The following items are expected to be completed for the project to Pass the M4 Code Freeze Milestone.
...
Practice Area | Checkpoint | Yes/No | Evidences | How to? | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Security | Has the Release Security/Vulnerability table been filled out in the protected Security Vulnerabilities wiki space? | Yes | Table in in the protected Security Vulnerabilities wiki space corresponds to the latest NexusIQ scan; all NexusIQ finding are marked as false positive or exploitable with the supporting analysis. | PTL reviews the NexusIQ scans for their project repos and fills out the vulnerability review table | ||||||||||
Are all Defects of priority Highest and High in status "Closed" in Jira? (this includes the Jira for Critical and Severe NexusIQ findings) | Yes | All Jira tickets for vulnerability elimination are complete.
| Complete Jira tickets | |||||||||||
Did the project achieve the enablement of transport level encryption on all interfaces and the option of disabling transport level encryption? | No | Most external and internal interfaces are enabled for TLS by default - with exception of few (due to external dependency and resource constraint) External Interfaces: VES - Supports secure interface; disabled by default (due to xNF/simulator dependencies) DFC - Supports secure interface by default HV-VES - Support secure interface by default. RESTConf - Support secure interface by default All new service components interfaces to Dmaap are secure (either using AAF or apikey) VESCollector/RestConf - Interfaces through DMaaP will be using unauthenticated topic for Dublin ConfigBindingService - Interface is HTTP | ||||||||||||
Do all containers run as a non-root user and is documentation available for those containers that must run as root in order to enable ONAP features? | No |
DCAE - DCAE-Cloudify container is 3rd party product (Cloudify) must be run as “root. Other DCAE Service container (Mapper, VES, PRH, Son-handler, TCA) migration to root will be done for next release. Following DCAE service components are switched to non-root user for Dublin - PM-Mapper, DFC | https://wiki.onap.org/display/DW/Best+Practices | |||||||||||
Provide the "% Achieved" on the CII Best Practices program. | 100%- Passing 71% - Sliver | Provide link to your project CII Best Practices page. https://bestpractices.coreinfrastructure.org/en/projects/1718 | As documented in CII Badging Program, teams have to fill out CII Best Practices | |||||||||||
Product Management | Have all JIRA Stories supporting the release use case been implemented? | Yes | By using the macro JIRA Issue/Filter, provide a link to JIRA in listing the stories that are implemented in the current Release. (Example
| For each JIRA story that are implemented in the current release, you have to setup in JIRA the JIRA fixVersion="Dublin Release" | ||||||||||
List the Stories that will not be implemented in this current Release. | Done | By using the macro JIRA Issue/Filter, provide a link to JIRA in listing the stories that are NOT implemented in the current release. (Example
| For each JIRA story that will not be implemented in the current Release, you have to setup in JIRA the JIRA fixVersion="El Alto Release" | |||||||||||
Are committed Sprint Backlog Stories been coded and marked as "Closed" in Jira? | In-progressYes | Provide Link to Project backlog https://jira.onap.org/secure/RapidBoard.jspa?rapidView=49&view=planning.nodetail&epics=visible | ||||||||||||
Are all tasks associated with committed Sprint Backlog Stories been marked as "Closed" in Jira? | In-progress |
| ||||||||||||
Is there any Critical and Severe level security vulnerabilities older than 60 days old in the third party libraries used within your project unaddressed? Nexus-IQ classifies level as the following:
which is complaint with CVSS V2.0 rating. | Yes | In the case critical known vulnerability are still showing in the report, fill out the Security/Vulnerability Threat Template in your project. | Ensure the Nexus-IQ report from “Jenkins CLM” shows 0 critical security vulnerability. Open the Nexus-IQ report for the details on each repo. | |||||||||||
Release Management | Have all issues pertaining to FOSS been addressed? | Yes | ||||||||||||
Have all findings from previous milestones been addressed? | Yes | List previous milestone issues that have not been addressed. Sonar coverage pending for 3 components (dcaegen2-collectors-restconf , dcaegen2-collectors-snmptrap, dcaegen2-platform-inventory-api) among 20 DCAE components were not meeting 55% during M3. They are all addressed now. | For M2 and M3 Milestones, ensure all findings have been closed. | |||||||||||
Has the Project Team reviewed and understood the most recent license scan reports from the LF, for both (a) licenses within the codebase and (b) licenses for third-party build time dependencies? | Yes | |||||||||||||
For both (a) and (b), have all high priority non-Project Licenses been either removed or escalated as likely exception requests? | Yes | |||||||||||||
Development | Are all Defects of priority Highest and High in status "Closed" in Jira? | Yes | Provide link to JIRA issue (type bug) of priority Highest and High. | |||||||||||
Has the Platform Maturity Table been updated with implementation Status at M4? | Yes | Dublin Release Platform Maturity | For each Release, there is a Platform Maturity table created for PTLs to record their goals and achievement at M4 (Example: Casablanca Release Platform Maturity) | |||||||||||
Has the project team reach the Automated Unit Test Code Coverage expectation? (Refer to artifacts available in Sonar) | NoYes, with exception of 1 | DCAE has 20 run-time components. With recent merges dcaegen2-services-prh dropped under 55% ; all - being worked to meet the target. All other DCAE components are > 55%. dcaegen2/analytics/tca → https://sonar.onap.org/dashboard?id=org.onap.dcaegen2.analytics.tca%3Adcae-analytics - 77.1% dcaegen2/collectors/snmptrap → https://sonar.onap.org/dashboard?id=org.onap.dcaegen2.collectors%3Asnmptrap - 56.5% dcaegen2/collectors/ves → https://sonar.onap.org/dashboard?id=org.onap.dcaegen2.collectors.ves%3AVESCollector - 68.2% dcaegen2/platform/configbinding → https://sonar.onap.org/dashboard?id=org.onap.dcaegen2.platform%3Aconfigbinding - 79.7% dcaegen2/platform/plugins → https://sonar.onap.org/dashboard?id=org.onap.dcaegen2.platform%3Aplugins - 55.4% dcaegen2/platform/inventory-api → https://sonar.onap.org/dashboard?id=org.onap.dcaegen2.platform%3Ainventory-api - 58% dcaegen2/platform/policy-handler → https://sonar.onap.org/dashboard?id=org.onap.dcaegen2.platform%3Apolicy-handler - 73.2% dcaegen2/platform/cli → https://sonar.onap.org/dashboard?id=org.onap.dcaegen2.platform.cli%3Acli - 72.1% dcaegen2/utils → https://sonar.onap.org/dashboard?id=org.onap.dcaegen2.utils%3Autils - 78.4% dcaegen2/services/heartbeat → https://sonar.onap.org/dashboard?id=org.onap.dcaegen2.platform%3Aheartbeat - 57.3% dcaegen2/services/mapper → https://sonar.onap.org/dashboard?id=org.onap.dcaegen2.services.mapper%3Amapper - 71.9% dcaegen2/services/prh → https://sonar.onap.org/dashboard?id=org.onap.dcaegen2.services%3Aprh (was 71.5%) dcaegen2/collectors/hv-ves → 62% (kotlin) dcaegen2/collectors/datafile → https://sonar.onap.org/dashboard?id=org.onap.dcaegen2.collectors%3Adatafile - 77.2% dcaegen2/analytics/tca-gen2 → https://sonar.onap.org/dashboard?id=org.onap.dcaegen2.analytics.tca-gen2%3Atca-gen2-parent - 57.3% dcaegen2/services/son-handler → https://sonar.onap.org/dashboard?id=org.onap.dcaegen2.services.son-handler%3Ason-handler - 55.3% dcaegen2/services/pm-mapper → https://sonar.onap.org/dashboard?id=org.onap.dcaegen2.services%3Apm-mapper - 79.5% dcaegen2/services/bbs-eventprocessor → https://sonar.onap.org/dashboard?id=org.onap.dcaegen2.services.components%3Abbs-event-processor - 74.3% dcaegen2/services/sdk → https://sonar.onap.org/dashboard?id=org.onap.dcaegen2.services%3Asdk - 58.5% dcaegen2/collector/restconf → https://sonar.onap.org/dashboard?id=org.onap.dcaegen2.collectors.restconf%3Arestconfcollector - 64% Goal: 55% for Incubation project in the current release | Guidance on Code Coverage and Static Code Analysis Tools: Sonar | |||||||||||
Is there any binaries (jar, war, tar, gz, gzip, zip files) in Gerrit project repository? | No | Refer to CI Development Best Practices | ||||||||||||
Is there any pending commit request older than 36 hours in Gerrit? | No | https://gerrit.onap.org/r/#/q/status:open+label:verified+-is:draft+-label:Code-Review%253D-1+AND+-label:Code-Review%253D-2+AND+is:mergeable+age:5days++dcaegen2 | Gerrit Query: status:open label:verified -is:draft -label:Code-Review=-1 AND -label:Code-Review=-2 AND is:mergeable age:1week | |||||||||||
Are all the Jenkins jobs successfully passed (verify + merge jobs)? | NoYes | https://jenkins.onap.org/view/dcaegen2/ [ONAP Helpdesk #60449] - dcaegen2-analytics-pnda-master-merge-java (being worked as POC - not critical for Dublin)
| ||||||||||||
Have all OOM Staging Healtcheck related to your project passed? | Yes | As for 04/09 - 11/12 DCAE components passed healthcheck; the failed component - "dev-dcaegen2-dcae-servicechange-handler" was due to SDC dependency not available. | ||||||||||||
Are all snapshot binaries available in Nexus-staging? | Yes | https://nexus.onap.org/content/repositories/snapshots/org/onap/dcaegen2/1.2.1-SNAPSHOT/ https://nexus.onap.org/content/repositories/snapshots/org/onap/dcaegen2/services/prh/1.2.1-SNAPSHOT/ https://nexus.onap.org/content/repositories/snapshots/org/onap/dcaegen2/services/sdk/ Provide link to evidence | ||||||||||||
Do you have a clear plan to implement the Independent Versioning and Release Process by RC0? | Yes | Contact the upstream teams to make sure they will release their artifacts (in Nexus Release repo) so you can build by depending on these released artifacts by RC0. | ||||||||||||
Integration and Testing | Have 100% of Continuous System Integration Testing (CSIT) Use Cases been implemented successfully in Jenkins? It should include at least 1 CSIT that will be run on Lab-xxx-OOM-Daily Jenkins Job | Yes | All the other DCAE CSIT (below) are passing dcaegen2-services-bbs-event-processor-master-csit-bbs-testsuites dcaegen2-master-csit-testsuites (VES) dcaegen2-master-csit-prh-testsuites dcaegen2-collectors-hv-ves-master-csit-testsuites dcaegen2-collectors-datafile-master-csit-Functional-suite dcaegen2-pmmapper-master-csit-pmmapper HV-VES and PRH added for testsuite repo | |||||||||||
Is there a Docker images available for your project deliverable? | Yes | onap/org.onap.dcaegen2.analytics.tca-gen2.dcae-analytics-tca-web:3.0.0-SNAPSHOT | ||||||||||||
Has the project passed the Integration Sanity Tests? | TBC | To be verified with Integration Team | Integration sanity tests in Dublin Release cover:
No test failure reported on http://onapci.org/grafana/d/8cGRqBOmz/daily-summary?orgId=1 No Integration Blocking Issue with no workaround: Dublin Release Integration Test Blocking Issues | |||||||||||
Has the project code successfully passed the Daily Build process? | Yes | Except following jobs which is being worked with LFRELENG https://jenkins.onap.org/view/dcaegen2/ [ONAP Helpdesk #60449] - dcaegen2-analytics-pnda-master-merge-java [ONAP Helpdesk #70686] - dcaegen2-platform-cli-master-verify-java , dcaegen2-platform-cli-master-release-version-java-daily | Goal is to ensure the latest project commit has not broken the Integration Daily Build | |||||||||||
Doc | Has the team created a docs folder and Development and Release Notes documentation templates in Readthedocs? | Yes | Add a link to your project documentation in ReadTheDocs. http://onap.readthedocs.io/en/latest/submodules/dcaegen2.git/docs/index.html | Documentation Team is using Readthedocs for documenting user facing documentation. ReadTheDcos shall be considered as a starting point for someone new within ONAP. The ReadTheDocs is the ONAP Documentation facade visible to users. | ||||||||||
Does the project team has a plan to close all the remaining JIRA Documentation Tickets by RC1, considering that the expectations are to close any JIRA Documentation Tickets - "Bugs" by solving any Documentation by RC0? | Yes | Jira Query project != "Sandbox Project" AND project != "ONAP TSC" AND project != CI-Management AND (labels=Documentation OR project=Documentation) AND status != Closed ORDER BY fixVersion ASC, status DESC, priority DESC, updated DESC Jira Query (Bugs Only) project != "Sandbox Project" AND project != "ONAP TSC" AND project != CI-Management AND (labels = Documentation OR project = Documentation) AND issuetype= Bug AND fixversion = "Dublin Release" AND status != Closed ORDER BY issuetype DESC, fixVersion ASC, status DESC, priority DESC, updated DESC | ||||||||||||
Does the project team has a plan to complete all the Release documents by RC1? | Yes | |||||||||||||
Is the API documentation section populated? | Yes | Link to evidence http://onap.readthedocs.io/en/latest/submodules/dcaegen2.git/docs/sections/offeredapis.html | Ensure there is at least a direct link toward the API documentation which may be already existing in the wiki. |
...