[R24.12] [DTR] [TRGs] QG 4 checks

[agg3fe]

QG checks

Please open and fill in this issue in your product repository to document the compliance with our Tractus-X Release Guideline (TRGs)

Show compliance with TRGs by referencing to a tagged link in the respective repository where possible, example: TRG 1.01 (see github.com/eclipse-tractusx/example-repo/tree/1.0.0/README.md)

Close this issue once the compliance with the TRGs has been documented

Committer(s):
Helm Chart Version: digital-twin-registry-0.6.1
App Version: 0.6.1

Release Management Reference Issue:

Check of Tractus-X Release Guidelines

• Currently implemented automatic checks can be found under your product on our Release Guidelines Checks Board
• This QG Check is depending on the mandatory information from our current Release Guidelines

TRG 1 Documentation

• TRG 1.01 appropriate README.md
• TRG 1.02 appropriate install instructions either INSTALL.md or in README.md
• TRG 1.03 appropriate CHANGELOG.md
• TRG 1.04 editable static files
• TRG 1.05 architecture docs
• TRG 1.06 administrator guide
• TRG 1.07 user manual
• TRG 1.08 open api docs

TRG 2 Git

• TRG 2.01 default branch is named main
• TRG 2.03 repository structure
• TRG 2.04 leading product repository
• TRG 2.05 .tractusx metafile in a proper format
• TRG 2.06 Dependabot

TRG 3 Kubernetes

• TRG 3.02 persistent volume and persistent volume claim or database dependency (subchart) are in place when needed

TRG 4 Container

• TRG 4.01 semantic versioning and tagging
• TRG 4.02 base image is agreed
• TRG 4.03 image has USER command and Non Root Container
• TRG 4.05 released image must be placed in DockerHub, remove GHCR references
• TRG 4.06 separate notice file for DockerHub has all necessary information
• TRG 4.07 root file system is set to read access by default, but can be overwritten by the user

TRG 5 Helm

• TRG 5.01 Helm chart requirements
• TRG 5.02 Helm chart location in /charts directory and correct structure
• TRG 5.03 proper version strategy
• TRG 5.04 CPU / MEM resource requests and limits and are properly set
• TRG 5.06 Application must be configurable through the Helm chart
• TRG 5.07 Dependencies are present and properly configured in the Chart.yaml
• TRG 5.08 Product has a single deployable helm chart that contains all components
• TRG 5.09 Helm Test running properly
• TRG 5.10 Products need to support 3 versions at a time
• TRG 5.11 Upgradeability

TRG 6 Released Helm Chart

• TRG 6.01 Released Helm Chart

TRG 7 Open Source Governance

• TRG 7.01 Legal Documentation
• TRG 7.02 License and copyright header
• TRG 7.03 IP checks for project content
• TRG 7.04 IP checks for 3rd party content
• TRG 7.05 Legal information for distributions
• TRG 7.06 Legal information for end user content
• TRG 7.07 Legal notice for documentation (non-code)
• TRG 7.08 Legal notice for KIT documentation

TRG 8 Security

• TRG 8.01 Mitigate high and above findings in CodeQL
• TRG 8.02 Mitigate high and above findings in KICS
• TRG 8.04 Mitigate high and above findings in Trivy
• TRG 8.03 No secret findings by GitGuardian or TruffleHog

TRG 9 UX/UI Styleguide

• TRG 9.01 UI consistency/styleguide for UI

Hints

Information Sharing

[tunacicek]

TRG 9 UX/UI Styleguide: DTR is a backend application without UI.