...
M4 Release Code Freeze Milestone overview is available in wiki.
Info |
---|
|
- Use the "Copy" option (available under the ..., top right of this page) to duplicate this template into your project wiki.
- Fill out the Yes/No column
- Provide link to evidence (when necessary)
|
Practice Area | Checkpoint | Yes/No | Evidences | How to? |
---|
Product Management | Have all JIRA Stories supporting the release use case been implemented? |
By using the macro JIRA Issue/Filter, provide a link to JIRA in listing the stories that are implemented in Amsterdam Release. (ExampleYes | Jira |
---|
server | ONAP JIRA |
---|
jqlQuery | project=aai and type=Story and fixversion=" |
---|
|
|
Amsterdam Casablanca Release" | count | true |
---|
serverId | 425b2b0a-557c-3c0c-b515-579789cceedb |
---|
|
|
for AAI project, edit for your project) | For each JIRA story that are implemented in Amsterdam Release, you have to setup in JIRA the JIRA fixVersion="Amsterdam Release" |
List the Stories that will not be implemented in this current |
Release.By using the macro JIRA Issue/Filter, provide a link to JIRA in listing the stories that are NOT implemented in Amsterdam (Example |
| Jira |
---|
server | ONAP JIRA |
---|
jqlQuery | project=aai and type=Story and fixversion=" |
---|
|
|
Beijing Dublin Release" | count | true |
---|
serverId | 425b2b0a-557c-3c0c-b515-579789cceedb |
---|
|
|
for AAI project, edit for your project) | For each JIRA story that will not be implemented in Amsterdam Release, you have to setup in JIRA the JIRA fixVersion="Beijing Release" |
Are committed Sprint Backlog Stories been coded and marked as "Closed" in Jira? | Yes |
Provide Link to Project backlog |
|
Are all tasks associated with committed Sprint Backlog Stories been marked as "Closed" in Jira? | Yes |
|
|
Release Management | Have all issues pertaining to FOSS been addressed? | Yes |
|
|
Have all findings from previous milestones been addressed? | Yes | List previous milestone issues that have not been addressed. | For M2 and M3 Milestones, ensure all findings have been closed. |
Has the Project Team reviewed and understood the most recent license scan reports from the LF, for both (a) licenses within the codebase and (b) licenses for third-party build time dependencies? | Yes |
|
|
For both (a) and (b), have all high priority non-Project Licenses been either removed or escalated as likely exception requests? | n/a |
|
|
Development | Are all Defects of priority Highest and High in status "Closed" in Jira? |
Provide link to JIRA issue (type bug) of priority Highest and High. | No | Jira |
---|
server | ONAP JIRA |
---|
jqlQuery | project = "Active and Available Inventory" and fixVersion = "Casablanca Release" and type = "Bug" and status != Closed and (priority = High or priority = highest) |
---|
count | true |
---|
serverId | 425b2b0a-557c-3c0c-b515-579789cceedb |
---|
|
|
|
Has the project team reach the Automated Unit Test Code Coverage expectation? (Refer to artifacts available in Sonar) |
Goal: 50% for Incubation project in Beijing | For evidences, provide link(s) to Gerrit repos by providing the URL as shown in this example Example |
Is there any binaries (jar, war, tar, gz, gzip, zip files) in Gerrit project repository? | No |
| Refer to CI Development Best Practices |
Is there any pending commit request older than 36 hours in Gerrit? | No |
|
|
Provide the "% Achived" on the CII Best Practices program. | 97% | Provide link to your project CII Best Practices page. | As documented in CII Badging Program, teams have to fill out CII Best Practices |
Is there any Critical and Severe level security vulnerabilities older than 60 days old in the third party libraries used within your project unaddressed? Nexus-IQ classifies level as the following: - Critical is level 7 to 10
- Severe is level 4 to 6
- Moderate is level 1 to 3
which is complaint with CVSS V2.0 rating. |
In the case critical known vulnerability are still showing in the report, fill out the Template in your project.Analysis | Ensure the Nexus-IQ report from “Jenkins CLM” shows 0 critical security vulnerability. Open the Nexus-IQ report for the details on each repo. |
Are all the Jenkins jobs successfully passed (verify + merge jobs)? |
Provide link to "Merge job" as evidence in Jenkins project tabLink to evidence