Closed almadigabor closed 1 year ago
Hey @tunacicek! Can you fill the following information in the description? Also can you name a person who I can stay in contact with while doing the QG4 checks?
Product Name: <!-- Note: Please specify the official product name. -->
Product Owner: <!-- Note: Please search for the Product Owner of this product. -->
Dev SPOC: <!-- Note: Please search for the single point of contact of the product developers. -->
Helm Chart Version: <!-- Note: Please note the current Helm Chart Version to check. -->
App Version: <!-- Note: Please note the current App Version to check. -->
Hi @almadigabor , sure. You can stay in contact with @bs-sili while having the QG4 checks.
Basic Information:
Product Name: Semantic Hub
Product Owner: Thomas Henn
Dev SPOC: @tunacicek / Sahil Aggarwal (@agg3fe) / @bs-sili
Helm Chart Version: 0.1.23
App Version: 0.2.10-M1
Hi @almadigabor , please provide us some feedback? Is everything all right or do we have to correct something? Many thanks in advance!
Hi @almadigabor , as far as I can see there are no further issues opened regarding to the TRG checks. So I assume after adjusting the resource management and the Helm Test with the open PRs, we can build here an image.
Hey @bs-sili! I'm not yet ready with all the checks, expect them by tomorrow morning.
Hey @bs-sili! I've created a few issues, you can find them here: https://github.com/eclipse-tractusx/sldt-semantic-hub/issues
Hey @almadigabor ,
many thanks! We'll have a lock on that.
Hi @tunacicek @agg3fe @bs-sili!
Can you maybe tell me about this image referenced in the values.yaml?
Is this a hard requirement of the app? Does it not work without it? I need to clarify this, as in Eclipse you cannot have private images as dependencies for your product. FYI @AngelikaWittek
Hi @almadigabor,
we updated the installation guide in respect to the fuseki topic and also merged it: https://github.com/eclipse-tractusx/sldt-semantic-hub/pull/173
QG4 approved from my side.
Hi @almadigabor , the newest version which includes all the fixes is: helm: 0.1.29 appVersion: 0.2.11-M1
QG checks
Please keep this issue open until QG 4 is concluded and will be managed by the Issue Creator! We will inform you about finding and proposals in separated issues, this issue here is for the Overview of the Checks!
Please keep this issue open until QG 4 is concluded!
Product Name: Semantic Hub Product Owner: Thomas Henn Dev SPOC: @tunacicek / Sahil Aggarwal (@agg3fe) / @bs-sili Helm Chart Version:
0.1.29
App Version:0.2.11-M1
QG5 Approval: yes/noCheck of Tractus-X Release Guidelines
This QG 4 Check is depending on the mandatory information from our current Release Guidelines.
TRG 1 Documentation
[x] TRG 1.01 appropriate
README.md
[x] TRG 1.02 appropriate
INSTALL.md
[x] TRG 1.03 appropriate
CHANGELOG.md
TRG 2 Git
[x] TRG 2.01 default branch is named
main
[x] TRG 2.03 repository structure
Checks within TRG 2.03
- [x] TRG 2.03 `/docs` directory contains detailed product related documentation for the Tractus-X product - [x] TRG 2.03 `/charts` directory contains the Helm chart for the Tractus-X product IF available - [x] TRG 2.03 `AUTHORS.md` file (optional) (TRG 2.03) - [x] TRG 2.03 `CODE_OF_CONDUCT.md` file (TRG 2.03) - [x] TRG 2.03 `CONTRIBUTING.md` file (TRG 2.03) - [x] #163 - [x] TRG 2.03 `LICENSE` file (TRG 2.03) - [x] TRG 2.03 `NOTICE.md` file (TRG 2.03) - [x] TRG 2.03 `SECURITY.md` file (TRG 2.03)[x] TRG 2.04 Leading product repository
Checks within TRG 2.04
- [x] TRG 2.04 repository name must be _productname_ without prefix or suffix - [x] TRG 2.04 should contain the release - [x] TRG 2.04 references/urls to the product's other repositories - [x] TRG 2.04 might contain product helm chart(s) - [x] TRG 2.04 README.md: contains the urls for the underlying applications[x] TRG 2.05
.tractusx
metafile in a proper formatTRG 3 Kubernetes
[x] TRG 3.02 PersistentVolume and PersistentVolumeClaim is used when needed
TRG 4 Container
[x] TRG 4.01 semantic versioning and tagging
[x] TRG 4.02 top level
README.md
file, that contains information about the used base image[x] TRG 4.03 Image has
USER
command and Non Root ContainerChecks within TRG 4.03
- [x] TRG 4.03 `deployment.yaml` has `runAsUser` and `allowPrivilegeEscalation: false` properly set[x] TRG 4.05 released image must be place
DockerHub
as mandatory container registry; removeGHCR
references[x] TRG 4.06 Notice File for
DockerHub
has all necessary informationChecks within TRG 4.06
- [x] TRG 4.06 Link to the source of your base image (Container registry and GitHub if available) - [x] TRG 4.06 Link to your product image on `DockerHub` https://github.com/eclipse-tractusx/sldt-semantic-hub/issues/164 - [x] TRG 4.06 Link to your repository on `GitHub` - [x] TRG 4.06 Direct link to the Dockerfile used to build your image - [x] TRG 4.06 Link to LICENCE file in your repo as `Project License` (make clear, that this is the PROJECT licence, not an image licenseTRG 5 Helm
[x] TRG 5.01 Helm chart must be released
Checks within TRG 5.01
- [x] TRG 5.01 appropriate semantic versioning for `version` and `appVersion` has to be used in `Chart.yaml` - [x] TRG 5.01 must not contain any environment specific `values-xyz.yaml` - [x] TRG 5.01 `values.yaml` file must contain proper default values/placeholders - [x] TRG 5.01 No hostname provided for ingress - [x] TRG 5.01 Ingress is disabled - [x] TRG 5.01 No references to any secret engine service (e.g.: Hashicorp Vault) - [x] TRG 5.01 Dependencies should be prefixed with the nameOverride and/or fullnameOverride properties - [x] TRG 5.01 Image tag is set to the `Chart.yaml` `appVersion` property - [x] TRG 5.01 must be deployable to any environment without overwriting default values with a simple helm install command - [x] TRG 5.01 dependencies have to be declared in Chart.yaml NOT requirements.yml[x] TRG 5.02 Helm chart location in
/charts
directory and correct structureChecks within TRG 5.02
- [x] TRG 5.02 each file must contain the [Apache 2.0 Licence](https://github.com/catenax-ng/foss-example/blob/main/general/LICENSE) - [x] TRG 5.02 latest tag is not used in helm chart be default ``` markdown charts/ chartNameA/ Chart.yaml ... chartNameB/ Chart.yaml ... AUTHORS.md DEPENDENCIES.md LICENCE README.md ```[x] TRG 5.04 CPU and memory limits and requests are properly set
[x] TRG 5.06 application must be configurable through the Helm chart
[x] TRG 5.07 dependencies are present in the
Chart.yaml
they are properly configured[x] TRG 5.08 a product has a single deployable helm chart that contains all components
Checks within TRG 5.08
- [x] TRG 5.08 name of the Chart should be just the product-name without prefix or suffix - [x] TRG 5.08 values file should contain all available variables (even from subcharts) with default values and comments about what they do - [x] TRG 5.08 helm install command should successfully install the chart to any supported Kubernetes version cluster (without overwriting default values) - [x] TRG 5.08 helm test runs without errors[x] TRG 5.09 Helm Test running properly
Checks within TRG 5.09
- [x] TRG 5.09 A GitHub action exist which builds or uses the helm chart which gets released - [x] TRG 5.09 The GitHub action can be triggered manually through Github WebUI manually running a workflow - [x] TRG 5.09 Helm test verifies that the application is up and running[x] TRG 5.10 Products need to support 3 versions at a time
Checks within TRG 5.10
- [x] TRG 5.10 latest (K8s version 1.25) - [x] TRG 5.10 latest - 1 (K8s version 1.24) - [x] TRG 5.10 latest - 2 (K8s version 1.23)[x] TRG 5.11 Upgradeability PRERELEASE https://github.com/eclipse-tractusx/sldt-semantic-hub/issues/165
Checks within TRG 5.11
- [x] TRG 5.11 Based on the Helm test workflow, you must provide a GitHub action which takes the latest released helm chart, does an installation of it and then execute the upgrade to the current / new version.TRG 6 Released Helm Chart
TRG 7 Open Source Governance
[x] TRG 7.04 IP checks for 3rd party content
Checks within TRG 7.04
- [x] TRG 7.04 DEPENDENCIES file is up-to-date and reflects the current use of the 3rd party content https://github.com/eclipse-tractusx/sldt-semantic-hub/issues/163 - [x] TRG 7.04 all libraries listed there should have the status "approved" - [x] TRG 7.04 no libraries with status "rejected" - [x] TRG 7.04 for libraries with status "restricted", the according IP issues must be present (issue number in the source column)Hints
Information Sharing