The following items are expected to be completed for the project to Pass the M4 Code Freeze Milestone.
M4 Release Code Freeze Milestone overview is available in wiki.
Usage
- Use the "Copy" option (available under the ..., top right of this page) to duplicate this template into your project wiki.
- Fill out the Yes/No column
- Provide link to evidence (when necessary)
| Practice Area | Checkpoint | Yes/No | Evidences | How to? |
|---|---|---|---|---|
| Product Management | Have all JIRA Stories supporting the release use case been implemented? | Yes | Getting issues... | For each JIRA story thatareimplemented in Amsterdam Release, you have tosetupin JIRA the JIRA fixVersion="BeijingRelease" |
| List the Stories that will not be implemented in this current Release. | Yes | Getting issues... | For each JIRA story that will not be implemented in Amsterdam Release, you have tosetupin JIRA the JIRA fixVersion=" Casablanca Release" | |
| Are committed Sprint Backlog Stories been coded and marked as "Done" in Jira? | Yes | Getting issues... | ||
| Are all tasks associated with committed Sprint Backlog Stories been marked as "Done" in Jira? | Yes | |||
| Release Management | Have all issues pertaining to FOSS been addressed? | Yes | All the critical issues reported byNexu-IQ have been addressed. | |
| Have all findings from previous milestones been addressed? | Yes | List previous milestone issues that have not been addressed. | For M2 and M3 Milestones, ensure all findings have been closed. | |
Has the Project Team reviewed and understood the most recent license scan reports from the LF, for both (a) licenses within the codebase and (b) licenses for third-party build time dependencies? | Yes | |||
| For both (a) and (b), have all high priority non-Project Licenses been either removed or escalated as likely exception requests? | Yes | |||
| Development | Are all Defects of priority Highest and High in status "Done" in Jira? | Yes | Provide linkt o JIRA issue (type bug) of priority Highest and High. Getting issues... | |
| Has the project team reach the Automated Unit Test Code Coverage expectation? (Refer to artifactsavailable in Sonar) | Yes | https://sonar.onap.org/dashboard?id=org.onap.msb.discovery%3Amsb-discovery-parent https://sonar.onap.org/dashboard?id=org.onap.msb.swagger-sdk%3Aswagger-sdk https://sonar.onap.org/dashboard?id=org.onap.msb.apigateway%3Amsb-apigateway-parent https://sonar.onap.org/dashboard?id=org.onap.msb.java-sdk%3Amsb-java-sdk | For evidences,provide link(s) to Gerrit repos by providing the URL as shown in this example | |
| Is there any binaries (jar, war, tar, gz, gzip, zip files) in Gerrit project repository? | No | Refer to CI Development Best Practices | ||
| Is there any pending commit request older than 36 hours in Gerrit? | No | |||
| Provide the "% Achived" on the CII Best Practices program. | Provide link to your project CII Best Practices page. Note: the progress is not 100% due to some CVE vulnerabilities which are false positive. Detatils can be found in this page:R3 MSB Security/Vulnerability Threat Impact Analysis | As documented in CII Badging Program, teams have to fill out CII Best Practices | ||
Is there any Critical level security vulnerabilities older than 60 days old in the third party libraries used within your project unaddressed? Nexus-IQ classifies level as the following:
which is complaint with CVSS V2.0 rating. | Yes | All the dependencies of the findings are updated to the latest version but there're still a few security vulnerabilities left. We anlayzied these issues and it turns out they have no impact to MSB project, the detailed explainations are put in this wiki page: | Ensure the Nexus-IQ report from “Jenkins CLM” shows 0 critical security vulnerability. Open the Nexus-IQ report for the details on each repo. | |
| Are all the Jenkins jobs successfully passed (verify + merge jobs)? | Yes | https://jenkins.onap.org/view/msb/ | ||
| Have all OOM Staging Healtcheck related to your project passed? | Yes | |||
| Are all snapshot binaries available in Nexus? | Yes | https://nexus.onap.org/#nexus-search;quick~msb | ||
| Do you have a clear plan to implement the Independent Versioning and Release Process by RC0? | Yes | Contact the upstream teams to make sure they will release their artifacts (in Nexus Release repo) so you can build by depending on these released artifacts by RC0. | ||
| Integration and Testing | Have 100% of Continuous System Integration Testing (CSIT) Use Cases been implemented successfully in Jenkins? | Yes | ||
| Is there a Docker images available for your project deliverable? | Yes | https://nexus3.onap.org/#browse/search=keyword%3Dmsb | ||
| Has the project code successfully passed the Daily Build process? | Yes | https://jenkins.onap.org/view/msb/ | Goal is to ensure the latest project commit has not broken the Integration Daily Build | |
| Doc | Has the team created a docs folder and Development and Release Notes documentation templates in Readthedocs? | Yes | http://onap.readthedocs.io/en/latest/submodules/msb/apigateway.git/docs/index.html | Documentation Team is using Readthedocs for documenting user facing documentation. ReadTheDcos shall be considered as a starting point for someone new within ONAP. The ReadTheDocs is the ONAP Documentation facade visible to users. |
| Is the API documentation section populated? | Yes | Microservice Bus API Documentation | Ensure there is at least a direct link toward the API documentation which may be already existing in the wiki. |