The following items are expected to be completed for the project to Pass the M4 Code Freeze Milestone.
M4 Release Code Freeze Milestone overview is available in wiki.
Usage
- Use the "Copy" option (available under the ..., top right of this page) to duplicate this template into your project wiki.
- Fill out the Yes/No column
- Provide link to evidence (when necessary)
| Practice Area | Checkpoint | Yes/No | Evidences | How to? |
|---|---|---|---|---|
| Security | Has the Release Security/Vulnerability table been filled out in the protected Security Vulnerabilities wiki space? | Yes | R4 APPC Security/Vulnerability - Full Content | PTL reviews the NexusIQ scans for their project repos and fills out the vulnerability review table |
| Are all Defects of priority Highest and High in status "Closed" in Jira? (this includes the Jira for Critical and Severe NexusIQ findings) | Yes | All Jira tickets for vulnerability elimination are complete. | Complete Jira tickets | |
| Did the project achieve the enablement of transport level encryption on all interfaces and the option of disabling transport level encryption? | No | Progress been tacking on APPC-1487 - Getting issue details... STATUS | ||
| Do all containers run as a non-root user and is documentation available for those containers that must run as root in order to enable ONAP features? | Yes | APPC is running under odl: https://gerrit.onap.org/r/gitweb?p=ccsdk/distribution.git;a=blob;f=odlsli/odlsli-alpine/src/main/docker/Dockerfile;h=2719102e74315b9626931962fcda90c3b359cd2e;hb=4b054f9fab21f76992441e92069694d9f0cba0aa Dgbuilder is running under dgbuilder: https://gerrit.onap.org/r/gitweb?p=ccsdk/distribution.git;a=blob;f=dgbuilder-docker/src/main/docker/Dockerfile;h=c1fd8dbde01deefce2dcfec6b71b5987ebe9e4cb;hb=4b054f9fab21f76992441e92069694d9f0cba0aa CDT is running under cdt: https://gerrit.onap.org/r/gitweb?p=appc/deployment.git;a=blob;f=cdt/src/main/docker/Dockerfile;h=514ddba9d0768abeb33282926ce2a339a6177ca6;hb=d69066a2ed223fc5f525fcff520c5740736c5cb6 Ansible is running under ansible (https://gerrit.onap.org/r/gitweb?p=ccsdk/distribution.git;a=blob;f=ansible-server/src/main/Dockerfile;h=40de69e69888c9b797dfb0e1be48cba0da9e7a74;hb=4b054f9fab21f76992441e92069694d9f0cba0aa) | https://wiki.onap.org/display/DW/Best+Practices | |
| Provide the "% Achieved" on the CII Best Practices program. | Passing: 98% Silver: 93% | https://bestpractices.coreinfrastructure.org/en/projects/1579 | As documented in CII Badging Program, teams have to fill out CII Best Practices | |
| Product Management | Have all JIRA Stories supporting the release use case been implemented? | Yes | Change Management use case has been implemented/delivered for code. The rest of opened JIRAs are for testing and documentation
APPC-1442
-
Getting issue details...
STATUS
| For each JIRA story that are implemented in the current release, you have to setup in JIRA the JIRA fixVersion="Dublin Release" |
| List the Stories that will not be implemented in this current Release. | N/A | For each JIRA story that will not be implemented in the current Release, you have to setup in JIRA the JIRA fixVersion="El Alto Release" | ||
| Are committed Sprint Backlog Stories been coded and marked as "Closed" in Jira? | Yes | Getting issues... | ||
| Are all tasks associated with committed Sprint Backlog Stories been marked as "Closed" in Jira? | Yes | Getting issues... | ||
Is there any Critical and Severe level security vulnerabilities older than 60 days old in the third party libraries used within your project unaddressed? Nexus-IQ classifies level as the following:
which is complaint with CVSS V2.0 rating. | Yes | R4 APPC Security/Vulnerability - Full Content | Ensure the Nexus-IQ report from “Jenkins CLM” shows 0 critical security vulnerability. Open the Nexus-IQ report for the details on each repo. | |
| Release Management | Have all issues pertaining to FOSS been addressed? | Yes | ||
| Have all findings from previous milestones been addressed? | N/A | No Findings | For M2 and M3 Milestones, ensure all findings have been closed. | |
Has the Project Team reviewed and understood the most recent license scan reports from the LF, for both (a) licenses within the codebase and (b) licenses for third-party build time dependencies? | Yes | |||
| For both (a) and (b), have all high priority non-Project Licenses been either removed or escalated as likely exception requests? | Yes | |||
| Development | Are all Defects of priority Highest and High in status "Closed" in Jira? | Yes | Provide link to JIRA issue (type bug) of priority Highest and High. | |
| Has the Platform Maturity Table been updated with implementation Status at M4? | Yes | For each Release, there is a Platform Maturity table created for PTLs to record their goals and achievement at M4 (Example: Casablanca Release Platform Maturity) | ||
| Has the project team reach the Automated Unit Test Code Coverage expectation? (Refer to artifacts available in Sonar) | Yes | 83.8% (4/9/2019) | Guidance on Code Coverage and Static Code Analysis Tools: Sonar | |
| Is there any binaries (jar, war, tar, gz, gzip, zip files) in Gerrit project repository? | No | Refer to CI Development Best Practices | ||
| Is there any pending commit request older than 36 hours in Gerrit? | No | However, there are some commits in Draft status - which are for R5. | Gerrit Query: status:open label:verified -is:draft -label:Code-Review=-1 AND -label:Code-Review=-2 AND is:mergeable age:1week | |
| Are all the Jenkins jobs successfully passed (verify + merge jobs)? | Yes | https://jenkins.onap.org/view/appc/ | ||
| Have all OOM Staging Healtcheck related to your project passed? | Yes | |||
| Are all snapshot binaries available in Nexus-staging? | Yes | Provide link to evidence | ||
| Do you have a clear plan to implement the Independent Versioning and Release Process by RC0? | Yes | Contact the upstream teams to make sure they will release their artifacts (in Nexus Release repo) so you can build by depending on these released artifacts by RC0. | ||
| Integration and Testing | Have 100% of Continuous System Integration Testing (CSIT) Use Cases been implemented successfully in Jenkins? It should include at least 1 CSIT that will be run on Lab-xxx-OOM-Daily Jenkins Job | Yes | All jobs pertaining to your project MUST pass | |
| Is there a Docker images available for your project deliverable? | Yes | https://nexus3.onap.org/#browse/search=keyword%3DAPPC-image%20AND%20version%3D1.5.0-SNAPSHOT* | ||
Has the project passed the Integration Sanity Tests? | No access for Grafana | APPC csit is all working. https://jenkins.onap.org/view/appc/job/appc-master-csit-healthcheck/ | Integration sanity tests in Dublin Release cover:
No test failure reported on http://onapci.org/grafana/d/8cGRqBOmz/daily-summary?orgId=1 No Integration Blocking Issue with no workaround: Dublin Release Integration Test Blocking Issues | |
| Has the project code successfully passed the Daily Build process? | Yes | https://jenkins.onap.org/view/integration/ all passed that is what I am seeing. | Goal is to ensure the latest project commit has not broken the Integration Daily Build | |
Doc | Does the project have a plan to finalise and close all remaining JIRA Documentation tickets? | Yes | All JIRA ticket related to Documentation will be closed and finished by RC1 | Jira Query project != "Sandbox Project" AND project != "ONAP TSC" AND project != CI-Management AND (labels=Documentation OR project=Documentation) AND status != Closed ORDER BY fixVersion ASC, status DESC, priority DESC, updated DESC Jira Query (Bugs Only) project != "Sandbox Project" AND project != "ONAP TSC" AND project != CI-Management AND (labels = Documentation OR project = Documentation) AND issuetype= Bug AND fixversion = "Dublin Release" AND status != Closed ORDER BY issuetype DESC, fixVersion ASC, status DESC, priority DESC, updated DESC |
Does the project team have a plan to complete all the Release related documents by RC1? | Yes |