...
Practice Area | Checkpoint | Yes/No | Evidences | How to? | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Product Management | Have all JIRA Stories supporting the release use case been implemented? | Yes Y (Except DCAEGEN2-393) | By using the macro JIRA Issue/Filter, provide a link to JIRA in listing the stories that are implemented in Beijing Release. (Example
| For each JIRA story that are implemented in Amsterdam Release, you have to setup in JIRA the JIRA fixVersion="Beijing Release" | ||||||||||
List the Stories that will not be implemented in this current Release. | YesY | By using the macro JIRA Issue/Filter, provide a link to JIRA in listing the stories that are NOT implemented in Beijing Release. (Example
| For each JIRA story that will not be implemented in Amsterdam Release, you have to setup in JIRA the JIRA fixVersion="Casablanca Release" | |||||||||||
Are committed Sprint Backlog Stories been coded and marked as "Done" in Jira? | YesY | Provide Link to Project backlog | ||||||||||||
Are all tasks associated with committed Sprint Backlog Stories been marked as "Done" in Jira? | YesY | |||||||||||||
Release Management | Have all issues pertaining to FOSS been addressed? | Y | ||||||||||||
Have all findings from previous milestones been addressed? | Y | List previous milestone issues that have not been addressed. | For M2 and M3 Milestones, ensure all findings have been closed. | |||||||||||
Has the Project Team reviewed and understood the most recent license scan reports from the LF, for both (a) licenses within the codebase and (b) licenses for third-party build time dependencies? | Y | |||||||||||||
For both (a) and (b), have all high priority non-Project Licenses been either removed or escalated as likely exception requests? | Y | |||||||||||||
Development | Are all Defects of priority Highest and High in status "Done" in Jira? | Provide link to JIRA issue (type bug) of priority Highest and High. | ||||||||||||
Has the project team reach the Automated Unit Test Code Coverage expectation? (Refer to artifacts available in Sonar) | Goal: 50% for Incubation project in Beijing | For evidences, provide link(s) to Gerrit repos by providing the URL as shown in this example | ||||||||||||
Is there any binaries (jar, war, tar, gz, gzip, zip files) in Gerrit project repository? | N | Refer to CI Development Best Practices | ||||||||||||
Is there any pending commit request older than 36 hours in Gerrit? | N | |||||||||||||
Provide the "% Achived" on the CII Best Practices program. | 76% | https://bestpractices.coreinfrastructure.org/en/projects/1718 | As documented in CII Badging Program, teams have to fill out CII Best Practices | |||||||||||
Is there any Critical level security vulnerabilities older than 60 days old in the third party libraries used within your project unaddressed? Nexus-IQ classifies level as the following:
which is complaint with CVSS V2.0 rating. | Y | In the case critical known vulnerability are still showing in the report, fill out the Security/Vulnerability Threat Template in your project. | Ensure the Nexus-IQ report from “Jenkins CLM” shows 0 critical security vulnerability. Open the Nexus-IQ report for the details on each repo. | |||||||||||
Are all the Jenkins jobs successfully passed (verify + merge jobs)? | Provide link to "Merge job" as evidence in Jenkins project tab | |||||||||||||
Are all snapshot binaries available in Nexus? | Y | Provide link to evidence | ||||||||||||
Do you have a clear plan to implement the Independent Versioning and Release Process by RC0? | Y | Contact the upstream teams to make sure they will release their artifacts (in Nexus Release repo) so you can build by depending on these released artifacts by RC0. | ||||||||||||
Integration and Testing | Have 100% of Continuous System Integration Testing (CSIT) Use Cases been implemented successfully in Jenkins? | Y | All jobs pertaining to your project MUST pass | |||||||||||
Is there a Docker images available for your project deliverable? | Y | nexus3.onap.org:10001/onap/org.onap.dcaegen2.collectors.snmptrap nexus3.onap.org:10001/onap/org.onap.dcaegen2.collectors.ves.vescollector nexus3.onap.org:10001/onap/org.onap.dcaegen2.deployments.cm-conatiner nexus3.onap.org:10001/onap/org.onap.dcaegen2.deployments.redis-cluster-container nexus3.onap.org:10001/onap/org.onap.dcaegen2.deployments.tca-cdap-container nexus3.onap.org:10001/onap/org.onap.dcaegen2.platform.configbinding nexus3.onap.org:10001/onap/org.onap.dcaegen2.platform.deploymenthandler nexus3.onap.org:10001/onap/org.onap.dcaegen2.platform.inventory-api nexus3.onap.org:10001/onap/org.onap.dcaegen2.platform.policy-handler nexus3.onap.org:10001/onap/org.onap.dcaegen2.platform.servicechange-handler | ||||||||||||
Has the project code successfully passed the Daily Build process? | Y | Goal is to ensure the latest project commit has not broken the Integration Daily Build | ||||||||||||
Doc | Has the team created a docs folder and Development and Release Notes documentation templates in Readthedocs? | Y | Add a link to your project documentation in ReadTheDocs. | Documentation Team is using Readthedocs for documenting user facing documentation. ReadTheDcos shall be considered as a starting point for someone new within ONAP. The ReadTheDocs is the ONAP Documentation facade visible to users. | ||||||||||
Is the API documentation section populated? | Y | Link to evidence | Ensure there is at least a direct link toward the API documentation which may be already existing in the wiki. |