Move to Central Feed Service (CFS)

dotnet · Jul 7, 2023 · d470256 · d470256
1 parent cc57955
commit d470256
Show file tree

Hide file tree

Showing 4 changed files with 1 addition and 51 deletions.
diff --git a/.sscignore b/.sscignore
diff --git a/eng/pipelines/official.yml b/eng/pipelines/official.yml
@@ -89,13 +89,6 @@ variables:
   # Opt out of automatically injecting Codesign Validation into the pipeline. We run Codesign Validation as part of the Compliance pipeline.
   # See: https://aka.ms/gdn-injection
   runCodesignValidationInjection: false
-  # Suspend enforcement of NuGet Single Feed Policy. See:
-  # - https://aka.ms/nugetmultifeed
-  # - https://docs.opensource.microsoft.com/tools/nuget_security_analysis/nuget_security_analysis/
-  # - https://docs.opensource.microsoft.com/tools/cg/how-to/nuget-multifeed-configuration/
-  # - https://onebranch.visualstudio.com/OneBranch/_wiki/wikis/OneBranch.wiki/5205/TSG-Build-Broken-Due-to-Using-Multiple-Feeds?anchor=setting-nugetsecurityanalysiswarninglevel-in-cdp
-  NugetSecurityAnalysisWarningLevel: none
-  NugetMultiFeedWarnLevel: none
   # Allows CodeQL to run on our Build job.
   # https://eng.ms/docs/cloud-ai-platform/devdiv/one-engineering-system-1es/1es-docs/codeql/configuring-codeql3000-ado-pipelines
   Codeql.Enabled: true

diff --git a/eng/pipelines/pull-request.yml b/eng/pipelines/pull-request.yml
@@ -43,12 +43,6 @@ variables:
   # Opt out of automatically injecting Codesign Validation into the pipeline.
   # See: https://aka.ms/gdn-injection
   runCodesignValidationInjection: false
-  # Suspend enforcement of NuGet Single Feed Policy. See:
-  # - https://aka.ms/nugetmultifeed
-  # - https://docs.opensource.microsoft.com/tools/nuget_security_analysis/nuget_security_analysis/
-  # - https://docs.opensource.microsoft.com/tools/cg/how-to/nuget-multifeed-configuration/
-  # - https://onebranch.visualstudio.com/OneBranch/_wiki/wikis/OneBranch.wiki/5205/TSG-Build-Broken-Due-to-Using-Multiple-Feeds?anchor=setting-nugetsecurityanalysiswarninglevel-in-cdp
-  NugetSecurityAnalysisWarningLevel: none
 
 ###################################################################################################################################################################
 # STAGES

diff --git a/nuget.config b/nuget.config
@@ -1,44 +1,8 @@
 <!-- Licensed to the .NET Foundation under one or more agreements. The .NET Foundation licenses this file to you under the MIT license. See the LICENSE file in the project root for more information. -->
 
-<!-- Reference documentation: https://docs.microsoft.com/en-us/nuget/reference/nuget-config-file -->
-<!-- TODO: Migrate to Central Feed Services (CFS) when public feeds with upstream sources are available. -->
-<!-- For details: https://eng.ms/docs/cloud-ai-platform/developer-services/one-engineering-system-1es/1es-docs/secure-supply-chain/project-artemis/central-feed-services-cfs -->
 <configuration>
   <packageSources>
     <clear />
-    <!-- CPS components including: Microsoft.VisualStudio.ProjectSystem -->
-    <add key="vs-impl" value="https://pkgs.dev.azure.com/azure-public/vside/_packaging/vs-impl/nuget/v3/index.json" />
-    <add key="vs-impl-archived" value="https://pkgs.dev.azure.com/azure-public/vside/_packaging/vs-impl-archived/nuget/v3/index.json" />
-    <!-- Microsoft.VisualStudio components -->
-    <add key="vssdk" value="https://pkgs.dev.azure.com/azure-public/vside/_packaging/vssdk/nuget/v3/index.json" />
-    <add key="vssdk-archived" value="https://pkgs.dev.azure.com/azure-public/vside/_packaging/vssdk-archived/nuget/v3/index.json" />
-    <!--
-      Various packages including:
-        Microsoft.DiaSymReader.Pdb2Pdb
-        Microsoft.CodeAnalysis
-        Microsoft.CodeAnalysis.Features
-        NuGet.VisualStudio
-    -->
-    <add key="dotnet-tools" value="https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-tools/nuget/v3/index.json" />
-    <!--
-      Various packages including:
-        xunit
-        xunit.assert
-        xunit.extensibility.core
-        xunit.extensibility.execution
-        XliffTasks
-        Microsoft.VisualStudioEng.MicroBuild.Plugins.SwixBuild
-    -->
-    <add key="dotnet-eng" value="https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-eng/nuget/v3/index.json" />
-    <!--
-      Public components including:
-        Nerdbank.GitVersioning
-        Codecov
-    -->
-    <add key="nuget" value="https://api.nuget.org/v3/index.json" />
+    <add key="dotnet-project-system-public-packages" value="https://pkgs.dev.azure.com/azure-public/vside/_packaging/dotnet-project-system-public-packages/nuget/v3/index.json" />
   </packageSources>
-  <!-- Clear the machine-defined disabled package sources, which may include one of our package sources defined above. -->
-  <disabledPackageSources>
-    <clear />
-  </disabledPackageSources>
 </configuration>