QG checks (Release 24.05)

[tomaszbarwicki]

Quality Gate Checklist

Please keep this issue open until QG is concluded and will be managed by the Issue Creator!
We will inform you about finding and proposals in separated issues, this issue here is for the Overview of the Checks!

Please keep this issue open until QG is concluded!

Product Owner: Ciprian Herciu
Dev SPOC: Aditya Kumar
Helm Chart Version: 1.5.9
App Version: 1.5.6

Release Managemnet Reference Issue:

Check of Tractus-X Release Guidelines

• Currently implemented automatic checks can be found under your product on our Release Guidelines Checks Board
• This QG Check is depending on the mandatory information from our current Release Guidelines

TRG 1 Documentation

• TRG 1.01 appropriate README.md
• TRG 1.02 appropriate install instructions either INSTALL.md or in README.md
• TRG 1.03 appropriate CHANGELOG.md
• TRG 1.04 editable static files

TRG 2 Git

• TRG 2.01 default branch is named main
• TRG 2.03 repository structure
• TRG 2.04 leading product repository
• TRG 2.05 .tractusx metafile in a proper format

TRG 3 Kubernetes

• TRG 3.02 persistent volume and persistent volume claim is used when needed

TRG 4 Container

• TRG 4.01 semantic versioning and tagging
• TRG 4.02 base image is agreed
• TRG 4.03 image has USER command and Non Root Container
• TRG 4.05 released image must be placed in DockerHub, remove GHCR references
• TRG 4.06 separate notice file for DockerHub has all necessary information

TRG 5 Helm

• TRG 5.01 Helm chart requirements
• TRG 5.02 Helm chart location in /charts directory and correct structure
• TRG 5.03 proper version strategy
• TRG 5.04 CPU / MEM resource requests and limits and are properly set
• TRG 5.06 Application must be configurable through the Helm chart
• TRG 5.07 Dependencies are present and properly configured in the Chart.yaml
• TRG 5.08 Product has a single deployable helm chart that contains all components
• TRG 5.09 Helm Test running properly
• TRG 5.10 Products need to support 3 versions at a time
• TRG 5.11 Upgradeability

TRG 6 Released Helm Chart

• TRG 6.01 Released Helm Chart

TRG 7 Open Source Governance

• TRG 7.01 Legal Documentation
• TRG 7.02 License and copyright header
• TRG 7.03 IP checks for project content
• TRG 7.04 IP checks for 3rd party content
• TRG 7.05 Legal information for distributions
• TRG 7.06 Legal information for end user content
• TRG 7.07 Legal notice for documentation
• TRG 7.08 Legal notice for KIT documentation

TRG 8 Security

• TRG 8.01 Mitigate high and above findings in CodeQL
• TRG 8.02 Mitigate high and above findings in KICS
• TRG 8.03 Mitigate high and above findings in GitGuardian
• TRG 8.04 Mitigate high and above findings in Trivy

Hints

Information Sharing

[tomaszbarwicki]

Hi @ciprianherciu,

Can you please provide following information?

Product Owner:
Dev SPOC:
Helm Chart Version:
App Version:

[adkumar1]

Product Owner: Ciprian Herciu
Dev SPOC: Aditya Kumar
Helm Chart Version: 1.5.7
App Version: 1.5.4

[tomaszbarwicki]

Hi @adkumar1, I was unable to find legal information in the app artifact, can you please take a look into created issue and advise?

Could you also explain how do you implement https://eclipse-tractusx.github.io/docs/release/trg-7/trg-7-06 or it's not applicable?

[adkumar1]

Hi @tomaszbarwicki : This has been taken care with PR #151

[almadigabor]

I checked the last remaining issue and trusting @tomaszbarwicki did all the other checks I approve the TRG QG checks with the following versions:

Helm Chart Version: 1.5.9
App Version: 1.5.6