The following items are expected to be completed for the project to Pass the M4 Code Freeze Milestone.
- Use the "Copy" option (available under the ..., top right of this page) to duplicate this template into your project wiki.
- Fill out the Yes/No column
- Provide link to evidence (when necessary)
|Practice Area||Checkpoint||Yes/No||Evidences||How to?|
|Product Management||Have all JIRA Stories supporting the release use case been implemented?||Yes|
|For each JIRA story that are implemented in Amsterdam Release, you have to setup in JIRA the JIRA fixVersion="Beijing Release"|
|List the Stories that will not be implemented in this current Release.||Yes|
For each JIRA story that will not be implemented in Amsterdam Release, you have to setup in JIRA the JIRA fixVersion=" Casablanca Release"
|Are committed Sprint Backlog Stories been coded and marked as "Done" in Jira?||Yes|
|Are all tasks associated with committed Sprint Backlog Stories been marked as "Done" in Jira?||Yes|
|Release Management||Have all issues pertaining to FOSS been addressed?||Yes||All the critical issues reported by Nexu-IQ have been addressed.|
|Have all findings from previous milestones been addressed?||Yes||List previous milestone issues that have not been addressed.||For M2 and M3 Milestones, ensure all findings have been closed.|
Has the Project Team reviewed and understood the most recent license scan reports from the LF, for both (a) licenses within the codebase and (b) licenses for third-party build time dependencies?
|For both (a) and (b), have all high priority non-Project Licenses been either removed or escalated as likely exception requests?||Yes|
|Development||Are all Defects of priority Highest and High in status "Done" in Jira?||Yes||Provide link to JIRA issue (type bug) of priority Highest and High.|
|Has the project team reach the Automated Unit Test Code Coverage expectation? (Refer to artifacts available in Sonar)||Yes|
Goal: 50% for Incubation project in Beijing
For evidences, provide link(s) to Gerrit repos by providing the URL as shown in this example
|Is there any binaries (jar, war, tar, gz, gzip, zip files) in Gerrit project repository?||No||Refer to CI Development Best Practices|
|Is there any pending commit request older than 36 hours in Gerrit?||No|
|Provide the "% Achived" on the CII Best Practices program.||As documented in CII Badging Program, teams have to fill out CII Best Practices|
Is there any Critical level security vulnerabilities older than 60 days old in the third party libraries used within your project unaddressed?
Nexus-IQ classifies level as the following:
which is complaint with CVSS V2.0 rating.
All the dependencies of the findings are updated to the latest version but there're still a few security vulnerabilities left. We anlayzied these issues and it turns out they have no impact to MSB project, the detailed explainations are put in this wiki page:
|Ensure the Nexus-IQ report from “Jenkins CLM” shows 0 critical security vulnerability. Open the Nexus-IQ report for the details on each repo.|
|Are all the Jenkins jobs successfully passed (verify + merge jobs)?||Yes||https://jenkins.onap.org/view/msb/|
|Are all snapshot binaries available in Nexus?||Yes||https://nexus.onap.org/#nexus-search;quick~msb|
|Do you have a clear plan to implement the Independent Versioning and Release Process by RC0?||Yes||Contact the upstream teams to make sure they will release their artifacts (in Nexus Release repo) so you can build by depending on these released artifacts by RC0.|
|Integration and Testing||Have 100% of Continuous System Integration Testing (CSIT) Use Cases been implemented successfully in Jenkins?||Yes|
|Is there a Docker images available for your project deliverable?||Yes||https://nexus3.onap.org/#browse/search=keyword%3Dmsb|
|Has the project code successfully passed the Daily Build process?||Yes||https://jenkins.onap.org/view/msb/||Goal is to ensure the latest project commit has not broken the Integration Daily Build|
|Doc||Has the team created a docs folder and Development and Release Notes documentation templates in Readthedocs?||Yes||http://onap.readthedocs.io/en/latest/submodules/msb/apigateway.git/docs/index.html|
ReadTheDcos shall be considered as a starting point for someone new within ONAP.
The ReadTheDocs is the ONAP Documentation facade visible to users.
|Is the API documentation section populated?||Yes||Microservice Bus API Documentation||Ensure there is at least a direct link toward the API documentation which may be already existing in the wiki.|