...
| Info |
|---|
|
- Use the "Copy" option (available under the ..., top right of this page) to duplicate this template into your project wiki.
- Fill out the Yes/No column
- Provide link to evidence (when necessary)
|
summary ~ "MUSIC" OR description ~ "MUSIC"
| Practice Area | Checkpoint | Yes/No | Evidences | How to? |
|---|
| Security | Has the Release Security/Vulnerability table been filled out in the protected Security Vulnerabilities wiki space? |
Table in in the protected Security Vulnerabilities wiki space corresponds to the latest NexusIQ scan; all NexusIQ finding are marked as false positive or exploitable with the supporting analysis. | Yes | MUSIC Dublin Security/Vulnerability | PTL reviews the NexusIQ scans for their project repos and fills out the vulnerability review table |
| Are all Defects of priority Highest and High in status "Closed" in Jira? (this includes the Jira for Critical and Severe NexusIQ findings) |
| | | Jira |
|---|
| server | ONAP JIRA |
|---|
| columns | key,summary,type,created,updated,due,assignee,reporter,priority,status,resolution |
|---|
| maximumIssues | 20 |
|---|
| jqlQuery | (project = MUSIC and priority = highest and status != Closed ) or (project = MUSIC and priority = high and status != Closed ) |
|---|
| serverId | 425b2b0a-557c-3c0c-b515-579789cceedb |
|---|
|
|
All Jira tickets for vulnerability elimination are complete. | Complete Jira tickets |
| Did the project achieve the enablement of transport level encryption on all interfaces and the option of disabling transport level encryption? |
All interfaces are exposed over TLS and the secure protocol can optionally be turned off | Yes | MUSIC Node-to-node encryption using SSL |
|
| Do all containers run as a non-root user and is documentation available for those containers that must run as root in order to enable ONAP features? | Yes | - ONAP project containers do not run as the root ID with the exception of containers supporting ONAP features that require the container to run as the root ID.
- Project containers that run as the root ID have documented this in the release notes along with the functionality that requires the container to run as the root ID.
| https://wiki.onap.org/display/DW/Best+Practices |
| Provide the "% Achieved" on the CII Best Practices program. |
Provide link to your project CII Best Practices page.By using the macro JIRA Issue/Filter, provide a link to JIRA in listing the stories that are implemented in the current Release. (Example | Jira |
|---|
| server | ONAP JIRA |
|---|
| jqlQuery | project=aai and type=Story and fixversion="Amsterdam Release" |
|---|
| count | true |
|---|
| serverId | 425b2b0a-557c-3c0c-b515-579789cceedb |
|---|
|
for AAI project, edit for your project) | | yes | | For each JIRA story that are implemented in the current release, you have to setup in JIRA the JIRA fixVersion="Dublin Release" |
| List the Stories that will not be implemented in this current Release. |
By using the macro JIRA Issue/Filter, provide a link to JIRA in listing the stories that are NOT implemented in the current release. (Example | Jira |
|---|
| server | ONAP JIRA |
|---|
| jqlQuery | project=aai and type=Story and fixversion="Beijing Release" |
|---|
| count | true |
|---|
| serverId | 425b2b0a-557c-3c0c-b515-579789cceedb |
|---|
|
for AAI project, edit for your project) | | NA | | For each JIRA story that will not be implemented in the current Release, you have to setup in JIRA the JIRA fixVersion="El Alto Release" |
| Are committed Sprint Backlog Stories been coded and marked as "Closed" in Jira? |
Provide Link to Project backlogIn the case critical known vulnerability are still showing in the report, fill out the Threat Template in your project. | Ensure the Nexus-IQ report from “Jenkins CLM” shows 0 critical security vulnerability. Open the Nexus-IQ report for the details on each repo. |
| Release Management | Have all issues pertaining to FOSS been addressed? | Yes |
|
|
| Have all findings from previous milestones been addressed? |
List previous milestone issues that have not been addressed.| Yes |
| For M2 and M3 Milestones, ensure all findings have been closed. |
Has the Project Team reviewed and understood the most recent license scan reports from the LF, for both (a) licenses within the codebase and (b) licenses for third-party build time dependencies? | Yes |
|
|
| For both (a) and (b), have all high priority non-Project Licenses been either removed or escalated as likely exception requests? | Yes |
|
|
| Development | Are all Defects of priority Highest and High in status "Closed" in Jira? |
Provide link to JIRA issue (type bug) of priority Highest and High. | Yes | | Jira |
|---|
| server | ONAP JIRA |
|---|
| jqlQuery | (project = MUSIC and priority = highest and status != Closed ) or (project = MUSIC and priority = high and status != Closed ) |
|---|
| serverId | 425b2b0a-557c-3c0c-b515-579789cceedb |
|---|
|
|
|
| Has the Platform Maturity Table been updated with implementation Status at M4? | yes | Dublin Release Platform Maturity | For each Release, there is a Platform Maturity table created for PTLs to record their goals and achievement at M4 (Example: Casablanca Release Platform Maturity) |
| Has the project team reach the Automated Unit Test Code Coverage expectation? (Refer to artifacts available in Sonar) | Yes |
Goal: 55% for Incubation project in the current releaseProvide link to "Merge job" as evidence in Jenkins project tabProvide link to evidence | Yes | https://nexus.onap.org/#nexus-search;quick~music |
|
| Do you have a clear plan to implement the Independent Versioning and Release Process by RC0? | yes |
| Contact the upstream teams to make sure they will release their artifacts (in Nexus Release repo) so you can build by depending on these released artifacts by RC0. |
| Integration and Testing | Have 100% of Continuous System Integration Testing (CSIT) Use Cases been implemented successfully in Jenkins? It should include at least 1 CSIT that will be run on Lab-xxx-OOM-Daily Jenkins Job |
All jobs pertaining to your project MUST passProvide link to Nexus repos |
|
Has the project passed the Integration Sanity Tests? | Yes |
| Integration sanity tests in Dublin Release cover: - ONAP deployment
- All components health check
- VNF onboarding and service creation for vFW use case
- Model distribution for vFW
- vFW instantiation
- vFW closed loop
- vFW deletion
No test failure reported on http://onapci.org/grafana/d/8cGRqBOmz/daily-summary?orgId=1 No Integration Blocking Issue with no workaround: Dublin Release Integration Test Blocking Issues |
| Has the project code successfully passed the Daily Build process? | Yes |
| Goal is to ensure the latest project commit has not broken the Integration Daily Build |
Doc
| Does the project have a plan to finalise and close all remaining JIRA Documentation tickets?
| Yes |
| Jira Query project != "Sandbox Project" AND project != "ONAP TSC" AND project != CI-Management AND (labels=Documentation OR project=Documentation) AND status != Closed ORDER BY fixVersion ASC, status DESC, priority DESC, updated DESC
Jira Query (Bugs Only) project != "Sandbox Project" AND project != "ONAP TSC" AND project != CI-Management AND (labels = Documentation OR project = Documentation) AND issuetype= Bug AND fixversion = "Dublin Release" AND status != Closed ORDER BY issuetype DESC, fixVersion ASC, status DESC, priority DESC, updated DESC |
Does the project team have a plan to complete all the Release related documents by RC1? | Yes |
|
|
