Missing root `NuGet.config` for some SB-infra projects

[premun]

Context

The CG scan of the VMR showed that since the VMR is missing a root NuGet.config, some of the projects from the SourceBuild infra don't have a matching one. Each project needs to have one so that some other global one is not used.

CFS0011 alert info: https://eng.ms/docs/cloud-ai-platform/devdiv/one-engineering-system-1es/1es-docs/secure-supply-chain/project-artemis/central-feed-services-cfs#3-cfs0011---c-projects-are-missing-feed-configuration

Offending files

• eng/bootstrap/buildBootstrapPreviouslySB.csproj
• test/Microsoft.DotNet.SourceBuild.SmokeTests/Microsoft.DotNet.SourceBuild.SmokeTests.csproj
• tools-local/tasks/Microsoft.DotNet.SourceBuild.Tasks.XPlat/Microsoft.DotNet.SourceBuild.Tasks.XPlat.csproj
• tools-local/tasks/SourceBuild.MSBuildSdkResolver/SourceBuild.MSBuildSdkResolver.csproj

Solution

I believe we should add a NuGet.config to VMR's root or next to these files. I am not sure what feeds this needs to configure though.

[MichaelSimons]

[Triage] Some of these projects (e.g. buildBootstrapPreviouslySB.csproj) build online and would require Microsoft feeds others would be satisfied by an empty NuGet.config at the root of the repo. It is very important that the root NuGet.config be empty to prevent pulling in external packages.

[premun]

@MichaelSimons fyi I had to add the dotnet-public feed to restore these for smoke tests:

• Microsoft.NET.Test.Sdk
• xunit
• xunit.runner.visualstudio

I think they might have been getting restored from nuget.org until now.

https://dev.azure.com/dnceng-public/public/_build/results?buildId=271909&view=logs&j=941f2e24-48a0-594a-6b1a-0e16aaeb8606&t=bff1be7c-b019-50b4-ca3b-6c316f1f727b&l=49