QG 4 checks (Release 24.05)
Closed this issue · 2 comments
almadigabor commented
Quality Gate Checklist
Please keep this issue open until QG is concluded and will be managed by the Issue Creator!
We will inform you about finding and proposals in separated issues, this issue here is for the Overview of the Checks!
Please keep this issue open until QG is concluded!
Product Owner: @mkanal
Dev SPOC: @ds-jhartmann
Helm Chart Version: HELM Charts 7.1.3
App Version: 5.1.3
Release Managemnet Reference Issue:
Check of Tractus-X Release Guidelines
- Currently implemented automatic checks can be found under your product on our Release Guidelines Checks Board
- This QG Check is depending on the mandatory information from our current Release Guidelines
TRG 1 Documentation
- TRG 1.01 appropriate
README.md
- TRG 1.02 appropriate install instructions either
INSTALL.md
or inREADME.md
- TRG 1.03 appropriate
CHANGELOG.md
- #618
TRG 2 Git
- TRG 2.01 default branch is named
main
- TRG 2.03 repository structure
- TRG 2.04 leading product repository
- TRG 2.05
.tractusx
metafile in a proper format
TRG 3 Kubernetes
- TRG 3.02 persistent volume and persistent volume claim is used when needed
TRG 4 Container
- TRG 4.01 semantic versioning and tagging
- TRG 4.02 base image is agreed
- TRG 4.03 image has
USER
command and Non Root Container - TRG 4.05 released image must be placed in
DockerHub
, removeGHCR
references - TRG 4.06 separate notice file for
DockerHub
has all necessary information
TRG 5 Helm
- #619
- TRG 5.02 Helm chart location in
/charts
directory and correct structure - TRG 5.03 proper version strategy
- TRG 5.04 CPU / MEM resource requests and limits and are properly set
- TRG 5.06 Application must be configurable through the Helm chart
- TRG 5.07 Dependencies are present and properly configured in the Chart.yaml
- TRG 5.08 Product has a single deployable helm chart that contains all components
- TRG 5.09 Helm Test running properly
- TRG 5.10 Products need to support 3 versions at a time
- TRG 5.11 Upgradeability
TRG 6 Released Helm Chart
- TRG 6.01 Released Helm Chart
TRG 7 Open Source Governance
- TRG 7.01 Legal Documentation
- TRG 7.02 License and copyright header
- TRG 7.03 IP checks for project content
- TRG 7.04 IP checks for 3rd party content
- TRG 7.05 Legal information for distributions
- TRG 7.06 Legal information for end user content
- TRG 7.07 Legal notice for documentation
- TRG 7.08 Legal notice for KIT documentation
TRG 8 Security
- #620
- TRG 8.02 Mitigate high and above findings in KICS
- TRG 8.03 Mitigate high and above findings in GitGuardian
- TRG 8.04 Mitigate high and above findings in Trivy
Hints
Information Sharing
ds-ext-kmassalski commented
5.01 fixed with:
#635
ds-mwesener commented
Thank you for adressing the issues. As all issues have been fixxed I can approve.