Unit Test Code Coverage expectation? (Refer to artifacts available in Sonar)||N/A|
Goal: 55% for Incubation project in the current release
The policy/api just recently dropped below 55% - we will bring that up today
|Is there any binaries (jar, war, tar, gz, gzip, zip files) in Gerrit project repository?||No||Refer to CI Development Best Practices|
|Is there any pending commit request older than 36 hours in Gerrit?||No||Gerrit Query: status:open label:verified -is:draft -label:Code-Review=-1 AND -label:Code-Review=-2 AND is:mergeable age:1week|
|Are all the Jenkins jobs successfully passed (verify + merge jobs)?||Yes|
|Have all OOM Staging Healtcheck related to your project passed?||N/A|
|Are all snapshot binaries available in Nexus-staging?||Yes||Provide link to evidence|
|Do you have a clear plan to implement the Independent Versioning and Release Process by RC0?||Yes||Contact the upstream teams to make sure they will release their artifacts (in Nexus Release repo) so you can build by depending on these released artifacts by RC0.|
|Integration and Testing|
Have 100% of Continuous System Integration Testing (CSIT) Use Cases been implemented successfully in Jenkins?
It should include at least 1 CSIT that will be run on
Lab-xxx-OOM-Daily Jenkins Job
|Is there a Docker images available for your project deliverable?||Yes||https://nexus3.onap.org/#browse/browse:docker.snapshot:v2%2Fonap%2Ftestsuite%2Ftags%2F1.4.0-STAGING-latest|
Has the project passed the Integration Sanity Tests?
Integration sanity tests in Dublin Release cover:
No test failure reported on http://onapci.org/grafana/d/8cGRqBOmz/daily-summary?orgId=1
No Integration Blocking Issue with no workaround: Dublin Release Integration Test Blocking Issues
|Has the project code successfully passed the Daily Build process?||Yes||Goal is to ensure the latest project commit has not broken the Integration Daily Build|
Does the project have a plan to finalise and close all remaining JIRA Documentation tickets?
project != "Sandbox Project" AND project != "ONAP TSC" AND project != CI-Management AND (labels=Documentation OR project=Documentation) AND status != Closed ORDER BY fixVersion ASC, status DESC, priority DESC, updated DESC
Jira Query (Bugs Only)
project != "Sandbox Project" AND project != "ONAP TSC" AND project != CI-Management AND (labels = Documentation OR project = Documentation) AND issuetype= Bug AND fixversion = "Dublin Release" AND status != Closed ORDER BY issuetype DESC, fixVersion ASC, status DESC, priority DESC, updated DESC
Does the project team have a plan to complete all the Release related documents by RC1?