The checklist list the fulfillment concerning each TRG point and in which frequency the check needs to be renewed
- TRG 1.01 appropriate
README.md- Fulfilled, check frequency, if something substantial is changing
- TRG 1.02 appropriate install instructions
- Fulfilled as part of README.md, check frequency, only if the whole installation process is redesigned
- TRG 1.03 appropriate release notes
- Fulfilled by the release mechanism, check-frequency, every release, the generated release notes must be checked for completeness and correctness
- TRG 1.04 editable static files
- Fulfilled, check frequency, if documentation is changed
- TRG 1.05 architecture docs
- Fulfilled see "docs/architecture", check frequency, none, but architecture documentation should be adopted on major changes
- TRG 1.06 administrator guide
- Fulfilled as part of README.md, check frequency, only if there are substantial changes regarding the administration of the product
- TRG 1.07 user manual
- Fulfilled as part of README.md, check frequency, only if there are substantial changes regarding the usage of the product
- TRG 1.08 open api docs
- Fulfilled by build automation, check frequency, every release, the released open-api version needs to be added to the .tractusx file in the root of the repository
- TRG 1.09 migration information
- Fulfilled in the "docs/migration" folder, check frequency, every release, a new migration guide needs to be added
- TRG 2.01 default branch is named
main- Fulfilled, check frequency, none
- TRG 2.03 repository structure
- Fulfilled, check frequency, none
- TRG 2.04 leading product repository
- Not applicable as the product only has this repository
- TRG 2.05
.tractusxmetafile in a proper format- Fulfilled, check frequency, none
- TRG 3.02 persistent volume and persistent volume
claim or database dependency (subchart) are in place when needed
- Not actually fulfilled, something for the future, not priority
- TRG 4.01 semantic versioning
and tagging
- Fulfilled by release automation, check frequency, none
- TRG 4.02 base image is agreed
- Fulfilled and automatically managed by dependabot, check frequency, none
- TRG 4.03 image has
USERcommand and Non Root Container- Fulfilled, check frequency, none
- TRG 4.05 released image must be placed in
DockerHub, removeGHCRreferences- Fulfilled, check frequency, none
- TRG 4.06 separate notice file for
DockerHubhas all necessary information- Fulfilled, check frequency, none
- TRG 4.07 root file system is set to read access
by default, but can be overwritten by the user
- Not actually fulfilled, something for the future, not priority
- TRG 4.08 multi-platform images
- Not Fulfilled, something for the future, not priority
- TRG 5.01 Helm chart requirements
- Fulfilled, check frequency, none
- TRG 5.02 Helm chart location in
/chartsdirectory and correct structure- Fulfilled, check frequency, none
- TRG 5.03 proper version strategy
- Fulfilled, check frequency, none
- TRG 5.04 CPU / MEM resource requests and limits and
are properly set
- Fulfilled, check frequency, none
- TRG 5.06 Application must be configurable through the
Helm chart
- Fulfilled, check frequency, none
- TRG 5.07 Dependencies are present and properly
configured in the Chart.yaml
- Fulfilled, check frequency, none
- TRG 5.08 Product has a single deployable helm chart
that contains all components
- Fulfilled, check frequency, none
- TRG 5.09 Helm Test running properly
- Fulfilled, by having deployment and upgradability tests, not exactly as proposed in the TRG, future topic, no priority, check frequency, none
- TRG 5.10 Products need to support 3 versions at a time
- Fulfilled, check frequency, every release to update the used versions
- TRG 5.11 Upgradeability
- Fulfilled, part of the automated tests, check frequency, none
- TRG 6.01 Released Helm Chart
- Fulfilled, check frequency, none
- TRG 7.01 Legal Documentation
- Fulfilled, all files exists, check frequency, only when changes are required from the project community
- TRG 7.02 License and copyright header
- Fulfilled, part of pr verification, check frequency, none
- TRG 7.03 IP checks for project content
- Not applicable as trg, only during processing of PRs
- TRG 7.04 IP checks for 3rd party content
- Fulfilled, part of release verification, check frequency, none (for trg)
- TRG 7.05 Legal information for distributions
- Fulfilled by release automation, check frequency, on changes concerning TRG 7.1
- TRG 7.06 Legal information for end user content
- Not applicable
- TRG 7.07 Legal notice for non-code (e.g. KITS, documentation, images, slidesets, issue content)
- Not applicable
- TRG 7.09 Deprecation of Unmaintained Repositories
- Not applicable
- TRG 8.01 Mitigate high and above findings in CodeQL
- Fulfilled, part of pr automation, check frequency, every release
- TRG 8.02 Mitigate high and above findings in KICS
- Fulfilled, part of pr automation, check frequency, every release
- TRG 8.03 No secret findings by GitGuardian or TruffleHog
- Fulfilled, part of pr automation, check frequency, every release
- TRG 8.04 Mitigate high and above findings in Trivy
- Fulfilled, part of pr automation, check frequency, every release
- TRG 8.05 Dependabot
- Fulfilled, part of project automation, check frequency, none
- TRG 9.01 UI consistency/styleguide for UI
- Not applicable, as the product does not have a UI