Merge pull request #232539 from shanhix1/shannon/remove-deprecated-github-action

Remove deprecated GitHub export / Github action references

Author: v-regandowner

.openpublishing.redirection.azure-resource-manager.json

@@ -1919,6 +1919,11 @@
           "source_path_from_root": "/articles/azure-resource-manager/managed-applications/scripts/managed-application-powershell-sample-get-managed-group-resize-vm.md",
           "redirect_url": "/azure/azure-resource-manager/managed-applications/overview",
           "redirect_document_id": false
-        }
+        },
+        {
+            "source_path_from_root": "/articles/governance/policy/tutorials/policy-as-code-github.md",
+            "redirect_url": "/azure/governance/policy/concepts/policy-as-code",
+            "redirect_document_id": false
+          }
     ]
 }

articles/governance/policy/concepts/definition-structure.md

@@ -137,7 +137,7 @@ see [Tag support for Azure resources](../../../azure-resource-manager/management
 The following Resource Provider modes are fully supported:
 
 - `Microsoft.Kubernetes.Data` for managing Kubernetes clusters and components such as pods, containers, and ingresses. Supported for Azure Kubernetes Service clusters and [Azure Arc-enabled Kubernetes clusters](../../../aks/intro-kubernetes.md). Definitions
-  using this Resource Provider mode use effects _audit_, _deny_, and _disabled_.
+  using this Resource Provider mode use effects _audit_, _deny_, and _disabled_. 
 - `Microsoft.KeyVault.Data` for managing vaults and certificates in
   [Azure Key Vault](../../../key-vault/general/overview.md). For more information on these policy
   definitions, see
@@ -1174,7 +1174,7 @@ Limits to the size of objects that are processed by policy functions during poli
 }
 ```
 
-The length of the string created by the `concat()` function depends of the value of properties in the evaluated resource.
+The length of the string created by the `concat()` function depends on the value of properties in the evaluated resource.
 
 | Limit | Value | Example |
 |:---|:---|:---|

articles/governance/policy/concepts/policy-as-code.md

@@ -18,28 +18,30 @@ in the cloud are:
   end users.
 
 Azure Policy as Code is the combination of these ideas. Essentially, keep your policy definitions in
-source control and whenever a change is made, test, and validate that change. However, that
+source control and whenever a change is made, test and validate that change. However, that
 shouldn't be the extent of policies involvement with Infrastructure as Code or DevOps.
 
 The validation step should also be a component of other continuous integration or continuous
-deployment workflows. Examples include deploying an application environment or virtual
-infrastructure. By making Azure Policy validation an early component of the build and deployment
-process the application and operations teams discover if their changes are non-compliant, long
+deployment (CI/CD) workflows, like deploying an application environment or virtual infrastructure. By making Azure Policy validation an early component of the build and deployment process, the application and operations teams discover if their changes are behaving as expected long
 before it's too late and they're attempting to deploy in production.
 
 ## Definitions and foundational information
 
-Before getting into the details of Azure Policy as Code workflow, review the following definitions
-and examples:
+Before getting into the details of Azure Policy as Code workflow, it's important to understand how to author policy definitions and initiative definitions:
 
 - [Policy definition](./definition-structure.md)
 - [Initiative definition](./initiative-definition-structure.md)
 
-The file names align to portions of either the policy or initiative definition:
-- `policy(set).json` - The entire definition
-- `policy(set).parameters.json` - The `properties.parameters` portion of the definition
-- `policy.rules.json` - The `properties.policyRule` portion of the definition
-- `policyset.definitions.json` - The `properties.policyDefinitions` portion of the definition
+The file names correspond with certain portions of policy or initiative definitions:
+
+| File format                   | File contents                       |
+| :--                           | :--                                 |
+| `policy.json`                 | The entire policy definition        |
+| `policyset.json`              | The entire initiative definition    |
+| `policy.parameters.json`      | The `properties.parameters` portion of the policy definition               |
+| `policyset.parameters.json`   | The `properties.parameters` portion of the initiative definition           |
+| `policy.rules.json`           | The `properties.policyRule` portion of the policy definition               |
+| `policyset.definitions.json`  | The `properties.policyDefinitions` portion of the initiative definition    |
 
 Examples of these file formats are available in the
 [Azure Policy GitHub Repo](https://github.com/Azure/azure-policy/):
@@ -55,6 +57,10 @@ The recommended general workflow of Azure Policy as Code looks like this diagram
    The diagram showing the Azure Policy as Code workflow boxes. Create covers creation of the policy and initiative definitions. Test covers assignment with enforcement mode disabled. A gateway check for the compliance status is followed by granting the assignments M S I permissions and remediating resources. Deploy covers updating the assignment with enforcement mode enabled.
 :::image-end:::
 
+### Source control
+
+Existing policy and initiative definitions can be exported through PowerShell, CLI, or [Azure Resource Graph (ARG)](../../resource-graph/overview.md) queries. The source control management environment of choice to store these definitions can be one of many options, including a [GitHub](https://www.github.com) or [Azure DevOps](/azure/devops/user-guide/what-is-azure-devops). 
+
 ### Create and update policy definitions
 
 The policy definitions are created using JSON, and stored in source control. Each policy has its
@@ -81,17 +87,12 @@ in source control.
 |
 ```
 
-When a new policy is added or an existing one updated, the workflow should automatically update the
+When a new policy is added or an existing one is updated, the workflow should automatically update the
 policy definition in Azure. Testing of the new or updated policy definition comes in a later step.
 
-Also, review [Export Azure Policy resources](../how-to/export-resources.md) to get your existing
-definitions and assignments into the source code management environment
-[GitHub](https://www.github.com).
-
 ### Create and update initiative definitions
 
-Likewise, initiatives have their own JSON file and related files that should be stored in the same
-folder. The initiative definition requires the policy definition to already exist, so can't be
+Initiative definitions are also created using JSON files that should be stored in the same folder as policy definitions. The initiative definition requires the policy definition to already exist, so it can't be
 created or updated until the source for the policy has been updated in source control and then
 updated in Azure. The following structure is a recommended way of keeping your initiative
 definitions in source control:
@@ -116,8 +117,8 @@ definitions in source control:
 |
 ```
 
-Like policy definitions, when adding or updating an existing initiative, the workflow should
-automatically update the initiative definition in Azure. Testing of the new or updated initiative
+Like with policy definitions, the workflow should
+automatically update the initiative definition in Azure when an existing initiative is added or updated. Testing of the new or updated initiative
 definition comes in a later step.
 
 > [!NOTE]
@@ -146,22 +147,17 @@ specifically for validating policies.
 > the resource.
 
 After the assignment is deployed, use the Azure Policy SDK, the
-[Azure Policy Compliance Scan GitHub Action](https://github.com/marketplace/actions/azure-policy-compliance-scan),
-or the
-[Azure Pipelines Security and Compliance Assessment task](/azure/devops/pipelines/tasks/deploy/azure-policy)
-to [get compliance data](../how-to/get-compliance-data.md) for the new assignment. The environment
-used to test the policies and assignments should have both compliant and non-compliant resources.
-Like a good unit test for code, you want to test that resources are as expected and that you also
-have no false-positives or false-negatives. If you test and validate only for what you expect, there
+[Azure Pipelines Security and Compliance Assessment task](/azure/devops/pipelines/tasks/deploy/azure-policy), or [Azure Resource Graph (ARG)](../../resource-graph/overview.md) queries (see [samples](../samples/resource-graph-samples.md)) to [get compliance data](../how-to/get-compliance-data.md) for the new assignment. The environment
+used to test the policies and assignments should have resources with varying compliance states.
+Like a good unit test for code, you want to test that resources are evaluated as expected with no false-positives or false-negatives. If you test and validate only for what you expect, there
 may be unexpected and unidentified impact from the policy. For more information, see
 [Evaluate the impact of a new Azure Policy definition](./evaluate-impact.md).
 
 ### Enable remediation tasks
 
 If validation of the assignment meets expectations, the next step is to validate remediation.
 Policies that use either [deployIfNotExists](./effects.md#deployifnotexists) or
-[modify](./effects.md#modify) may be turned into a remediation task and correct resources from a
-non-compliant state.
+[modify](./effects.md#modify) can have an associated remediation task triggered to correct resources from a non-compliant state and bring them into compliance.
 
 The first step to remediating resources is to grant the policy assignment the role assignment
 defined in the policy definition. This role assignment gives the policy assignment managed identity
@@ -206,9 +202,7 @@ workflows, and fail deployments that create non-compliant resources.
 
 This article covers the general workflow for Azure Policy as Code and also where policy evaluation
 should be part of other deployment workflows. This workflow can be used in any environment that
-supports scripted steps and automation based on triggers. For a tutorial on using this workflow on
-GitHub, see
-[Tutorial: Implement Azure Policy as Code with GitHub](../tutorials/policy-as-code-github.md).
+supports scripted steps and automation based on triggers.
 
 ## Next steps
 

articles/governance/policy/how-to/export-resources.md

@@ -13,77 +13,10 @@ ms.author: timwarner
 This article provides information on how to export your existing Azure Policy resources. Exporting
 your resources is useful and recommended for backup, but is also an important step in your journey
 with Cloud Governance and treating your [policy-as-code](../concepts/policy-as-code.md). Azure
-Policy resources can be exported through [Azure portal](#export-with-azure-portal),
+Policy resources can be exported through
 [Azure CLI](#export-with-azure-cli), [Azure PowerShell](#export-with-azure-powershell), and each of
 the supported SDKs.
 
-## Export with Azure portal
-
-> [!NOTE]
-> Exporting Azure Policy resources from the Azure portal isn't available for Azure sovereign clouds.
-
-To export a policy definition from Azure portal, follow these steps:
-
-1. Launch the Azure Policy service in the Azure portal by clicking **All services**, then searching
-   for and selecting **Policy**.
-
-1. Select **Definitions** on the left side of the Azure Policy page.
-
-1. Use the **Export definitions** button or select the ellipsis on the row of a policy definition
-   and then select **Export definition**.
-
-1. Select the **Sign in with GitHub** button. If you haven't yet authenticated with GitHub to
-   authorize Azure Policy to export the resource, review the access the
-   [GitHub Action](https://github.com/features/actions) needs in the new window that opens and
-   select **Authorize AzureGitHubActions** to continue with the export process. Once complete, the
-   new window self-closes.
-
-1. On the **Basics** tab, set the following options, then select the **Policies** tab or **Next :
-   Policies** button at the bottom of the page.
-
-   - **Repository filter**: Set to _My repositories_ to see only repositories you own or _All
-     repositories_ to see all you granted the GitHub Actions access to.
-   - **Repository**: Set to the repository that you want to export the Azure Policy resources to.
-   - **Branch**: Set the branch in the repository. Using a branch other than the default is a good
-     way to validate your updates before merging further into your source code.
-   - **Directory**: The _root level folder_ to export the Azure Policy resources to. Subfolders
-     under this directory are created based on what resources are exported.
-
-1. On the **Policies** tab, set the scope to search by selecting the ellipsis and picking a
-   combination of management groups, subscriptions, or resource groups.
-
-1. Use the **Add policy definition(s)** button to search the scope for which objects to export. In
-   the side window that opens, select each object to export. Filter the selection by the search box
-   or the type. Once you've selected all objects to export, use the **Add** button at the bottom of
-   the page.
-
-1. For each selected object, select the desired export options such as _Only Definition_ or
-   _Definition and Assignment(s)_ for a policy definition. Then select the **Review + Export** tab
-   or **Next : Review + Export** button at the bottom of the page.
-
-   > [!NOTE]
-   > If option _Definition and Assignment(s)_ is chosen, only policy assignments within the scope
-   > set by the filter when the policy definition is added are exported.
-
-1. On the **Review + Export** tab, check the details match and then use the **Export** button at the
-   bottom of the page.
-
-1. Check your GitHub repo, branch, and _root level folder_ to see that the selected resources are
-   now exported to your source control.
-
-The Azure Policy resources are exported into the following structure within the selected GitHub
-repository and _root level folder_:
-
-```text
-|
-|- <root level folder>/  ________________ # Root level folder set by Directory property
-|  |- policies/  ________________________ # Subfolder for policy objects
-|     |- <displayName>_<name>____________ # Subfolder based on policy displayName and name properties
-|        |- policy.json _________________ # Policy definition
-|        |- assign.<displayName>_<name>__ # Each assignment (if selected) based on displayName and name properties
-|
-```
-
 ## Export with Azure CLI
 
 Azure Policy definitions, initiatives, and assignments can each be exported as JSON with

articles/governance/policy/index.yml

@@ -69,8 +69,6 @@ landingContent:
             url: ./how-to/extension-for-vscode.md
           - text: Design Azure Policy as Code workflows
             url: ./concepts/policy-as-code.md
-          - text: Implement Azure Policy as Code with GitHub
-            url: ./tutorials/policy-as-code-github.md
       - linkListType: deploy
         links:
           - text: Index of policy samples

articles/governance/policy/toc.yml

@@ -54,9 +54,6 @@
   - name: Route policy state change events
     displayName: event grid, subject, topic, subscription
     href: ./tutorials/route-state-change-events.md
-  - name: Implement Azure Policy as Code with GitHub
-    displayName: devops, infrastructure as code, iac, release, continuous, delivery, deploy
-    href: ./tutorials/policy-as-code-github.md
   - name: Implement Azure Policy with Azure DevOps
     displayName: devops, pipelines, releases
     href: ./tutorials/policy-devops-pipelines.md