Move to Central Feed Service (CFS) (#9146)

smitpatel · web-flow · commit cc88cef522fd · 2023-07-07T14:37:35.000-07:00
diff --git a/.sscignore b/.sscignore
diff --git a/eng/pipelines/official.yml b/eng/pipelines/official.yml
@@ -89,13 +89,6 @@ variables:
   # Opt out of automatically injecting Codesign Validation into the pipeline. We run Codesign Validation as part of the Compliance pipeline.
   # See: https://aka.ms/gdn-injection
   runCodesignValidationInjection: false
-  # Suspend enforcement of NuGet Single Feed Policy. See:
-  # - https://aka.ms/nugetmultifeed
-  # - https://docs.opensource.microsoft.com/tools/nuget_security_analysis/nuget_security_analysis/
-  # - https://docs.opensource.microsoft.com/tools/cg/how-to/nuget-multifeed-configuration/
-  # - https://onebranch.visualstudio.com/OneBranch/_wiki/wikis/OneBranch.wiki/5205/TSG-Build-Broken-Due-to-Using-Multiple-Feeds?anchor=setting-nugetsecurityanalysiswarninglevel-in-cdp
-  NugetSecurityAnalysisWarningLevel: none
-  NugetMultiFeedWarnLevel: none
   # Allows CodeQL to run on our Build job.
   # https://eng.ms/docs/cloud-ai-platform/devdiv/one-engineering-system-1es/1es-docs/codeql/configuring-codeql3000-ado-pipelines
   Codeql.Enabled: true
diff --git a/eng/pipelines/pull-request.yml b/eng/pipelines/pull-request.yml
@@ -43,12 +43,6 @@ variables:
   # Opt out of automatically injecting Codesign Validation into the pipeline.
   # See: https://aka.ms/gdn-injection
   runCodesignValidationInjection: false
-  # Suspend enforcement of NuGet Single Feed Policy. See:
-  # - https://aka.ms/nugetmultifeed
-  # - https://docs.opensource.microsoft.com/tools/nuget_security_analysis/nuget_security_analysis/
-  # - https://docs.opensource.microsoft.com/tools/cg/how-to/nuget-multifeed-configuration/
-  # - https://onebranch.visualstudio.com/OneBranch/_wiki/wikis/OneBranch.wiki/5205/TSG-Build-Broken-Due-to-Using-Multiple-Feeds?anchor=setting-nugetsecurityanalysiswarninglevel-in-cdp
-  NugetSecurityAnalysisWarningLevel: none
 
 ###################################################################################################################################################################
 # STAGES
diff --git a/nuget.config b/nuget.config
@@ -1,44 +1,8 @@
 <!-- Licensed to the .NET Foundation under one or more agreements. The .NET Foundation licenses this file to you under the MIT license. See the LICENSE file in the project root for more information. -->
 
-<!-- Reference documentation: https://docs.microsoft.com/en-us/nuget/reference/nuget-config-file -->
-<!-- TODO: Migrate to Central Feed Services (CFS) when public feeds with upstream sources are available. -->
-<!-- For details: https://eng.ms/docs/cloud-ai-platform/developer-services/one-engineering-system-1es/1es-docs/secure-supply-chain/project-artemis/central-feed-services-cfs -->
 <configuration>
   <packageSources>
     <clear />
-    <!-- CPS components including: Microsoft.VisualStudio.ProjectSystem -->
-    <add key="vs-impl" value="https://pkgs.dev.azure.com/azure-public/vside/_packaging/vs-impl/nuget/v3/index.json" />
-    <add key="vs-impl-archived" value="https://pkgs.dev.azure.com/azure-public/vside/_packaging/vs-impl-archived/nuget/v3/index.json" />
-    <!-- Microsoft.VisualStudio components -->
-    <add key="vssdk" value="https://pkgs.dev.azure.com/azure-public/vside/_packaging/vssdk/nuget/v3/index.json" />
-    <add key="vssdk-archived" value="https://pkgs.dev.azure.com/azure-public/vside/_packaging/vssdk-archived/nuget/v3/index.json" />
-    <!--
-      Various packages including:
-        Microsoft.DiaSymReader.Pdb2Pdb
-        Microsoft.CodeAnalysis
-        Microsoft.CodeAnalysis.Features
-        NuGet.VisualStudio
-    -->
-    <add key="dotnet-tools" value="https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-tools/nuget/v3/index.json" />
-    <!--
-      Various packages including:
-        xunit
-        xunit.assert
-        xunit.extensibility.core
-        xunit.extensibility.execution
-        XliffTasks
-        Microsoft.VisualStudioEng.MicroBuild.Plugins.SwixBuild
-    -->
-    <add key="dotnet-eng" value="https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-eng/nuget/v3/index.json" />
-    <!--
-      Public components including:
-        Nerdbank.GitVersioning
-        Codecov
-    -->
-    <add key="nuget" value="https://api.nuget.org/v3/index.json" />
+    <add key="dotnet-project-system-public-packages" value="https://pkgs.dev.azure.com/azure-public/vside/_packaging/dotnet-project-system-public-packages/nuget/v3/index.json" />
   </packageSources>
-  <!-- Clear the machine-defined disabled package sources, which may include one of our package sources defined above. -->
-  <disabledPackageSources>
-    <clear />
-  </disabledPackageSources>
 </configuration>
