From 433b9e2c600974e093a9bcef2b7dc00fd0b05374 Mon Sep 17 00:00:00 2001 From: Dipankar Das <65275144+dipankardas011@users.noreply.github.com> Date: Tue, 16 Apr 2024 21:05:30 +0530 Subject: [PATCH 01/20] feat(proposal): initial proposal for trigger and deploy Signed-off-by: Dipankar Das <65275144+dipankardas011@users.noreply.github.com> --- docs/proposals/proposal-trigger-and-deploy.md | 162 ++++++++++++++++++ 1 file changed, 162 insertions(+) create mode 100644 docs/proposals/proposal-trigger-and-deploy.md diff --git a/docs/proposals/proposal-trigger-and-deploy.md b/docs/proposals/proposal-trigger-and-deploy.md new file mode 100644 index 0000000..d3a8c64 --- /dev/null +++ b/docs/proposals/proposal-trigger-and-deploy.md @@ -0,0 +1,162 @@ +# Short, descriptive title + +Deploy - trigger GitHub Action workflow from an upstream release, including the binary + +## Authors + +- @rossf7 +- @dipankardas011 + +## Status + +implementable + + + +## Table of Contents + +- [Short, descriptive title](#short-descriptive-title) + - [Authors](#authors) + - [Status](#status) + - [Table of Contents](#table-of-contents) + - [Summary](#summary) + - [Motivation](#motivation) + - [Goals](#goals) + - [Non-Goals](#non-goals) + - [Linked Docs](#linked-docs) + - [Proposal](#proposal) + - [User Stories (Optional)](#user-stories-optional) + - [Story 1](#story-1) + - [Story 2](#story-2) + - [Notes/Constraints/Caveats (Optional)](#notesconstraintscaveats-optional) + - [Risks and Mitigations](#risks-and-mitigations) + - [Design Details](#design-details) + - [Graduation Criteria (Optional)](#graduation-criteria-optional) + - [Drawbacks (Optional)](#drawbacks-optional) + - [Alternatives](#alternatives) + - [Infrastructure Needed (Optional)](#infrastructure-needed-optional) + + +## Summary + +This proposal focuses on automating the Green Review pipeline for Falco by drafting a proposal, defining a trigger mechanism, involving the Falco team in the implementation, deploying Falco using Flux, and testing the deployment process. The proposal also includes considerations for a phased implementation of the automation pipeline, starting with manual triggering and moving towards automation via a webhook. + + +## Motivation + +To automate the trigger of Falco deployment when upstream aka origin repo creates a event. +we will then deploy the workfload. once done with the + +### Goals + +- Trigger GitHub Action workflow in green-reviews-tooling repo when Falco needs to be tested +- Ask Falco team to implement the trigger +- Deploy correct version of Falco in GitHub Action using Flux +- Test the deployment via the Falco trigger + +### Non-Goals + +- Creating cluster nodes on demand Refer #67 + + +### Linked Docs + +- **Slack Discussion Thread** [Link](https://cloud-native.slack.com/archives/C060EDHN431/p1712765271470189) +- **Triggering GitHub Action**: For triggering the workflow AIUI we could use a webhook to trigger a workflow_dispatch event. [Workflow Dispatch](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#workflow_dispatch). It allows providing custom inputs and as a minimum I think we need the name of the CNCF project and the version to be deployed. [Providing Inputs for event that trigger workflows](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#providing-inputs) + + +## Proposal + + + +### User Stories (Optional) + + + +#### Story 1 + +#### Story 2 + +### Notes/Constraints/Caveats (Optional) + + + +### Risks and Mitigations + + + +## Design Details + +> [!CAUTION] +> TODO + + + +### Graduation Criteria (Optional) + + + +## Drawbacks (Optional) + + + +## Alternatives + + + +## Infrastructure Needed (Optional) + + + +- GitHub actions workflow +- OpenTofu From e1cf8bd400e62f4b50ee8021b5ce00602fb77d85 Mon Sep 17 00:00:00 2001 From: Dipankar Das <65275144+dipankardas011@users.noreply.github.com> Date: Wed, 17 Apr 2024 23:51:58 +0530 Subject: [PATCH 02/20] refactor(proposal): improved the missing parts in the proposal Signed-off-by: Dipankar Das <65275144+dipankardas011@users.noreply.github.com> --- docs/proposals/proposal-trigger-and-deploy.md | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/docs/proposals/proposal-trigger-and-deploy.md b/docs/proposals/proposal-trigger-and-deploy.md index d3a8c64..e6e283a 100644 --- a/docs/proposals/proposal-trigger-and-deploy.md +++ b/docs/proposals/proposal-trigger-and-deploy.md @@ -1,6 +1,7 @@ -# Short, descriptive title +# Deploy & trigger GitHub Action workflow from an upstream CNCF project -Deploy - trigger GitHub Action workflow from an upstream release, including the binary +To trigger our benchmarking task to run when a particular cncf project gets certain kinds of event, let's say its `release`. +Some more info about this proposal is also present in [#83](https://github.com/cncf-tags/green-reviews-tooling/issues/83) ## Authors @@ -42,13 +43,15 @@ rejected, withdrawn, or replaced. ## Summary -This proposal focuses on automating the Green Review pipeline for Falco by drafting a proposal, defining a trigger mechanism, involving the Falco team in the implementation, deploying Falco using Flux, and testing the deployment process. The proposal also includes considerations for a phased implementation of the automation pipeline, starting with manual triggering and moving towards automation via a webhook. +This proposal focuses on automating the Green Reviews pipeline for Falco by defining a trigger mechanism, involving the Falco team in the implementation, deploying Falco using Flux, and testing the deployment process. In future the pipeline will support more CNCF projects as they are onboarded. + +The proposal also includes considerations for a phased implementation of the automation, starting with manual triggering followed by automation via a webhook. ## Motivation -To automate the trigger of Falco deployment when upstream aka origin repo creates a event. -we will then deploy the workfload. once done with the +To automate the trigger of Falco deployment when upstream aka origin repo creates an event. +we will then deploy the benchmarking workfload for the project, in this case its, Falco ### Goals @@ -59,7 +62,7 @@ we will then deploy the workfload. once done with the ### Non-Goals -- Creating cluster nodes on demand Refer #67 +- Creating cluster nodes on demand. [Future Goal Issue #67](https://github.com/cncf-tags/green-reviews-tooling/issues/67) ### Linked Docs From 9f9e08b0990bf585746bf47b6fbf25ee91a5351a Mon Sep 17 00:00:00 2001 From: Dipankar Das <65275144+dipankardas011@users.noreply.github.com> Date: Thu, 18 Apr 2024 09:15:44 +0530 Subject: [PATCH 03/20] feat(proposal): added proposal section for trigger and deploy proposal Co-authored-by: Ross Fairbanks Signed-off-by: Dipankar Das <65275144+dipankardas011@users.noreply.github.com> --- docs/proposals/proposal-trigger-and-deploy.md | 64 ++++++++++++++++--- 1 file changed, 54 insertions(+), 10 deletions(-) diff --git a/docs/proposals/proposal-trigger-and-deploy.md b/docs/proposals/proposal-trigger-and-deploy.md index e6e283a..03c2767 100644 --- a/docs/proposals/proposal-trigger-and-deploy.md +++ b/docs/proposals/proposal-trigger-and-deploy.md @@ -73,14 +73,58 @@ we will then deploy the benchmarking workfload for the project, in this case its ## Proposal - +got an example GitHub action workflow file +```yaml +name: TriggerTest + +on: + workflow_dispatch: + inputs: + cncf_project: + description: 'CNCF Project Name' + required: true + default: 'falco' + cncf_project_sub: + description: 'CNCF Project Subcomponent' + required: false + default: 'modern-ebpf' + version: + description: 'Version' + required: true + default: '0.37.0' + +jobs: + echo-inputs: + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Echo Inputs + run: | + echo "Add logic to deploy ${{ github.event.inputs.cncf_project }} ${{ github.event.inputs.cncf_project_sub }}" + echo "version ${{ github.event.inputs.version }}" +``` + +for invoking this + +```bash +curl -X POST \ + -H "Accept: application/vnd.github.v3+json" \ + -H "Authorization: token $GITHUB_PAT" \ + https://api.github.com/repos/rossf7/green-reviews-tooling/actions/workflows/trigger_test.yaml/dispatches \ + -d '{"ref":"main", "inputs": {"cncf_project": "falco", "cncf_project_sub": "modern-ebpf","version":"0.37.0"}}' +``` + +> [!NOTE] +> Here fine grained PAT is used +> - Read access to code and metadata +> - Read write access to actions + + +> [!IMPORTANT] +> We'll need to create these and provide it to the Falco team, aka any future CNCF project we are going to use for benchmarking. + ### User Stories (Optional) @@ -116,8 +160,8 @@ How will this affect the benchmark tests, CNCF Project Maintainers, pipeline mai ## Design Details -> [!CAUTION] -> TODO +> [!TODO] +> Add here -- [Short, descriptive title](#short-descriptive-title) - - [Authors](#authors) - - [Status](#status) - - [Table of Contents](#table-of-contents) - - [Summary](#summary) - - [Motivation](#motivation) - - [Goals](#goals) - - [Non-Goals](#non-goals) - - [Linked Docs](#linked-docs) - - [Proposal](#proposal) - - [User Stories (Optional)](#user-stories-optional) - - [Story 1](#story-1) - - [Story 2](#story-2) - - [Notes/Constraints/Caveats (Optional)](#notesconstraintscaveats-optional) - - [Risks and Mitigations](#risks-and-mitigations) - - [Design Details](#design-details) - - [Graduation Criteria (Optional)](#graduation-criteria-optional) - - [Drawbacks (Optional)](#drawbacks-optional) - - [Alternatives](#alternatives) - - [Infrastructure Needed (Optional)](#infrastructure-needed-optional) +- [Summary](#summary) +- [Motivation](#motivation) + - [Goals](#goals) + - [Non-Goals](#non-goals) + - [Linked Docs](#linked-docs) +- [Proposal](#proposal) + - [User Stories](#user-stories) + - [Risks and Mitigations](#risks-and-mitigations) +- [Design Details](#design-details) + - [Graduation Criteria (Optional)](#graduation-criteria-optional) +- [Drawbacks (Optional)](#drawbacks-optional) +- [Alternatives](#alternatives) +- [Infrastructure Needed](#infrastructure-needed) ## Summary @@ -47,11 +42,10 @@ This proposal focuses on automating the Green Reviews pipeline for Falco by defi The proposal also includes considerations for a phased implementation of the automation, starting with manual triggering followed by automation via a webhook. - ## Motivation To automate the trigger of Falco deployment when upstream aka origin repo creates an event. -we will then deploy the benchmarking workfload for the project, in this case its, Falco +We will then deploy the benchmarking workfload for the project, in this case Falco. ### Goals @@ -64,18 +58,21 @@ we will then deploy the benchmarking workfload for the project, in this case its - Creating cluster nodes on demand. [Future Goal Issue #67](https://github.com/cncf-tags/green-reviews-tooling/issues/67) - ### Linked Docs - **Slack Discussion Thread** [Link](https://cloud-native.slack.com/archives/C060EDHN431/p1712765271470189) - **Triggering GitHub Action**: For triggering the workflow AIUI we could use a webhook to trigger a workflow_dispatch event. [Workflow Dispatch](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#workflow_dispatch). It allows providing custom inputs and as a minimum I think we need the name of the CNCF project and the version to be deployed. [Providing Inputs for event that trigger workflows](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#providing-inputs) - ## Proposal -got an example GitHub action workflow file [Refer](./files/trigger-deploy.yml) +We will provide projects a GitHub webhook and access token the projects can use to +trigger the green reviews pipeline. + +It is envisaged that projects will call this webhook when there is a new release +of the project to be measured but they can call the pipeline at other times if +required. -for invoking this +See this example curl command and related [workflow](./files/trigger-deploy.yml) ```bash curl -X POST \ @@ -85,17 +82,9 @@ curl -X POST \ -d '{"ref":"main", "inputs": {"cncf_project": "falco", "cncf_project_sub": "modern-ebpf","version":"0.37.0"}}' ``` -> [!NOTE] -> Here fine grained PAT is used -> - Read access to code and metadata -> - Read write access to actions - +See [design details](#design-details) section for more information. -> [!IMPORTANT] -> We'll need to create these and provide it to the Falco team, aka any future CNCF project we are going to use for benchmarking. - - -### User Stories (Optional) +### User Stories -#### Story 1 +#### Project maintainer adds green reviews pipeline to their CI/CD -#### Story 2 +Participating CNCF projects will add calling the webhook to their CI/CD pipeline. +They can use either the curl command we provide or an alternative of their choice. -### Notes/Constraints/Caveats (Optional) +The fine grained access token we provide will need to be stored as a secret in +their CI/CD pipeline. - +#### Project maintainer deploys their project so it can be measured + +Participating CNCF projects will deploy their project using a gitops approach +with flux. This is decribed in more detail in the design details section. + +#### Project maintainer triggers pipeline to measure a release + +Calling the webhook will trigger the pipeline. The Report stage will provide +the results to users of the project. ### Risks and Mitigations @@ -127,10 +121,17 @@ by scaling to support more CNCF Projects. How will this affect the benchmark tests, CNCF Project Maintainers, pipeline maintainers, etc? --> -## Design Details +Multiple deployments will produce inaccurate results as we can only measure +a single project per node. We can set concurrency in the workflow to ensure +only a single instance runs at a time. -> [!TODO] -> Add here +Deployment may fail. What alerting do we need? Do we also need to notify the +project? + +Uninstall at end of pipeline fails. We can wait till all flux finalizers are +removed. In future we could create nodes on demand and delete on completion. + +## Design Details +### Trigger + +CNCF projects will be given a GitHub webhook they can call to trigger the +green reviews pipeline. The webhook will accept 3 inputs and trigger a GitHub +Actions workflow. + +Inputs are + +- `cncf_project`: **required** Project to be deployed e.g. `falco` +- `cncf_project_sub`: **optional** Subcomponent if project has multiple variants +they wish to test e.g. `modern-ebpf` +- `version`: **required** Version of project to be tested e.g. `0.37.0` + +```sh +curl -X POST \ + -H "Accept: application/vnd.github.v3+json" \ + -H "Authorization: token $GITHUB_PAT" \ + https://api.github.com/repos/cncf-tags/green-reviews-tooling/actions/workflows/pipeline.yaml/dispatches \ + -d '{"ref":"main", "inputs": {"cncf_project": "falco", "cncf_project_sub": "modern-ebpf","version":"0.37.0"}}' +``` + +The CNCF projects will be given a GitHub fine grained access token limited to +the `green-reviews-tooling` repo. This token will have + +- Read access to code and metadata +- Read write access to actions + +### Deploy + +Flux will be used to deploy the CNCF project. Projects are able to use either +`kustomization` or `helmrelease` resources to deploy their project. + +Project resources that should always be deployed in the cluster are stored in +the current location in the tooling repo e.g. `/clusters/projects/falco/` +and are reconciled by source-controller. + +When the pipeline executes it will look for yaml files in the projects dir. +If there is a yaml file matching the `cncf_project` input its contents will be +applied using kubectl. The same applies for the `cncf_project_sub` input. + +The `version` param will need to be injected into the files to ensure the +correct version of the project is deployed. + +``` +projects +└── falco + ├── ebpf.yaml + ├── falco.yaml + ├── kmod.yaml + └── modern-ebpf.yaml +``` + +The pipeline will use a GitHub secret that has a kubeconfig to access the +green reviews cluster. The deploy step in the pipeline will wait for the newly +created flux resources to be reconciled before proceeding to the run step. + +We will have a node to deploy the project and another to run the benchmarks +so we will use [concurrency](https://docs.github.com/en/actions/using-jobs/using-concurrency) +to only allow a single execution of the pipeline at any one time. + +### Cleanup + +On completion of the pipeline whether it was successful or failed the flux +resources will be deleted via kubectl. The pipeline will wait for the flux +resources to be deleted before exiting. + +This is to ensure that the cluster state is clean before the next execution of +the pipeline. + ### Graduation Criteria (Optional) -- GitHub actions workflow -- OpenTofu +- GitHub access token for CNCF projects From 5cfe90554abd8113be1773dc4c05517e9dab8823 Mon Sep 17 00:00:00 2001 From: Dipankar Das <65275144+dipankardas011@users.noreply.github.com> Date: Tue, 30 Apr 2024 23:08:43 +0530 Subject: [PATCH 06/20] patch: improved the docs based on reviews Signed-off-by: Dipankar Das <65275144+dipankardas011@users.noreply.github.com> --- docs/proposals/proposal-trigger-and-deploy.md | 75 +++++++++++-------- 1 file changed, 44 insertions(+), 31 deletions(-) diff --git a/docs/proposals/proposal-trigger-and-deploy.md b/docs/proposals/proposal-trigger-and-deploy.md index c9ca358..2bc9e5a 100644 --- a/docs/proposals/proposal-trigger-and-deploy.md +++ b/docs/proposals/proposal-trigger-and-deploy.md @@ -1,4 +1,4 @@ -# GRP-001 - Trigger and Deploy GitHub Action workflow from an upstream CNCF project +# Proposal-001 - Trigger and Deploy GitHub Action workflow from an upstream CNCF project To trigger our benchmarking task to run when a particular CNCF project gets certain kinds of event, such as a new `release`. @@ -38,21 +38,40 @@ rejected, withdrawn, or replaced. ## Summary -This proposal focuses on automating the Green Reviews pipeline for Falco by defining a trigger mechanism, involving the Falco team in the implementation, deploying Falco using Flux, and testing the deployment process. In future the pipeline will support more CNCF projects as they are onboarded. +This proposal focuses on automating the Green Reviews pipeline for Falco by +defining a trigger mechanism, involving the Falco team in the implementation, +deploying Falco using Flux, and testing the deployment process. In future the +pipeline will support more CNCF projects as they are onboarded. -The proposal also includes considerations for a phased implementation of the automation, starting with manual triggering followed by automation via a webhook. +The proposal also includes considerations for a phased implementation of the +automation, starting with manual triggering followed by automation via a webhook. ## Motivation -To automate the trigger of Falco deployment when upstream aka origin repo creates an event. -We will then deploy the benchmarking workfload for the project, in this case Falco. +To automate the trigger of Falco deployment when upstream aka origin repo +creates an event. We will then deploy the benchmarking workload for the +project, in this case Falco. ### Goals -- Trigger GitHub Action workflow in green-reviews-tooling repo when Falco needs to be tested -- Ask Falco team to implement the trigger -- Deploy correct version of Falco in GitHub Action using Flux -- Test the deployment via the Falco trigger +- For adding *new projects* in our SCI benchmarking pipeline + - **They** need to specify what their benchmarking pipeline looks like aka + script to be used + - **They** need to define any specific requirement for the project during + the benchmark + - **They** need to trigger our pipeline when a relase happens in their project + - **They** need to help in setting up the configurations required to enable + benchmarking job manifests in **Our** repo + - **We** need to give permission to call out *green-reviews* GitHub action + - **Our** GitHub actions will look for manifests or other resources to + deploy the benchmarking job +- We need to make evaluation of SCI score **independent** irrespective of projects +- Our Current Sub-Goals aka current plan to accomplish + - Trigger GitHub Action workflow in green-reviews-tooling repo when + Falco needs to be tested + - Ask Falco team to implement the trigger + - Deploy correct version of Falco in GitHub Action using Flux + - Test the deployment via the Falco trigger ### Non-Goals @@ -61,7 +80,9 @@ We will then deploy the benchmarking workfload for the project, in this case Fal ### Linked Docs - **Slack Discussion Thread** [Link](https://cloud-native.slack.com/archives/C060EDHN431/p1712765271470189) -- **Triggering GitHub Action**: For triggering the workflow AIUI we could use a webhook to trigger a workflow_dispatch event. [Workflow Dispatch](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#workflow_dispatch). It allows providing custom inputs and as a minimum I think we need the name of the CNCF project and the version to be deployed. [Providing Inputs for event that trigger workflows](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#providing-inputs) +- **Triggering GitHub Action**: For triggering the workflow AIUI we could use a +webhook to trigger a workflow_dispatch event. [Workflow Dispatch](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#workflow_dispatch). +It allows providing custom inputs and as a minimum I think we need the name of the CNCF project and the version to be deployed. [Providing Inputs for event that trigger workflows](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#providing-inputs) ## Proposal @@ -86,12 +107,6 @@ See [design details](#design-details) section for more information. ### User Stories - #### Project maintainer adds green reviews pipeline to their CI/CD @@ -113,13 +128,6 @@ the results to users of the project. ### Risks and Mitigations - Multiple deployments will produce inaccurate results as we can only measure a single project per node. We can set concurrency in the workflow to ensure @@ -133,12 +141,6 @@ removed. In future we could create nodes on demand and delete on completion. ## Design Details - ### Trigger @@ -173,7 +175,17 @@ Flux will be used to deploy the CNCF project. Projects are able to use either `kustomization` or `helmrelease` resources to deploy their project. Project resources that should always be deployed in the cluster are stored in -the current location in the tooling repo e.g. `/clusters/projects/falco/` +the current location in the tooling repo, below are format where we might store +project related configurations +``` +# for the cncf_project +clusters/projects/${project_name} + +# and for each cncf_project (different configurations) +clusters/projects/${project_name}/${configuration_name} +``` + +e.g. `/clusters/projects/falco/` and are reconciled by source-controller. When the pipeline executes it will look for yaml files in the projects dir. @@ -181,7 +193,8 @@ If there is a yaml file matching the `cncf_project` input its contents will be applied using kubectl. The same applies for the `cncf_project_sub` input. The `version` param will need to be injected into the files to ensure the -correct version of the project is deployed. +correct version of the project is deployed. +(For these small minor changes we can utilize kustomize) ``` projects From 1a1198d6b90d2570733b2d7e447631d43d8e9cdf Mon Sep 17 00:00:00 2001 From: Ross Fairbanks Date: Mon, 6 May 2024 20:23:53 +0200 Subject: [PATCH 07/20] Proposal updates including subscribing to releases Signed-off-by: Ross Fairbanks --- .../green-reviews-wg-workflow-vision.webp | Bin 0 -> 59554 bytes docs/proposals/proposal-trigger-and-deploy.md | 64 ++++++++++++------ 2 files changed, 45 insertions(+), 19 deletions(-) create mode 100644 docs/proposals/files/green-reviews-wg-workflow-vision.webp diff --git a/docs/proposals/files/green-reviews-wg-workflow-vision.webp b/docs/proposals/files/green-reviews-wg-workflow-vision.webp new file mode 100644 index 0000000000000000000000000000000000000000..7df72c4655dbd96edc9080fe2ca4e6ae36169284 GIT binary patch literal 59554 zcmb@s1#n!u)-~8>W@hG?nK@==W@ct)cI=obW;50PO5tos}g-h&8peiJ=YwU;tPE3V;>>VPxXsD6FU``^Wn4@(=!Zx?co< z{JEQ>|Ksc5{QoP2Vru4M0sw$0epnlux|rB~;D(QUY2xVY3IKo=eeh%+u8x23@CQbB z{s`~`um8ao|H7Alu<>6Q9Q-dERb^2C02~_tfQC0Ra<%{f;K@IDVs{gZ4?pl?ADGGB z)XM$?f7}BE?Ccy&KXAhbrv9*T{J?+wa~c1KAB+FMMn=Z}_%t%I_y_;1Egv;M9xP_% z;%IB+_1De+pBFn@w~zk%D^Y%2;Vqpdl|Ralwt_6%ILQ2i?TzIX{^qSdTK6}$bdyy3 z8=JU@e)Q$P>Y5sf$^4D&ZRP)b-+%cuxB4vgH@0$>QvDm7xrnR$jh!8o|9O_Vv#9Xj zypi(<`X4`THfsOymS$4_`1iI{)%e@S-AY~lZ|q{D@=rY8mZJag&Th*8#BXLVA@aAq zx%20L+HU9a!T!&4Ev=;fsq1Q~D)~2WV)XC$&FqE$?bAi`pV&;z#Kix$H?vp!r@fA@ zBL6(g(e|&o@mF7&*-HGwySS_TQ`gm5^&j5RRq>xbv^J9dGw%PY3y=j!d`wX_fGxlk z;0!PVd;Y!3W}bh>C_vP~(aYJ&!qSyk_+yrt5lh*dFnl6rVPate0RGI`KQ;is z4d!2S5d?Ge-&{yJ0Knf01OnUt%}GxK0Ck1{0BqyGIchxs0Qmp_8167}b9VpB9RU1K z0r9aGAOX+;H~>Nb8Gsr<4`2as0C)jH0C9jcKmni%&;sZKOaPVuyN}2{0KR}AKsX=< zkO)WtWCHR4g@7_Z6`&r_4Cny#0)_x%fN8)2U=6Sh*aw^dE&=y|7Z4B-C=dh?G!PsR zA`l7?IuI5RE)W3_aS&M$We_b8Ll6rPdk{AeUyu-x7?328Optt#a*#TZR*+th5s(>> z6_6c}Bamy5XHYOucu;gu0#Hg&Mo=zLVNe-RRZu-p3s5IeZ_rTCc+hmv0?aHtHZN~mtAS*U%eM`$=`B4`%q&(PY?_Rzu5snFk{yP#*G51?OQ zkYOlbcwiJ@OkuoW5@3p8+F+(&_F-ONQDCWH`C(OItzm;;(_yP&2VvJ?Z{XnINa48Q zl;Eu30^!o(YT<_AcHo}iQQ>LfMd5Yf-QeTlOW}LqSKx0D5D+L4gb=h5ToK|C$`Sez zHW3~X(GVFBr4UUK0}!(in-FIa&yiq|D3FAa^pU)gQjvZjO(C5k!yr>4iy|8#`y*!| zw<0eg-=UzPFrz4-*rCLtd`B5UIYfm*r9>4+HAM|YEkx}{-9rOIBSRBKGeHYMD?%GY z+ee2)r$U!Pw?>aauR@YhddcelR7Q!~ej>fLRUci3FA;uBMvBCL*(~Pr$3yw>RtAy);n~OV$dy0pS z$BSoz7mZhsw~7ynPm8aN?}J~6KaPJ#Ku91#;7E``&`)qmh)F0!XifN)u#51B2#rX9 z$cpGIQ8&>sF$S?Pu`O{r@c{892|kG=i5p2i$t1}ODHW+2X)tLG=>{1r85fy3*;leY zvP*IzayfEe@(S`*3K$A53QLMKik}n@lvI=&lo6E8l!sKoS8Q}_W^B1^%j{_Ea_kZ8ee7=>oE**^)f`8h}ql&AEXNqrrCjD&j zx#IJs1iOTfM2{qdq>SVj$t5WQDHEx3sY_{2X+P-!8F(2LnM|2oSz1|V*)};)Icd3M zxpjF8d3*V01%QH-LbAe!B9)?(V!INglA=G!ZpPGdVF8GW}|LWX5ln zWOiWAZ=Pg+Xu)rhY;j~MXqjqxY9(rwX?0~SX`N^NV54ADY6G;@u&uF!wllPAwMVtL zu^(_CbntYTaint$cieX3aY}Kzbe3^0aRG7Bb7^r!{}4yxZq#mJZaeM*?pf}S9_k)H zJW)LDJ;%Lhy`sDhygz#v`+)nH`1JXb_y+mz_zC;v`-Au!`}YNq1%w9d2TBB%1;GZ{ z1Wg1p1t$gHhG>Meg%X4YhVF$)gjIwihC7EZMes)CMS@3KMNUSsMrB03N1H~E#xTXC z#=ORw#E!->$EC*s9X0fdAmic zWu{fSwXco0t+Ab=cjnqy2&4MkO zt(t9)?am#so$+0j-L*ZFy^~)qzh3u4e(LKV&)VIQo1veXMi5f8u!ZavFYy za+ZBgeco^(bTNLZdAWb(dG%)k@3{ZF{AkUG_dn_XC_i>f#D;4h5mbTZ zfY8>0i-8I-V@Hb?kQ96=ceA7h1OL(N_jS-<$$#`I2Wx80e>1OiY)+NY8JKa5_9*c% zwG31Rj=qHfO}>JSgS|pkTwDP4ygZ-bfq7-jy!XqHFNf1<;^H;ojj?@ItWl`SN|mr~ds0=rJ#GYjCku`+f;L2by-y2ZR7aPGR0O z-ZZL8--zDzj{m zf;R>$f^Pg~C zaJ01+FycQO;0pvkg1zcIao#7K=QVDve(2r)m$_Gqr;BSs{X8?E4AADa=GWFT(lycn zaQnmI7ofx20}%KwIGDE;unCL?3Icz=mVQ(dBnDEy@4b(`3O+l$ZS8ggfp2dR@4~My zuLloE*8xx610O~Q4xtfBwbo)_M~rU|!O zO@c~6JF^s)2$NKIp(DA;%$K3t4*$C^=FEPZ26hD{%KL90%Q3cGdMxP|Ze@`TVOkQY zp;PZX=AKsrV4@>Ho@?2-F%)TNMBwhV>A$`a^_%b6mLoE;Pr8+pyGcI!Kbwds!tl5S zM+9rREEx#exOuUOw@R$ppML`53PB>K4OVK5B8^4L zbWi>FsKSm+U3PQqXqz*{c-O?ES8s|t$r0fAohK|?9=4Qi*mSV|g>AB1D@3J__`ZO* z`qAu#%=03V4{M+ExNi>rqR@PNwI*@=u%zp&7$-U!qg18yt~T#UPuY=!kIipHIzKN9 z#n-18mBM{Bnhok3-?(dc5a$EGwpaNUqc!W6>5Nr>)zK=EbQup&t;?>t|1}XRe%DOy zO|K;D%@n0DFbw_>NV;Dct5>S-7~sgG0V@@IPaHp)YyGMtnB0>1|Zg*#k~DQsE`g zd`M)0rmEb}0|QXIa$7D|77fQHg*8k4)w^Y8735U6&(_71GL2PJJ!Wr{(=KedAS4l- zP+jwEyRcaz`j~ZQmmndPdVSaB56bMHMG@R1C?Shj@HSZNQ_!>Z>=_ z#JCb2$TXf`>vYA-l9q5}zUmN1W)~Mdc0Z#B%?(;45qeSENcI+Zym6()zo8qQA;tUK&;iaZ_R(sx^>Gs?x36o= zv4x1JgON#C1oCTYVtQwfSO$qblh*pM`((>&zn~qIoQaYD5OkQquL>eRjSXxNIy}=k* z8Fs7jCH1HCT$t0`kKM*BovE@h`oxRvstb)G#&<`Yp1gV3g&I!-tN*of!#Q}}v9zSc zl+9P{WQ)5NC%vxWSnZC%Ob@ug^Y@{OJyJyn4@sp3g$o+H@=fZB>mqb7S$QQWo`A}N z6MFeaYPy%qkj~Yw=vk1J_+)d_HLpkKlAQe4y7cj;a6EpCZQlX{WtWRLR&^<%dxsqg zF|44C&wuyt!S+XZK7Gvz)of+Ydt6Ag^Q>V^nMU7fN-XYXsAvkp*qb{iVT{M1UR>_G zD2Zjj3px1G?mza_UKxX3x)>{&(o*S50@Iv{uI9+twKZF|erbU@PCpMB_QL>4?_FF; zPnPeVI^2vZw1)Zp$NUI2-eA#6RKEB*X59RCJ{Y*7s87`F3~V% z<}dvDW&m+sD*b)=)cWYRnSJm7e#Oma?xb&s3+MYC{#lG-+NQOm%BHuzbYs7(OKJ^1 zwEd87VLn2SID?PG4z#sLk{PGZH;g3kd)uqd4eyrto|-a2c^F-=FV7?*u)PU7&BfsX zZ5?m$zk9Jdtk5M;FdL6FYPdSDF8T2rd&JGh(9+E5g7DnmU-4`^ziyp2Ds5Q%?+x2xcS?Ko3;JEWu4@6hdJ zO?&LO;?FOi)k4wG3-1{fC3<-5oX`R{id183zT{Az=Lm!vaVj0nphx%Kzox{>!8|<- z{d@_(>41ztr=?GU~Hp;lILqaf5A6=1S2qnxYTI1y4EF+%53?N9~N@a zo|5_7qyVC_c@UJmtHP z5s5H3;x>1ECK#x)utwXjO_h1znbNDMFG>IP)%&(;=Ji-o=ZmZls>JIKlI%lZXyAZ% z3d`v7M-SCrwmV7S7KL8C;hL4IrpvfW&1v}4MCa31teAFIWpw;owRPQDteTA(eSzg; zsiJ`8)EL6U1#-7$69(wKu4Sx$iFzUm^#!8@F6fKwQ8;^0cNEyWl9DVVAO1AVzqa63iC1$4Y*Lht8H1#)OU9K$*9t_lfS?O@o(oMpuRE`VT=xD5v8U>+t^=|dor)@V7i)pi5CEO34Q!xJ4 z091+tWoK^pj}v5(oA4E$@;S(5gk4p=c9})9;u_gp^h>qLfWC&1O+^mvpWSB49Sz{z z{#Ki)y)}J{^?q!3xt619a`+H>pLI5;nEiOLRM59J4Qt6_I98xH2E~lYdw<{GS38@t zq=s&99IhcW-QAfwP4>G5-l9316mOrsI}Dc~-k&&D42PKeu=76|9R4gdFjW@HJ!(FKmY`3+HhQAhuQJMu&fe6e zhjKd+tm^&3D4gyNS&(1GWSyx(c zW)Way6R*^BE?+;TDVmRjv+}JOP&a+Kym+bM*$^mvn9a~y^{T^dsPX&Zv8#vB9fy1% z#{hthef6;_f<8CGk{psWGaW25q)>N%r@ zUJWDU!C%DkomEqr;wkPxo4WvF7C&$4ec2|*YU&SO@Sk!4m( zzSTYPBrcQKL!%XMDvHU7br-RUusfD@CgA?lApQsA2xc+i4ioh6LRx1Eqd8zNF`|!B zWlBB)dS+S;A29{PAT)8a&y|>CcXbGXM#H%4N$}aRvrX`}vG-bjUsl0=M;*(;(umx! zzVyl68?Pxi%gLa^6t5?g!-T|A&)f9G;BbCMJ92yt`>_qxPOvJ`EXMkt`@4&~L0bFgONW4q198Qgmd~6NtOZ)-(lgFd;>i;4eJLZ8 zMwwmwO06tkrZ-jXmrR#Tlu9Wx#wVHwc8qkft_`TlIylnlBz1rF75qx`kBa}j{>|&i ze0m>1r*K>SV|I6u5^D{H&OBgYp~2+7DPcJx+Mz^SpZ)C@s7f!=CoN=cS~rD_JPCY8 zvt!0iYLN#w;Zw}dW0z);$=Jlb7Uf|e{Y;V@?ek?gU;601)4V3^b&G#wp8K+##wdo< zTqKRSRfY9twcw(Nd>_m~1mC8U8@-TcYH1~HXiJ2yt3fvJ@KB_M4^(7~<`})+KTw0E zs%aN$x5Y>NYb!}@gDZKE!*Kge@PIcu1B{ujc%-Ih*FBmP`fl|+ASASuXyaF*#80IZ zfs&EDUjT3j{(+T{zG6@9!1h?zlF_&;XqzPJ(zCRxOiDO5k{+P0!DX*4N037%Cu&I~ z74dV>MqS~)EdhC(5}rUN zne-XS;$Iux$LgHPo!8tJDU-zQr@BVIZE6~-uc+h|pi zgKR+WoHaSYHbjfzV_tmRjSVO64@Ais|6@n3;Q=$ud7&@QhCCs@y*)*SommaoLT z-b~d%u1&lHUDQXzzIb{eZ}WJ}*j;Kfw9rqD(~6k0{3dnOhaNR6x0^a-SssDc%*{`X zfSzd`8Szek0{fEZ^82crq$ei`XP$^h&nYU zaCQB{uF@hb4qCD6qTjo0Tjg(6kB1s}B&8Q0#+sFIY>v+$}H_VyCE3p1(t_1HxlYesLxKcAaoE|c;TY^HA(d8gT~ zFTLxl^XD^hrHY@9^SoOJ|HpC7_Yy802EN5U58ECFMAqRgG*coyNi>Aqe(YOi>+TIt z{J6od4b$#=2Xi$%g3SR)bp=nX^jS(vLJBGSy80@9*Y$~{17T(?>0A8Qd)yNjlhK-p zG;w3;LTvtS0{tYkT#@_#brOVw+#Jq|C0_@4P^Gb=OCSm(UGn7E{&hEf3HE)`JlyG( zM?%F%kH%B)AoROHD5U)dME$k%{5v$JLFnn98wvz{4hlNH$_O#% z!@I7qLg$MXn^*1rbtLtFBbficpL=oj0N&pli2pi~{p$igGdrbEZ+X$zYv~rcG6RNE z_yD%U8*hjwdO-Znf6`Z8d!*`Z7E#|2o#e($zTbdA&~ITwAo+zt{E+nAuMQ$}?$*HR zp=krGS-7m6e9|@EZzM-Ll~O&sARqP-AjgPg`zUZUTeMNzcW>d(;PDWglOf){>K8d^ z(jG654{NaZ08bZvb^)1~6)>-ZdYpefW?wZb;Q9?CoPa}m?!bPC>_d-oatr!*0I z1mN-v^LkY;SB60bdR?5(^xeG(I5=qrK!AtJ7(hMIR4R^Yx&T+S1|%*+co%Ddv@LsD zx6y?>S6C@1-ECJX-1&_x5X>H$w*^gJOEke@{O&K(TX+kTB<(eEV_-i_I{c2K4X7c? zH_zV0&8}QkycQ1E;==;|iUl9y*0o|JkZI{kc<&*;dett|>>e5GM!;2%5hAR@e^$hH zK_fY5zcZkqd{J`=Pd^Zn!)F_`XnH#^=`wg?jCjBnqxILHXaYTi?diBO)?<0Hy~JnB zDp3;gBiv;k6=J^O!|9S}wBVmj{}e5vWBGtpdJ*#8NjxGFRC3zd82(K6;4!;j(c^{B zTUY+Pe~iVA^GKGPHC1S`@SqTMP%Ri=$xzi>i~DmOGqf``?uYI~)ls6;W+CS|F5FA8 z#$fbn@l`T+S|rHPu|#w1cinj3Go8{73gr9J^`!2RKa19XV?Ge@9Zu0zB5RT)}5aZKY&4r4{m`C_0syMXlSh!#inYUnau z0XcRK$cJ68cNdFJ{p`4VvoCz*njz;sxYoqqb<`l323hb>RQf1Wr00lUDn=fhNW7lM z;tQ|GM?z@J)d=aNwRL<20`>jqU|1n9d^*o=upzP+Ol@JVT+%oD zsJv&TqK#M=VW@t{Jm0&80Pq=Q_wAdxrcFzpQ8JW+c{oNZNX|Hvq#by)P;AA$6dGL^ z2o4j|$oTxH(aH@Z>@;<&ElR#($F;-ITc_`H@MAcmMfu}+?EVh!oqLMYLhSp-y@qv< zuS1q(F&^oZk_5cHYIySt>^3oiZgLxzq_je8e{BrM(64f`)i+HF{{Fdv13J}xJSc2U}24Wk4vkn!byOe z%Fn?-WC{}O+Qoflt?=|%j(S&2u3@-qq4Auqf_nICiXLbIp2gG&Mdhci+a1PNJmVBkcX`AFUYkO}mT_BBn`7tX}zFm^ZI%a2Ej4;yp5r*3tLNFg1AD zxaaDXJXxTNvGffi%SVjV?Ud)PW&&(9wt{2C0FZ zCX_bp8I(491V9IwTf=T#0-_O)hN?X_X>#5(4k8Yp4b^Q+RQJgSs>Sn@`?3`bs+`Is zR)b4!#VrDuXQRx?%ci3Wz&jVDolKLSAVT3JQwDMfTpD&$^CU6AbZ*K0lrnPKCJOni z@S6-d>!@HFO>!V!1sBP>E5#kZyxQS|ir0~Bw{Ofs2u3f(p^caUAl1bo2hhGA8kQ{4c5x;Ie)L2G428j~zS#N-sG|{4n+OCE#1rp&GF& za-S6~ZL-Bf1}cEMIQoi4&lsJ#EE{N-X__rKR`C<}!JOoz^`B1NNXLS(Q7l*zx4by& z>zwXi0%Q8@;MtfGF&S~7GQtlz3tuJ^BseyyLFc*6vu3#`>avyNuV*@7ACi-EIDZy0 zBT~KgH!OEGB~03iZ&l|UHPW0k2Se4p$c1mo@wcOrRq{*iWK`m!+qW@&$FrW{cX2H6 z9)h5nFb;|uiKhGpq9WHgOCM{tn`3z~s9-#wS}1Gncrvm+4sCt??P#*;a_9+uQ$~K8 z%sD_V`3V&dPV`=|3e8dxodLT^e6KnK@)9!Vt;5ut@_M?JtsuGa$c>ZuWtZ+|pe7hF zT~7MrGn0XUe%R zpUB63wdgt^=e2rS#7w%B?itupPjA0|XN+j`&a++*1Fh*b>~W)1uq(8jt=P&d9`JJz zwPSK;IwSqdN-GKCaaNDPr1@ufqSIq$o@3%Mru*f576(7FAJ##ReKfe2KY$d(c5Fev zSp+dQar!)@|WuIkpFhbCPtt;uC+wNphql}w<{tLo7#eS?kIT6|=)Z#iwki~*zLs74e zDfPf0l6DRXd-aMbX2@pi=fzYp?gaua&_JdBklKZU=8i*y#{^8_>t}n_;9~bRJ;?hG zrv8QF{w%uHiWJn|H1HRREC?0oj>b&HhYUO!9bs*P(-045CAVgyxT9pAL?i1Chi^Lp z(6u#+Oko`boxKvg{itO{YFbVw$CLT8ZDh?;yB3Y=2XnEm1CdCh2dO*;T-bGYNk8P<{(Md&fJ&=zB?3^z~hKnSG=Ga=%&IE$B zzg$Uke*E6r~=AW68hBrvGC*<3e{=jRhcLY10ZAAmcaGLQzz)`e_>_TBjO?s1E z&i*8{XYlISc-OH}S;wso-Snc4N`5tIOpEAF%Hh2&x=jgE9VP1+*GmDLYW690>C zo(N^PS3BdkSOH2S$#$N4^ye!ma^uW;zMtUqC{6P&iJ2rG%0yY3MM#(WHn!KR+2+c# z#omGU#)aGkxDYkyH@|YbC?UjdOa`#!{KtkeEQRM72R6B`a`!^SSLLn)l%I7my7Bax zEK3U=tDY)6GcovJ>xC760hFJRZ#uMgCkEBem zj2V0={ifyg=(9j(L2m}(W8Z8w&ROeD{4qV9HfXoJuESUbVXgUPC3F06LW;nfrd&Zm-k`9;l^gL9#sj~IX?|bcda%A7sAO}fyY%E_sYcpbe3R!3LD*l*tiu)2^c}w!C6MZNcPt#(pz#L)?`~kJZo%QRgdDCrn7R)c`+qS+? zX%?LyARr@YE#^IaoSVu?!sOiEVyeZ1)O0-5wVp$Qp9^W1k06BlN@y$-e%&n+ zzolGEq$?37SOml%U@Eia8XO@RtK_YEMKL)ZPTDR$T0w~;jge=E{YrNnYo(dSxaMR) znz`mdmx0P=ya(rkh(0eLu=eR!^8+SYBg9CsSVZs}k1}>t4i3j;F%o2aBB!!!^inR* z11&f!9D__x>^jHv0&OmgYyqcLF&-<$L1#mYWZ9`JAS(ew>buraV=indYo7|-fO~&( z4_NrkSnq%3($>uhWd9ZY6m5}gMUby%Fk$JL%mX881pX-C1wGAbM$c&U>Y|Q#UNFDMQ*x>aDkHINZ++o$T{UFZ}$!e`4&CpB-sR_DMv1 z+G6?izT9TFmtUI*&k%MO+RE_uvss4$%7uoxo~OB`0e$$bdJ1FdEmUu^X8sFHt|Rr= za7>G2Ah4UF{`E1ymN}_vizpmQouwozk^t90TKN%co|Hva8-jLIL*X+L9u|sIw)V-- z-fV7RS>|=~uN!zs`yLXwq2cL{MwK)v*X~5V1}}MfVuXj=gt$bpY{`lvpe}|DAP8=A z?NBKgN6*iu;tfvnA?1$2c-ldLS-nITV8be z#8hhl796W@Z*g&Gc{;ihmF0-2%Kw#t;k$W{XG(H})#)Q1JEI}ZH~5i@K=jZ+gxGG@ zX=JkRl)6ue3|Bad(+;`aG;mNZ0-(cNkyEg$==GtXuy9f|odh;!uKaDmHdLd=*<_=? zd3JFm;D-=Hk9uR}abMRT;w6%NELN<{hQIdpl8F6KmbdTKtDB5Fs)~3F4JfrFEK+T2 zUQ~~MWrhB(9VkxIkm%v7I}I!DS0%$gInlOOjrZe#FQwcM=H+#~IGj#awmcwiJZ(j1 z$2IG$v$^G5LpqpIjD-nT10+EEN0`%uxPyAu>j5fRupDNaq4FMh;gHGv@F&FMT9WsD zg;fSTT1{n|XOwjJy}-#^Yvp@6t1!MJap@skPQ-@aV*?%}l&2r9g(?TUQhm{Q@_v+l z4W2z5p`pV!n0|IQFli_&1?S$ac@MIA1P~O(IXGmFToNHy8|ZDp-X?A(_YI*b1<7_h zveF1DOys>(UwACMofm7f<_RkVaO=M-{V;48w0vK8vhLH4X-xXG!3JDt*@6H zI3@{Drg4Cx?3S=#JH6+Ob-8G+C``p8yxp6b-u+!O^EC(uRwIT;n5uugyO^y=j{>hE zI+R7a;z}}~Cz#Mk0?zW{Iao5g>E*UQVaib#>_s3x}s)tjK6@RX{K4mCK4k%tnY>4BZSHj0;zbNQc zq$CP4y7WP3d&5yP*(CPfB#&D) zoO!2aL2uR{0zfbAm8r1($ErjDZ)Ypr%bK4E2-O}7D3ODB;;$X<>8G#x(wuUtLu8U! zgQEv))ATgQUktSpzA3`B!J$K<9bs@m?@`BX6hyoCK?IK)9Y~MXmJghn4hU>CEV2!i zX(@$7Yu8;TcxB9z9l6RpXmrSqi(KpV6PS_y zG$U$HB~Vk2Q|Hesxs45+B{W3YleWRm4kK5XJ~Z;=07;C$epsrG+B`t>)n+tcH$Fmw zj!G`EK&?Vg6jQylRk!N}OFN)_G8tD3n^fvOv$;>wl&pC&!N+sKUg!7L(6bnXhE$(T zYXepZeWw8%Eu=WS_Ti0BGcojs37}Ys^)Dyp3fZN)qJ4T-WH2aqJjX~?h&n(#8TbUX zyoSw##}m(wdB7`!$8cLal3S0d;Ru2ZhB4~x;h0?wVxv(Lc@5h+Nh@_Gqc2Yyu6(pO zgu4|X`%bwnY09{_63?uU?(z=8*W|@sNi+X=nP*3^DWdj(;ff)*{$1m6(YS06H~c&C z+=S-KU0mL>ev0wK3e{Ge7LOi5SYV^YShvl|49@DrY}JFYr+k0Ej%t~kGee`+DHNA5khhpW#Wqg3n}Iu~WtS@JmttsMM;<+SuL6w>2$}WjinoNP z(Su?knf8yNM{IW#bqXUQ$y?j#ZtT!&&+V)rv2Rd|5=yEZIl=(c96nrL^tR=k@_zn? za%T(d2KbOl-?z|)N4yqQyDFaNRunYsmr<*yW~sb*2@9D_Hv_xLmCjaXatdPYXeDyJ zecGOf?K4GW?1BY$+)j6j$87W?SwUK4i9T{6WwJ$(Wn!KH`z+|IRYSOY(Go>(J*(1= z+Tr7gmzdr4lb=9VpKr|JPxK+AEq-#~S?Lkomm%yUlp$$tr>kG#o5{sllc=RpNXWLB z#@^&c*Nv+32fPf@Sj{(T$0$&V54uz9O4h%P|AZ0XMSC1BQ<3b+zR%C&^!d zxOyQ-H|gi%CE;P?MVR5d;*K0TfjoJG_`Dp5za%|mWgCFp2W#NEEXGj zudiZ$eU-R*DJ;aUKMd{fGRb4};vcdF>PrpT**c0vQcJbk_Dj^lNXH5-(ad;ULXgTt zE3ZX(yoxnlZ?k|%gc<M4V(?t zWO4mM55>$u(wq1!4R~xJ4#T@g)-{Yl+S}M*kE7Tm z^CiDu6wz<7yhQPD-(u#y^LLcrV>2Hv;ae;_i)99X_EI ztC{;i6x79zR?xBT^*suM)(LJ}NQB55IDED-&!CxD4yw!JyP#3SK?1B{;i17D>F0JM z2rX(dp-Pu%l6H0iYgO#%zItc`C`9dNFhRxliVlm$FqT@pqgJ};)d>PrtdKA3epJgQ zW~^OrDy^vvz#u71x*a@NA%!Xrjfr~{A&Yb)#RqSzZ3`oE3j~K!1-~)82F2XVGmjop zaSV+Ey{|uwE54`5)T1QaqHsT~*I9Sxx7hj$M#lY6u|%cZ(_?ZX63JZ-4>{)s^zYux zSxQhjtY?fl3zM3;b|g_ldxM+oVXm|?+SE#0hkzJi_B67ZrdD(sFf#a5+rwED&#-nd zujIA2v(hgTTMDZ~bjywJ0sBHW^y>-CChmO2?r$f`JXaROeQ8lI%>Ar?a1*JDmNyI> zTHILmd6izL>Yw+Vbe%_UuVAvhnAX~Wxz!zu6l3H!yR90P7t3NeAp zUf6IhkriRyFi*&_{)^{)5ZOB=n5pQeilptJ#9?T?2KycSlx zTU)k@_R=blqR140>mZh}WkM{{VxNOR1VkF>TU-1?Pin83Me8pKoXCAL39HJreiIS& zjeU5<6^z{Bx@1ft70$@-H~pAAE3XoGuPfJjxIPP9xFp70RO}Emu5#UrF`jUF_NZ=p zEw^77dSkY>aZy!@YKLHKEqe!6M{zlOX>l_)R`=;$+>-93!nEiROTTD=o<-i}DVuvA zX2{bByvF~wzj*YS@5tZArJBZi%B-hoEHzv6Erziq3LpD;z099mIWlLuZhBkyre}5; zr^!Mtz?Lu{CvLvgJ%FCysSLXm;#1kFbmg={w#%eUG?EnD&?tt~>d_qRoHqx9i00Ze z+m}8vgiE=1^4n+Cn$DYP3gthDrY*)PvlLhHfTX5@eY3t|%iT02b!k$AUjov=a#(lq zPy-&4oPS2@((l1G<>d1!{^s!z4+F04<$LMtABVDdTgd1)bG9&X_;FAv>v@(%bDyH$=ZFGUDq?yftp9aZ!NoT!5V$*b}17}J@pVTu{z=5zxw8}ZjGtCgfB^_-Y zkK;>#%@0>ioGb*>Nd;*BE=zp?t`QP#$hekQ7K`aDOMRP&>6k?wQ#|CWdc>{xpipqcpibJiVDM#jH8>CBO5*9jZ3c3y88XlQru6CREXf*98kAq37gK>%F=Mob^0Lc6Wm^U46L#8JRIjmlgmc5}bCr3DYgs ztECIj8$zNd-d@Od3F4=BUg%!Li(e)yx7r;q=e0;B;wp$1)3n2-OF3~A3ISATcn&fl z6zz9dn-XZBGAOMnE6q-XoIGPiuV@qwBM7&YdcpI+AG)22U7T{E&mF7HRZX?f;NY%N zFc?b>rznWeJWi--g!Ij$-SplDIc}>6qGf1T&EfXYPN%{)hnjRgj@)4hs-m6vE_N$o z7;xs{Y#!Zq#@MCXIpyuzgb*x=d$?pQ&*)kE7jdV|Fao^q9XV$BK zOAu#ml`+;ceQa!!#x zLRUbreTW$adtI(^QhYfTyK#9Q)$5|HNHC?xp7?ea@Kmlvs@WLQOL^&{k+$!Al3c9# zlmY)206;*$zhl%mE^H$L1#iggnwJHDH7cJKOs78A01>yzJ3chgN3SCPv~9CWga9UC zlYu%QuuiuG6}6Yl?KD}P;NTLzZ$Y(M+#qA=qKQF2X+%huT^J{5c=>xX_7xdaa-p!7 zEhTQ5nw-DM3lmh+AAq^i`jr8q|Gl3z;xAx))6@R8P>(-D8FYIgDOs={6QctgjRA|I z`+RZiW3BZq#ny{LuEUYb9L7=_z08RwA$4UVdS~n)S*vKBlywHkBQ|RImIua~qI-); z^}T#BLEu2s>v(5P&A=wtD~5L=(sVQE6kiO zzoNJgGa*x``duH)!D7n_#z^CDNjcd)B_SPgOcD~vT;aBd;Z!VOc!s$epOXwbE$89J zAmY8Gk2dVecmf@NiWp*Ze6=qG3`UxtzJZ`Y+=$?gkv&5(G*FOahBM@GZuEm8@C`jq z{2E?M7*W;DmC(IhtH}(wx_o29xN}x(~ z?L5NLb654fW5!PpB_Y4PXIfY&wAv#PPz>bayFJi2pk#QHJ|K+Fl_aj-)!_^DVn z0$~H%cdNbBO0vMGA>EPt!%Yssfwo3uG4-ZJk93t=&#^;Sb3E4W*p0)*U0;Ad}>a=`U2J|XX02XLZP%l?3vD!h_Fm9hXs=byhGt8{woA@7 zbO90sY`D-b;_q@N<3gTg|LTxH>~@1nC(apURNUUXB6Jz!+_SA)LSJhZ5yx+sviSQH zIyLPS41rJCxHqZhxUJ4wVy)4tOwE>d(635&;&exFAYts?<7YS`7mFVCa4@KK*%hjU zBC`pvSQQ8OzUOCjc^L<^Gm2JWgHKV&Ga#bg2JZCm^taZ@ztj&zIj|CBz%_7Gl#+)*CH^ae{aJfb)ooEc>MA~fwt!9+mNb2uNQ`*!Nc?YuNW#3MJ#4&k3 z?#8Nr%c4de@J`Kwm~JKaDA{g{+0Bu_l{UV7`=BI13|nh-6`+*m)sS@kFtZhW1jkq2 zn}wQk_nhJX*QmCqLAeW=4c=_bdaQ){k_aGT-2o}M-^dt1u)PRgL>YR}2U<|hXt$47 zn}jUpceup0yi*MAD$SVT>xk=#SC7Mw3W}f6P&B~t(v-1eq}TR+K5Q`5ntb}kY^m(e zi$n1mr+5P}zUx<5t(gR1baKLcq6jY{`te@uoKq5Uoj|gmc?RgqB!}so>LV0hEt7F3 zXUsvwc{VXKh8le8F9)ckReKOmi{zkwZz2{CiC6ynLUD+yCjPCJ?iVTnt5fE@lTkxt zwFq*dSr*b^fs{|SReX^`v;$|Jau*jhkxnX~e*2P($U!Pbs^`N-+z0y8bxndM6rlFv z&m>g+s)M2ZPE2)nI$L8MS>xR0xW^bL#?EbkjgHwZG@_L4Jk-H2Z}~OjOsr4J=*2}& z7hm}dnh0#{vE3=*1S$S2j zxr6V*mU|&&tL{)4|6=)y({(LII*Jowxsc|d=3F5*o0sZq?{qa8Mz7=4@Di5B>JZ00ZeA8614potWv)<{p^>fqn#)MI z)_e5-1t;{SHlT^!-`G>#EU#WFcWR~&wgW*8!d{@)@NCh83(cZU#&1pQFhqbp>QvQe7d)o;b?W|yO<}yIN zkk2M5-kBSMQa?0(N}G=R*Fy%z@Kb0?SE^9~kdE@kwmUeOeHe8YCYafZ+*C+GlmX-C z=PK^jv)sK@p~aJu6vl%%gtObojOG}iGP#O(@U&{t^o)A zHx(MftOm!q{E#Q6BUm*>na~KB>2nyD>?Q7kTWT+8IcE)D z>6aAk?HQwbAT|3?@b=@HX2?lpD@=BOreYo%S|r^& z(S~340bE&Js@1;p+DcYz-b;ULx+E0gNHoJZYKd{-Eq|BTeJz~ER(|k#qma z#gq_G5JE?0hT9p+RQEb5u3nkzpu*jsytmS?E8s;=C?a`bH*N^`Y9tA)RuZ@9!+V^ELS275(S_8R9fz(A5iC0;Qo*T z_8SCfO1gKiZ_Hm+gSsNX;pnCkk=QbdCPr@W0z!AD_PGq+GAVi+1$6{F3FIQ)+WTWb zgUFsJ`+IMoHtcru1c*E9oLKt+3pi}X`y?tYqE#|}^Lav4<+w&zFS&9YEBtO3) z=wf7S+baLQ+qc27_AA3bn5pI?-QFcm2@6WF?Fy;y=ex2jr+PZfixQ!n3*+Nrt#qIe z$l7l%v-Br~_xcZ#?+5C=#N%1YYiu#2CVo`VDBN3z)?x;X1dmmG&sP&-WtPf04KkuM ze}7z6B>45lHZS{i)qFRncom%{L4p`aa?xHZ`@kSg!e|#*878Uq_TAag|K`rBxnN#=-S$8B<{U+Q3}ZBq$1{tlp6ctz5E><%8aw`>TIV!S}`0+D4L0Z;KC ziW6VC3}hD}FMP99D@vI4^;`AUM#LfG}tNZy_C&yM54;6969#9VQ6M~ zq~SY62L#_;0i0NQb84cHZ^+X0f+U`HnW}hGGyUjh@ynps%>6vQRQ&Ft=0_rl?lIZH zmPnZ^rc?>Mt>QOla0(MX-lS^-0UnOvgw*?i$8&mS}&*gF`{je|f=Y53dyCDcVTtf})C z)N}RRbS*)Ld6Xmg8v{}qj;fwG9WpZbNbCRMLCjusJdfq11u0r;IL!K7$ zkLY#^DPdNPs2Ojsz9?G;Iq)FXeC8?i**Qn)r9nTp zh&ny_Y;zkBDl%XVCz;wIpTCv4Um=wnbS|vl z^)^&c{@@zhw2(Iz?+uLY0b)~y;*V2#SkV+l-9#3u4_EK~XfVT$jt2+~I0B`%RYC{SjLW?oOkq8;q}? z-M=?5Iuu(jmU!`&AMt~=pWm34!F!36|BS&-^5)`myx=_Eb56j&5_U@A*{i4cdg;oA zaRE0ZaHE?;7ledmdb%Xe0~Z{UW!yyHMc>;&vg63_%&qLGdsrul(OagzUtW*WyltAKSyWV$ZLcQ1mtTnO41Ps-?VTpR3_?o@1SK0KJv$K5M$VXX z`XM_nOG#v79U~yC+)d!wwq8QnBZ;-FM{Zr~OO5}uNg%F~8;ZW4P9*of)(?4q zE<6sW@Yz5%yeP{{CU*G!;e{NvStxBw)W`!EaMv?VQML0)ZGdBNGI>!lybJfu$NZTc zXOD=nS>9R6OdxzegMW@%*Ly;~7@oZkt(VPD1YB0BSq~!T@D2Gv6$2tJB2kw_ydm#e z&QGR%sTNj+Uo-qlH|ybloDC%<%7r0@dkmA$LSm)XI>VSKDmJfM1jNq4=DT}Q6miRu z!6r%`4E#OW8G&%$nHIfrpwAesz*67~I2|+RqWvRLL0TjX6-oZYQz?(#I?=zp-9k z#rl-{EB?U1HXkGg*y_m<2s@JT`&p^K{OH;p3mOd(~btxQKOJZO%k)n{v}^J_U4X#Dd!?RYQvKPI0_~ zguO@Ygno&WiGWNYP=K=pt)3!wOY4BM5=yOk2z(@<^MM-Wj?><1B8ebAwa%OZtk5;4vZ6k8Xn-zYS9+sdjbd^08f5y>2iOxH71PG@ah(2nDoX1Tv*W`^&J)-g zEDqjWnCbhmRn^C(8V1k&nSls~>8;irsu_)PfYGwGPN0nk$Cjg!yn_qez%`z{R0@K@ z^nw~DeDk-BSTF|rx@SO;PN@g${Q+QB#;8J9k}%4b&lgy98NdJYd}I3DSV3n6ag!X8 zPQ@7h=qMC#;INxizabKf5Szo8bnOpib@YMueucPHy`>FGxQ%HnHiiLr1NBuGVHlF+ z)))D;t;bCK^wyoZJk{{`43)Y=WHtslV%W`&W7k{Uw*LJ!?kntDj(|ab9C6tT`{3$v zExhHEVgUe@c*SQj=Nf1aZ#06kSoVNw6MNHALvAnsd39Zw)%a&pkyH1>$$PTUwe_GK7gzm&Qu>a4%$2*|YX8x>}*79Ys8 zhv+=_k}|B9uRS`jd9kJ;86iK_R@^T#b&YvE-_RCAEbs=anCt4o@#B#eS6qC9b(z?FqiHl)cK zmsm}Ej3i?5Yl22E7Vwrbjzipy8!0ybH|^yOgOr}5%|dbmg!Eft!o5%Fosi;jKu7q; zaUc+3HgOOHE(3TgOVJaE=QuzVpMs_@;8=GbE1EqNbm=W;gX+K7bYl^2s_{*IlGZjxU^|R7c_S?YvQFOXQ|G&MdInx&IDHvhNw9g_mNB+dlj-Rk~E3*kBcA-5TAp@v<6?Wuv(m0X$Gk8^IW8hSZKg zQri)hhlh1=6u`x1!Dq){^eyff(yyW)G-JQk?|Ax^&AUk#{ES$cL650LJ0oX3$||}_ z0ietMwf2YqbD;;Pq|^t6*d32SZWheMCDx>8FU+bF;ykbCfX)TVOtD)C$WO!EUI|nm zGNS-rz+Ltahh2ouG!>D;(Me2F8dY^G+;A@BV2=u-(BqK$%}~pBZLaT7=opYBY{==K zOEHKXWS|@LD+W%d_r^ie%uurY#h){R1Qv&q#hYMTt5iLzYj)z0qw8ICiL*d6aD4@H z3E*!={%qaYMOFX+HcrqwBbc^6VzF{N73~6>BTUfu4F(lO4{!;JUd2amGJWfquo&Tt zVC!4O$YG|5j#fEJip0gRs6!o0!g(*!S`GhXQ9U;WV{p^-TQ3zT+qYHfd{O>u0^x*g zr!as7{&4i=dW&|&0>pr$j$+2s+V@|Oz#l;cRbF$kOX3K-aV-U?onJnd8Hpx!1iJ3{D=<0;m3ZX z>B*)By|E>j>&j_VPX<21Nme}nY*~*+ z+PS-Qf=qZP0$wI2%fFPKpp|-Khbnps>_je=Qz5yi!6$*ccj$8!6uA3E;FZwTbo zI8&}x9#>j$okBkS4|Is4khGt9Q4;?ShECQf%#sUP7pEU^`2mYI^aEznyRKNX75~c$ zL0bkE8-CQJsi1Dd7r4iyF*U^XhKE!usF8Z8rx6v1r(LL*Xb_yh&=k&5Pf~U%d}caQ z-U3U3DTbq=)0xzB#)VRn^y23OHpJNxW96#Gl7qX@;0oJmxv#aG-%_EjDy*WdE-uHW zon%c&c@7heZ`c}>r(+6@zTeEzC%Z&PF{RkT*&@D7Fvh(63r ztsjOV#U3&0ZLwoTSSO6|-e2)m_IUN;v)z&$CxyX>XGjBt#XZRit_o=Ca{+w28HbX% zNu9%ew8V8w?-A}fQVV|Bb(Rw2uf#^#puiCBN~zN(LIW}$I-iRFD0oGFCd3&17kUotI#ByA<`=NJila0QN-$;RVsdlrX{@vUz7($vk5)3$emL z#{32IBMjyhJ>^w~<{U_~;r*|!b$PgIW29QhK6vjiH#{-Vd@OiP`AmSeIwx{iKb)TY zc>{#pLQ+}##AUnvOH`N=0g4r6bs!!3jk%vx>e3>9x3E%?@D>Zc-#LCG8^8y;<@$;c z>^M{uF?8U@J>+-E$wFpaNweN`L)e+`@4!`6g>#1H6^@?X{ynn;edTD&*q{dz^tJ~N zrkmVd|6wd?Z^f(SZ)bR)kdr0U5Ds8Bao^6o9%?6~ctoh{@Vbg<`<;5+8}+1Nk1lbtco`E$>A9T^uD9{5RBJ3ms_Okh`EQ4@`OL>K^%V`yqaa}34*7b?@1DKkHZK~y#!=?JA3 z)<2VK^K5w2c*MlWi7q9+F9TaqNcj!xxa*T_Z3K}#Y)LSz z)<^*j{Kga?0a{t1Ct0Icl>prL0Lz|L1>nwaN0|tATU)X-wJq=?YzcdIRc5f+yM*wT zFq`2%@~z?0i{F42h2CHBD-7UB1Nr|GJKc(p#j4(o_jt&Kmyu@zn5BN~b9@00&gT*p zKd8cXN(2YFb}UOOgc>c7<))pva{+lEssc7{_C;{lc&vl`n}G&L=+4_uckNMb@PNzQ z`lAqp5i_rxG|S-Y7$w>c9pk~oQ5TQb19$MG)6=XnkSfRt9v=_{I{MWS@A*>$kmP=- zm;Xc$l^-o({PC}_$(ZpA^73J0oh9tG5mV_K{5iio1;3l;N+BF@2CD=}Nz^*suETFL z_aPrR#u1C&mSpP0#-=X3y7hCzzVI}W$WY8|MvDPq0uR9d7FrlJ?MAi{py}ftlvPDF zN!mfhy1AYtyp)Du@A8j29unwfkd+#s<097NNonlo6|pgbJ}(7^xL`*d!o7d2U__FX zFwO@k3|QP6p)#RGU-W1$wqkDRjxvVN1uC}1I_9sJhW;&xEOT2KkLgc`V8EPfenr{= z=<}^p5*&wwVKz5wrTYBeUrVu)U_;+3G&oiznBCayF`QNDUBhfK?0RR|R8jWlSWvn} zAavY!E@=JEba?@yBcL-BQ1YhEfX-^mj&b5{jC#8S5~Y;X(tR@9gOXS!Bz9`Q%`Q?J2(m>-XQV#d^pk zg(D&Lyq0udsC(#gKA@T>>fP(oqU%9)yPcXm4+UeA(cV3dmjAR>IOkQK1&=L#yFLLr zxel7S6gx8}DBO@gK$Y9e6DgCtY9hCBR7J0?&l0|}S51|k{?rBuZeFo5jIX5Z;Lz4WwqflkXaDJ#ANbi5xvXbTXpbKD`a z9`QO@`j8Kp6^sA06K9H@Xa?r~#WG}8rl?aS9La{jNr<6BQthg7G?_sviePRX(FCG6 z#K1qq)m(KEP)1lLfpn7ZLOdi^fhdXBvv=vCqpB(Zwb!P}Nj%)`lb5oAJ|Cft&$>dD z^Xj}f(paLW7R>V{O8_^$#xSPQDA)2&u_e_%RiDg)VKY&a+Ou%oRh_G9I|*2aS!fct zm|?L(d#tA?Z^-t){?4ukVymM&H;xLcu2Rtc1{={iTD zr=3IsTXFmX@h%>Yi#S<%&lZ#a>1}d|85y)xe)2=p;tW`%lFLlF$Js5w_~7Tl5|tv^ zk!M}i_v{a!2%*Q0SEOu2G31w){UlE3ayQ{&yQ;=#t#%8t(`$2F_h7hyu1ot!?FM>26FU8?ys4Ard8a0EZ8UA$4 z#VQmVHrF+YOM2}P+dR!aSvnXSmm^Qb7-+aJ_@%prZhs|#H&~r(;DX)U>TI(&jMH9x z<4>v*^w=(BNVr5M&sJ2^y3nLu>2e$DbfGiM4ohHPPI5rTRMZwe?7`8=ZugFE%IGJxh zefsN@pK3%!d%zjpxtHgND~EOWVs;+YW`y5`1}~jIpr!Io2WE9TR3B0eS)MrKz12G_ ztxIcGN>)^3FK1EF@0{0H3?ScuN?@@pr3GvElh-0-&CdUzFCnZPkH_yvg!@R)KkZ!5<2z z&mc{TD*#gI8lN0ZpDVc=gQv&N+IbMJu6#An2txQ7A0`1cOB?j!@H6hI;Yj9}0TAh- zS0GbFkfPZ;+kM=m)R?Cm6t|Da0oV=yLc%qpha|}pB%*cxey3a{nyf=3a)^X+BU*W6 zB%_<-S&7H=ITF~31aLuK$}&4MIKJL?}$~jze zN@WKDjGN0n5g+-hJxFOL;6U|kkTWH3w6=LaLP~Q-s$mGF+yX-HP~DO(Tz@G-l$-$S zs!J-+#z+f+UUt@vHyCR_}oz`ic(fnrQeHRT{w{|`{4Zm_Rf6bfw9 zN%L=qHdIbQkN{&QlKvngh?<$4zU_A;wkfm6Gk|(1USO!THM0)HSFMEmd)0>p^O}K= za-)j(Ti4$arz@xMKuuwd-Kzx#nY!rfza!vzPIA`-0mRbG2pDu-Pl|b1+4?hudxe|^ z(DNESB_`T*2`5Cj^L0Ue;fQ|MFXA&{zRrtKMSPAc(7I%dy2(dmj2MuIHirq8TSiKM z!fN1$ajzXhk}k4Q$JUvoWXg%5;!<7g@Z8BLX13=b0hm_J5SUYn^n%B8&y~D3`NE}H z;Qr(tez1J~wBvhCN?Y&*qBzanN9IHz z03D)ovD$Xn1qYwS$Q;!iD9#=ZeuF0Usji&{j6^8mn@satFu~6+u83sPJ6#l_!g&I~ zw4s|s-pI@j8@8nr1wt9)ZziQ@ka!sjtYjr)%+ z$~{dfX1md6>DVadz$OmDCJ|f!00000GrxaxM$Y4<8`zU)+E5bS-qu+o4rS$U*GHH= z0K^a5McxM3YHr^F5ci)7vj}mjS%GeA000000B|k;P{!?z^qxAk!)!6AG5-OvIgowP zGSK+8gf+LB+x$tVfT`$bdaGy2QhiOha(l{)SN9h$7ISU{tUJ#Kteo+;HckJ!$P@e7gSR_6-p}Pnm_fP`=fU_5nt~8deWCYr{q^Y8_ zRhIufB%(yXfZOSZ;r~jCKv8c3X#Gx;2Oi(m^IMxDQ5%aP>l*Mn*@yVu`J8m;#p`V* zBp26AXtxP3*NdL;VGnil3avB%1tG2_fwU89W7MT$ZV!}T)@N0uD%HV=S2$Pb<}7}B zGTidDCh&A}nQS{FIy!hOQ;>U~9a?yW`(R3F5ZE^v#4vH&_T zl{_!VMGR2l(J>ZFC|bW*6r^Oje>J>@uPghW->Cbjt0y)UcIw*o?-!l=A(?XtF(gU> z(3)M{1-$K+9Lhd5!%a$zNJT9nN`6-tTp4Rq$sh_nW4P}V2f6u^XO;N`b{Kbx7`b80 zR@kwbTvqEosQ0&ag#D*}y;7;+C+9yGV&M$VXhJ%cXlh@)*1iM#OD-R&C>%AvKM8ix! zb56^A(E4*3{+BWdu-@?8u~+iLaxxerSMQjNQpkg*_2l@UtdsnvRkvXrDXH=m;6c05 zwMuzI3XFTX7`J8bOA}@jvGkCe#Z$i;9xJZpZiI^{h=({KfOK%~DgyDLD{MH`f;l8M znVA=U>~U5?%nYAK7K@{v^-Q|3{$^CBZs>E0rN11p(!uf0CzfE7rYpkBgzc*6WEO3N zn17Bpw0Cd$b1`FU0+Ti>^$o&Zp-UOjwJ9HYly7j=1$|OBBP?)KNS|!*tFgk=UdRUY{Mf#| z?0h)D_E~&sR(Y3jofZksO|+uy^A3`657a>l_|2F#{mZuaHfni%`fWJw_P&jJ-;atS z&d2kOEZ_rc)0r0Bn@!>ZP0xX4BN~^kz}TT7u^LTyuY|YJ)Uoy$Q8i1$G{^a?39ALJ zklnXssTF32wPXii)fZ$-2D6gzuAkYaD4FcORAB!{Z zCQoS?_K94^D5|?RI1~d>=jDb&Gg+`Db6P#|>m8Gg0qj%nG%1`tfWqS+Bf`?FYay4c ze!$iQbr16d58X}6kfY^OsPQv= z5>bdm+upCj(r-_9i)q1qH^}SLl>}m2TTM<6!AStY#P*6Fym-#}8>*&ik5H!l_J-_4 zSk$n*x;Fmr|Fkphe0 ziS3b}^_vqv^ol8!zzs*qJ| zRWuEpR9)|7(hWbaN*ZdSoDmrZn<)zevmF$Pnq9Y409AJlinm2?O<-AP+P6RH>jc(; zG(B;sjWkKEAuH0j~(<)nh`H_|pPa zg^^7gTDy%1{Px-va#*9L?DS`34j0vw0bMEzXy4F?ncR4?KH5}5_H9|zoR;^ z2@_H@o|;Oa6iFMtrE=%)bvRA&dR-=TD=t?iBH~TaY{8po#S)WgIo#q^cdg3rO0HGY zg7SC2{GOppwpmn{HX=ij<~;tXFeKFcUd29YFWc0XdawNvi}G#r@N55EpEQvzkGY=r z_=+dGV_@3D>(0he%F&v}r@svua-IXC;0peRMeoZWLjCx&RhL|k5C8@7q#BPWWI3s@ z?(*{7x@(x)abSeK9ZGIHlg>EWx31R4$kX`@t>%6Cpoc0ze|NzU7#j3t1@TI{5N|w& zOo?&|l)9UY3FUUy5)zvqL^NO6k;QTWA4o)LYXT53S6tvK9D6;OK|_}hSvge!MgQp) z`L)=q-w>pMmxLaf%mByW%HZT(S&e{$KE%VL`kk%PLX2hiE&}#53P-va*NFJDxK@9Dw&!La{)=ri$lzw9Pq^N@>+hD;8-ie zVKCqz@w;UPhk9G)8nO%D&`Yql$M;66K3D(%4CZSaV9x!dhgX`nFhrpPm(XN43UK%^ z-9+-$pN%XF#HS#`cU?|s9r(gCHss>`cu?Hd$@jhZh)WzYA< z8&+;A2XHeJtxUf_|c!gL7s`rLBhy={&%Uo6scN) zli1-DIn=5Fu)a&F8F*K;vDDc-5U$6`K`iM~b2}e7S2gHy2`$p-M=@H53|{HuV36o0 zvBuR!j6?ou=j+@2mYmG)i9SR-e#=2|;vHg>D)j+5{0AurZ&xlS@XVM~Y4TT4c@#V6VsgL30U}b%Z7(ZVsa_7yBB)w#B_=4P+>l28Y@Ty zH(g}Q=&4q#^`lwI_&Lf236iIlM|t{uWGQrMtY?D&&UWGp1DRv6w_9ux9cKA;YtpRo zxz_R>(;-RcOtr2+Xk56stF|AM$l?!akQo32`)N6HdRFDowh;~yOlY)|9t`V?A6^S| z--%zbtr_WQP>RIH2tLw4&IA%3SdHkm>yPGZ;MYwx_}ym$B@T3?&QdD@Y_3$YPf?Fh z-pHK$ew776q0XbCNm#`m_VZF3Fq-U_Sly9&Cft>`x@2p$Sy&BV%8h_TPDNK zS8II+`@M+Gvu2WM)5lqQ%`JrU^~!!aRMkISF-jK_D5oh;#lw92s8{)wLFmDY3B-Vp z&2SbIG)qmnsi!y`Uylda&mxW0O*a6)skT?^11E50_AQi-jw_hedjRkJ+(v}INSfc4 zxx1oi;Gc@9$m196YsMPMqseo}3a`j3T!V(_6o8Uaf}01KONpxhYW9(`>D%?k>UK(W z*$|BFrNy8OdU(atiBz~lYJ{9)dyxTte6u`LWLr#m7RlVxdmZ`C z)~9R?ZEy=G9=X0qXy#;XKhM%QOL0ild8Q?Ze!F%y@1{puhp&j%*+HwaIM|E!>nlBw zxTlTw#g>2T_|iCJF&U+k7pC(}E86ERiPkHWCx5l6+2ku(SVxm^`aSvnmU5Ryoh9d= z{M*rLzctOz6%+}S20$uMcP99;Q&5)`dx!-i%V5Bz@K~BLE*8@Lg0?nE4s5lU8 zEj}5-R<(6=peAgoe;lhMGbN?em<-v;Q{|F|ls# z!^cY#wRi(t?i+9vkc=evdl@2^Si)FV6MBgC?nxmf;|Gb-n617#dhB#z{D8HXkl&zx zZrqj-jH~0X{u%sbJdEGl(O~RjR<&8{qruI7=K+G&;ppEXLTzs1~P^WM~@O|9yG0dG@Ccgj-i^xRZAe^Zexzi+{H2yP{{qtD4Q}q z9z(~P@eFXbRP0r{i>U1_T5}kcteSJqTIgD{fqt%OzkIps7=h>26+0SsGwC+jyP(Ja1 z;le9At!5DX74tVF)6}Kgv!6MPerGgP883pt^{H-`Vd`_Xo5*KKSm8hxud@6{%Q5_z zQL_%+R(}GKsJO>o%0xrtVHs8wLa@`OwR^fO5%28VhR(@8QDUdFwMh$UwZq3oQc|2J z#@z?nsnejhIwuqe?}?G^R8iAPxM1LbICIulVF zgyst+iIbZiaLHw=f~7wRfZWntuWFPRMcdbd(=DQ2TcdDz$6V!ah@@I<2!LwxCLFQtqqYiEZw6ps6H4M$*@z%@+O={|TGWiy>k~-(VI;*p_&yNI z=c$37teGcyQm;j=eflyk*QPL@d5S7$o`pW2wK3GDUg$U9y$>B5`7uLh%5c#hWluhs zJ*EcFa3YE<)E9gtOd&cOImopQTPmP=R{$!&P#cb=`v8~h8^W;}4(&p9GaEvE{>gVw zp@N`__1|?vT^9G4wQW~*w>JYouA4#-;V{XUf3;vgfu+Da4o#w1V&fsofNm zl&bqr1cO5N?e6_HfGV}-pTw5Yj%J!1$2TAPcHpbNnsV(cT$eq^G3_MC`Dw6wom7^_ zZTJ=NF8SpQ2!_3C7z6D7klEFb^hmr@u}F{ zl^&D(+TfZJUgVHpyc-ZUEqNV7cq4#JJ9E8?I}sx!%&{LRkl22h_)CH&@&3iX`*=q} zCE6%AM+~*C2j)5**;`Q88kq-~qUict(w#w-KyzD~SFFv@WNltwUqaKChEblCA^_o~ z)zkRo5OR;OLfpGA>6UfMD%e?#IK8#g(am#BuGu%At?6^bsJ~-H0Y}~d*&Yi7&m=YV zrsPk!%eWddf|DnQ55O*o@qjBS^9fQYt)X1f8^jfOO+JGZ;yO7HXymM72E-THkdC=a zz(nVECQ$vi5MMm6V-H(4Y*z^S z4ja?u{HEr2KYr13HI@W!?ZJlFq)bz5sIxVayWG&JdES#RbP-mPAmSaBUcVb2BUB#( z5Q#;KxOpQDtqaDXVbQEYRxHJvX*;u?)S5}%t518R646TsB;^$B?}`4}W1U0PFu16s z3a^ktzG`LC(CjVi!=<8EF-DJh^(&vF&{HbEQcjq=H6z zw|x2Qre-v>4F(zoQKwsv=j$3WB?VZ+V{>Dv1TYl?u>V=@w)|(-E=w1gQYVkc_S7ya z@_3m7TLK#$w!xRad}~RT@?dHpdnrMN>Gx3RJGNc)R$V>*S>;gZ1_!p6+{Sa(FZLtk zh%jP=NpIgw15b2J@Yj-`HlLf}s0$D#PxwGCt@Q{{gHmOSo_q}*{FuhTDM8(*`UrWYXtgYxXOASM{;G1yM z7f@uKO%r52GUA53sjmr+yfCTPfStMx#Ya7=g#-bzm|IHx>LYgS!_VGKWB)2nFzbhF zw&*y3svadLLlHZBtH`!6%%zRj7p^Z<7_mBCj0Qfur}3qznv zkB3Y75wjx`*ZprunF85FvSGW0T!2nqmQ4qVvLT^_qE(Jc*FsP;zfcg@^ML+~R~zl6@cPgOp(2sx#qe$anjJNY zNmZq?g2F?ADYeyEB(e#cf~OZn}y{9zX=J95W?Ii#wuoW{xN3Y zp6A270W}iP8_~-bB7q$ih1l%z;My1IGjg)xxDrclmb^09<1yUy!>W))h;#owk>ynZ zcnr{)#94JkjBpJ79ftR+?|L4_YJgGvB8%7#w}BF)F!|ABalT!Q0RR1;89IEXj>Ro} z?c&zJW!EkE4!^jqoBE_agGroiEeF)O5z7_a>3gM)Z4Iwb5!*kZ@Bl17fGqhx#3e5g zxZE?$M+HNB+5UtN++w&WNnGWmBWR`eA~+t(uwC=!F{f1(1`qaYIOA&Q(5o@O9w$_O#a$ZNe}n%|HMI zTBub#%o?=|!0@Z(Q~cQ@aYc1Uu*}Y)%L$(E)l4}$l18%2K&Qo}vMN--peDs$IB~a| zmZ;ea1)MBoplNjFAK^uSxy?z7-)<=bf^eUYAx{iN5kq%FIN-IgJIQq~FgKd#ZkqOS z@W(;%WU&{ubi8QvO9QE%zxdMoO6n%QNbxE-U80n&R|~HIQ0Ii_6gZH}H%7Rp+d(da zpmMm@E-QwH7Ck%R`+kS}+qE85K*5)XUfJ+}&x+f-l;xkuHjmerNNzr#+Rt{R72Y4r zV@Yl_HhMtm=$uavg1_CuzmmnQV27`Pj_tyFK{7_`l=b)FUs}`kI0d9vnsS(lE;Pfn zhvKBM&RklBAtYsg4a|gnuCT+a(--QEp_ry9gM68A186vv+C+Sq(+hP#-9fG6cLF+_ zC8UF2HjB7t#xn4lxjUz^bZ0v*COsmzo+ZzpXhloT@lVC8kr;{_OyH`qKahCu`C)v( z>*miRG8&Zo0vtQmxCCLqKlcdxTQecPcnnwa780DKeT&6f+L^@fOi||*%FOFKrkP34 ztAr(nW|cWWCfSPnSev(UB1@gOPHnURR?5LVvZ8g4J=2 zE{70U$#3d6MhL`92gsv%5eM~L8)@;JhmmFR%6YNr;(m+go_dK92Z9`r=c!LR61G$^E60l%|I7>CxZNHpfYP#`&o(+Gb24iUz=_udDO<#D{o{&ZRj zOI{>`qT^CjajKj=Ytr(NtlJ6HU2n~?VP*O-8y<&xUdE@Dk*=OUSU1XbkNqz zzcE60Vfp)4kvi9$QsxWl2!g8*W#z$oTu46>FnH=hJ-Mm|!V>Gauei4#FJ&R1j^h7I zB1|KW0YZ5#?K$OZes*AgYbk19AJHdPYXw9Rd3p zx#{yN?W$uBrRl7Wr}}gZ*1+SydeD&Oxd28$xxeH~Ih2}XR3zPnd9>ASr|KNtt$Y6- z2q_|^N$G2yh9M^sq7!@;=-LP5)*h&M8_ox7;6Q#;nB9fm3e&&-eDxd za|tN$aC9o#;r(@y{7oWmo?o$tqwTT$`T9Z5U*v^}s%e)CQ%!syH=rIseaa`DgTt3< ze(?}rvM#yDoce9cNYm1bO4~81=?CXh#fzufB`QQaOW?_OCFNpZ;Mc>L{N)sq#HYI< z)}L8KM{6^9`~i}S-b~xBfe~?skTpTzIbqPq5>ynB^ldKb0}>`M%b`k$QD};ezE(xR zl?K0pj8ez^(Plqn`qWf*#QGcrOMyQE`~St7mox$dm<5)Y8vl6k@C*BGG0Rhzx?~~6 zo)F8c2dUy@Yz2K=?o)13JZnzZKMRN1S!n_B}$^`$M*m$42Z>FF?Q64UqiEcJ^5C20-KnQ4EOFLr!R0AHJMlHJ`&fEf!L)01^#hulKmY zWmReie*KdX)Iw)I--5ZwHtOI@sgs3(lgaRM2)LiZfQ7F|2jMb%jhAv@?G=00c{ITk zWqQW>Z+z*qLlpfIF&C~n1dRK_pY3)Cf$4P#ZVWx&|3aO4jcah1hoiJEm|4Pa=f^h< zG@Lu>slx?lf{G3r@rNq7dKPZoOZw5)9hGc$2s_C+6Q~Np!jlZeU!fHPCLm}(fw%x$ zF4OOK6K21_eY7%V89G9Jp$Seog_~4mh(h^z{y-33BKFYXNqD`jaa;YaO;AejcM;?{ zy7{*t4!uO9SU8-Ab%(=2t`wJO=3U%{eK55>r{1LOseQ?xfB@q~;{~2y!4O@$Gwq>r zx{(!1jOZ|CTmW_JN{ddcCVrDNS|4wES_ip_``(we&PtbjjvUPEmxbdUvpqh{nBo1- zz~mrh<#4(uhMgj5!N)svWgAAn`eua9De_v>x~6~v(l8Z(lTI1l%sd%00^yEBY73BO^HD@69(dQ1-*NNZ7NsKtdzN)leNTSy2Y+%<+WlCso{r#lj z!Ws^fp0W=Gc^}I}s`j;lGcsFNFq^35CW1!vuENa|h4c1i`HR|p{cd1!5_qGSMH5JK zt4B?m##fh1YV>k*kkvMDOl_wvR4h3&zPkd2AO3u-QmFs?cyM>k9AH2_aLSb;Io-$&0qS2ylA; zJ&@VpuX<>D+r02flOEW$>Khp3kidTNJS@3~RWTUXqwjXG9^Urns3(qf6vIak@)-4I00GbrxhWQu6srRxepq?c*}4bPjVK&G+=x; z0Z*i+G4$0<>99jj$owc$0TE$%QkJw$3!q&+jl+nAdZ5&SFALM50uZgkJ1ML(=h~N~ z6g(#Wbeb{M#QBf429@I8VqW4%fN2Cq`_ChbJ?cNyJ5Eg5DU7T0Wjy+b1TYZhJRjRe zev4?KX8V=8R=SuKhU*^$T22gTr-bHFeOGIA=_d0^&e`htf04zw58?u`PFFYQftxhT z_RVukSqlrk{1LU6)-B`Z4ne}9(ZvXuAQT@5knySk`0V7R$KOh!NZ!4Om@`HYcyvZ+ zNN=R{7v`^w`jBf_a2Ph-P<#G;jb#ufaZi$O!i}Tojh5vf2z0}>h^dc&qK8;$ZVO3FMCA^) zmojpW64J1sH*KB!_!z%S-E8ro%d|c!!1t!&Ty*dHg5EU5(>m zp-d8aBmrE|pBJVq5vl2Z#?-B@@TE>dSdt=70n=OX6}Rmy??#cd;WV#xTlyZi+!Iyh zc$c@&js`e^Uys2mt{vU9RHD_Qe5Q`}c@_evzlTc!)zXi@6J&-_>@;gH&c5#8cy>f? z#kjnL75e$_4+3nu?3o4oK)Adc!NBFBM9caxmTg-b2jp%$DK}byZLgh9C!_+04w6Rn zz9iz%MS%2SyI)uvS|)=6(qme04%Il^#?79$s+*TjtiM%$Ans;=+UIL|0sw3@kRVvu1gjeT-L zAp1U$T5Sx=iD6HYVYE5nj*ImhBgpD)8_IL`wNoYv2G69)L+;-$q)cNdp(AB*p z1ugrjw$1I-%B;CMRFfF$iZa9iOW<<$us@_ir+rKWB48CVImjaSiM}&&Cs_>qUskO0 zAX{PQ=DC&BsLq3!ym(uJ>N3uBrNIJaL&dN8=a5ry{&G>!7%2ftHNor$Be=TzGEY zIO`_jUGv}wsfrwsL-bM*RNE}}+KIPC?;sHDPE5oyB>Nj8i_F_VH{Z9xDVM#j1lnQT zqs~xe^`Z9tu0{o6_LI(qXfh!IJ6_6F8hNDeD4^Pc%%G=%pb1q9ohgooPlO;oDTaiT zwqB|%#%$J0S2%k$kB&scx}o=HO)LyVg8gW`MdX3E0Z=bpanM&4gz|^oA>bGptFa3` zTpR5LnC+UixN=s<9Te;8T3gU1N$?63gAeBiWQr`#$-b{=2GdYd;J1;UwmP4X`94ZxpbdyF#WFn8PqGhks|4C*0j>H@U;`q=S)r_y8HsSm0 zw08`3;*(JH;gcCAzjydGcm>xeVwG~rAre3c2Fq(BR!Jj+XnPlsK@WHdYSQvuMA2?E zXusrS@e~$pw1VL{g4*WPBhx2Ir3FK|b+-g>%K1xHe7|P?TF?L$9nUHSJVz7pYWB$-1-geHTh@w8$A`cp#s_?%V$CTjk6FWtptw&lh3ot zzrFyQ00sJDXbWSxyWF(tD6F5$M)GbowYN4ktD10d+2kPo;KxfPJAunrES@tcE%E)U za1ZyZ;%&W|U!cM)yjj^7`Nd{Gax@Oy7EDi73-u;FWdYRtDXVKMgY-ry2DmyoNBOS68mbieE!?Ej}wX89s3C( zg0SPe_b0Ej6OL=9Rs zKk`Z#5Po1-&Z4}^-wk7J|IyMSE*S?lw@t8|zkv^!TE81SJbA}kT~i9&KA@|?!;h=< z4&vYN1i)$X5O0^rVK5Wur*ghg+RY?6)@93ln7CPUo8XLvb0^(XDnXIJ(vp^z=zF=a z0nAZt&!bsqqu`-H7%BdRQD65w@seJ|*yf|@b!)pgW9RGy zgQWWKcQbXbLwaw)kWpq;CZPpLIVhJTGG!8zM~O@avA`|GEv$q>8fE-lvjlopWy3WHgUi@qBpBI@7u0gMKH_ zAqC>rS?W!EdF;)~qo&Tkmds7=NALH@GcN^u6sb%<9m;pFgj*zdm%>6XwOOn~hWg3! zMSjMSnLE}zH-zqSf8wz6`82Jdzc$~=ZvtTMf+r{62J1nfW8rS^Dd^~Dqb}b#0WFjv z0QnTy1g{&?pR@@^m(ojyc<0~I+?^HYzJgukD~UV8Xe*N6Vma{nfC=|@a13PRfqv- zpauLrK`IEGYOkL`*mGS}W|&#N$+4GnGqmB!v;P^&@BLt}m+7?6WQoKl4FHY5d#dX? zFOokJCC^d{2tv*PUBsZ|%yNud_o-6#&GnLXDVD+B9e;HvRoUzb=&6u-i!Ta(u43nNHa){LIf3{`LJi=`y0`4n2uLID0{QQB$~#C)_*p8_P;>oMxcy zx$4kzL&U^L&-Mf-vCmd>4KGT4#Chwi)5(f3R6$w@TqZrq-OK};D?k>4=%58;#*rzCreF%1Gt(s4uoHqm7KuD&clm)Ptnq#<(LjRwyMvmB!Qu zzPLteIW(?!zzSAe@`iGAhREmlb|pFCfy82bVX&NkQu^c*HaE>GkADMxk4}$!P?l~P^eq_mo3On zAD3F&^PUJ2Lzg4pVskZ`S8tL-aaq<=(9@j$Lcytub1K?prOxLCQ4C9?CiXX{RL19- z+;+qcO9$}OT!Dk`{Ql1lU`qhb}`tSF>-AB8iJzc*YMD=R#L|l)X&Z~N>JC+|2=aAWFDp+F~ zg0)>!23+ibEm8oO@-*mdEW-KWpRt`cR)4gMK1^3ty!7?Cna3Gcx8z1z zoPr7DP6ifcNS*MHg79zF-i&J%``ryevl;{TUfFsf1wJS|^~CsdqRWOd)}Ig^Fa2$5 zjf?yL78_N9X1JN1U4dGDkz5dQ!uVMG%{4*-Q9Vfedf=$zAr6w5J5cu&RARUMt;eWn zTg)dSxm2hgEoJ^XhmR&+rac|w0IMtl4nIQO(i25xO0aRt-;MDCfZuTRZSUTV!Keny_#o5{#`y(u zB59mk6Yby^J3(tz4HRqW1J_zs_@oUzD&>}(?ZQ2SUwk&fI8W?94plFqsDa-SSc)&K zA|C0bqPqb4KV3QGO#S#X9Q0G*_)Ep2bPCG&#j;7MfVK!y&gzMsIR4exH-_;>;SmeN zFB8NR9B2+ng=YuFjk)7`cnuFVy7aPXZu*Hav|{Aa+=Ce_e=v4bV%ZP_WaPKD!w#`v z`v6ysWLy3qF7NnL(swoUyV-8GE9S`Fk#=YfxiW65j_>X?IPBBZ)R{RXbf+}~qM7yK2qf`|b z5O|pHuFohM=SR!EPS|rM<3090i~49$b{eT3UKP{p5)R(c zD!J%mjt=_P@i^4beh|!nHTS7VXg`*{6E$&lVd9r8`AtN{|0XtJN1x99poo43EbtT+ zh=yc+^j&XLq+V~pPjeEct2+_77t~GC%V0UW2Zq@$w55g1rd5jcwUi7|pjuA&|1vjz z>YPGT=WVgVp9k{+odH!S{nP`xcFLFISvL{6|X8)gTA%{E;hjeJT-5gLdyra&Ce)p^Bua@pHo9WAv$C0 zP#^v5zPJ!xQ`5r01|X)ewleH1jJrKSJ?m+4u3}#^biYFOe8ZSwk|-U!a|3NT zHijHWPUelD030FXJA_jC{0o|DJjpmYc_53gs7L4w@Vm$%3*N{_xUcLueqw9XyKDns z+!On%ZWm}(d1&1=QF-Y;RpsLO2n|G$Hm%E-gzm4zb%B^dcoOleZ_g(c-XGJ4n9&Yw zX46!CjfMWTIgj8dvUAOtC1PxQj|4!ir{rP65(01-#M(u|nv;-h2*|_z;uK+PHTjGx zbVW^5y}#>(7Q&|^p4x~tFM6dlW)4^+b|9lS2Kv}U2@sEP&q5RfD$wn@Kt^ni6DVuD zE>mYGIqoGYd$H!{76eyPS_jPgUtFBq zKjUQOv01=6@V&;~LGdF&MI0~48 z*zLf<`zV8;!!@{BW|!M#Jr|Ps@B{^R5kp^l;9-sIY$STv(BYPU-;+$kGK8s3j^G$c z2BB|n0%QxuAp`61B91}J3 zcov0=dcvE(qKPeYn^;Fsj%D!b#GNu_SVvRsF>}rF{hdjq@R{@;zga%Sn^<`Lc+P{B zMnHZNMr3JndZAg)H99DBhxLB|=4H@|fTp==*Pp(lP-$u-bHp~tDdc<=TC81E_(kI| zG;>4L%@oG8-4k3Pjy>sMnhqX86eAHcF!a@r2IQOwM6+*Oj`uYYN#0YNANg=R)=O(9( zk|7=0(aUM zw@ob`MZ__=$8jsEW4DLfi1WX8G+R$$c@gfgH9c&B=6n^qVD6+*H4Q&TB8e9+@)$99 zsQCTe(lyH`&-0XP`89jdf>G{M7xl2pZ#oiA1^#q$0MobXXKQL7lVX|%Pcmi$gqM)( zgqF`ZOnaaBbkK*V5z{G7pv<%URlBxbzO*IIK}+T%E0*cwhp$DUdo|!oK0g440tZxo zLv==XS=`Ec`U7Fh+tzwG`rj#`ff@U!>;M@{fNSA3OG0mD9C#r*LVotG^_sb*#wyo z6e6p3Kmc16A=F{#b)^%v@{<>kHkFLuOJrX)xD)C{#|fEYQ?9~us2hli>2dY`I~GJ{?dkmzSCAbYa@*L$S1E4( zUZQhG{Pd@0TIA^HW|qTI;U}HOl`=z>eWKV#d@A9lCja%ebKyAYOFO8h#?~}YA4R{k zrG)kjEU^mq(?4OfgzAipIJWD+%*kDbzA2p;015>nDy}U+H)&?dm|8ozwdK{XtEo9|PhszPtLdVMWNNM#i z6ugS*L`ya!tgkKc$ht(1v0%fV`_S=*`Th0pAs zJSjq`3dM(c+opzVq^(-yQ3`c(6sToqh^om!8jcJOQ!&={ZyiQ7b%v5ifFJgh-9%5p zAS~b`nvXz#ioha*xXUI(i(UrE)tS$^r^dGzyfE#Rxi6(p_eem=VEauv$#$EdWNF zPA&%vF*l|Atm?OF$(jEnhn;anD06uqawg@UWyJK!mS;lEOWD0 z<_+@@--^n`$9ZD$XHi*>> zS65)DlaS3RC%*90oY+8emuB`7rQw13WXh8SX5Gc&m{~zoN4+4PnnkbyvK%~sr8Imb z$4y;dfJz#MGo((x&(|_flySM-$w>7E(m;R`tP~Mw{7xU+lwXMDhp^^!GRaW758&C% zAn6{pe@4Zt$7nkk+@!5Z>KVMx82GwCA>raz4}fGVHxaB-i(Kxyh&eHXrtWqnst^}L zXze;1B*6Nt1cdMji0*6-_00NDED?62CQX-;ecl$bycKx<)srDp!I%jjlci@_D7mfG z$7um9XCak_2sp>Lx(odEX3tn?h!qf}(oU*j3=4YS2Khm*GQqAP+YT-L*A{9wN$4Hi z%6IM-(h5iMyFv8R6#QcLc(lL;rCr!+e#U4Uke@LI&x(lr(c+0P(SXwmgls7)xQy7M>Dv+mv&vP5?EE& z%!`oe9gF?0a?!^awvkv#~z3STw%w2y*}?c<5b5eI3ohteQ<&YKBP z^4dGW=vy$uSooo_nQIqTb;({qo+91{5H3P`ewLMjvi_e=xsnRYaq?@Ku+qYShY;h; zo`?k#sNu}->~vH9OAVEB#_b^Hr734enU=eZKLu`_^hc>>;i!fLQs0(+g{X-yw3S%K zPrtr4-E_cM_MS2c1`I|g!pOM&e(Ku^aCZ9G4E4%*_TycX){`zeu2W9GHb4TfD01!x zz?_N(4KtmLNP3F<@mwfP>W;kWH)WPI*1+s@^iIp5x~CotA4{LBy~QLd-uPD>kF%AKQNkcqaq z%#dP4fX`DzafAEkWe3Cgy~=4{p~B|geP+Lv-K5j1C9Vtx;6t3*#{IcW2NaPo6F`#6 zHg#T0Mc(zIL%2IOZ$QAM(Hnm~NV@3CsZv7x_jcOt69x1cRPSasst#=S`nC6f&?;Vt zp+&YqtmzaB)s5^)`fKUm`8)vhzV7b$B__c}=G_N>kMHei-M&uxX#6{ED+HrbYnu-p zN2?mI(&`h#+Wx4(2)bDX-H1wEh6?v0Y~W9$m_w^t-_#bwz`CELdm{A#UGXW5V9O~r z+4$n+ZLuhdVcn}eh=x(ty)c|o*zV8BcrCd?Hc2|&vQQ*BFHGbI?~4h^&1`&l^zP_A zes@D|BKCH_X2w=Ju6HgPoi7k#UH`7j!upe;xk`zT1n@5uHzhzW*#`MvNQp4sN1zLa z)~^6{BDX;QAp8*TltW##m~i!Joy)`K_lmDLT74MD34u%G^6{%6{@@ZAXFv_F`UqGI zpUyjxfc?{TiAQ(lhu%&ovIfa=NLKM{OI2zs)Fg&ih^q=#(}BvGxQf>EW#0`v-o<}7 zZJ(XS&R?2rMY|SDy^i9kze^z7y>6+P;A=Udb;yH=_bk$UcW&3CLZApf4MP918MYLW^R2T_MX-j2( zZzV|gpJSj!=`clO(wsjnO`rYpd#Q=MS_q6VTmrhqYWg@nk9i=7b0bv(zC8-_gEJtZ6{o{Q`P;CHmHi(-A{qwVzbe$S9(pN zd{i96zkmP5+tHy=O1ON*lh9;~go@*DKJ#aoYNV3;V>%k9=h@o`z_rhqeX7nTFQ7MA z)Fn4Eq?PKFR*@NL3Kz{OL(KMtU_$1Ek|JyIPAf7Tsa-`^ClUgMb* zrmckioB0yB_Swb3R+`9)@u6(Nq}3E_tp2hIs#_>fO?oArWb2Qf3n5qDf6#O*A+m9D zHP1HZM%aeKV<|Uj_#;3Yaa=H!he+7MzFPWd2{#Lp#ymkmSMfTQODtL?-sqs?UfX)X z#Z?wTal7`Q4zOy5!kcqKn`0gSdbSJ8w3&%Y(7RN?Y5pjgt2Ek7 zI(rhK6}{R%Jxd7;U}eZ{CqT2*bkhH~_cz5muQ*%HZVQ4X{^X}F^0A+iwC&J>+oA8u zZDmqH++5ES1a9HnxEzH@af&doG{t$1D7% zp~ldOqLm2|9|A}$z?iRY(+oN0I6pwlj?K%GGbTIEPY)t#0T?JGQZXabRReAyIb1@= z*0~lAJL{+)tikYn6N>Do%$(8-p_Fu#2*#|7X<{b-DXiTm69^>I`3Zo4B9S1;HK@#Rp=D+pjM+D?WF1i z8JV|OpbL#7pJ!cJHeBzXU#<>{X@#^NuL9DD{J+T`K6#~-&U08&qe^{HryF^F1Fr$= z-gHf=+ooY{yr(q0%`zVJfj`nfDmEtvts&w_yK2_@$OBM^?V>C-l7}0VDmp5!`Ag3y3*mOf3(ujxBlj-J(aJYDiG_-;tt_+J_i%nB^ z-DpB1GzWqej1%{Ql-Ej&d1V$y3MQkb&vy?xd_?R{ic7i|akt@+tZMqO`fDBsGg}~1 zxyAGwv3Ablem#`(7W=@6an@!+)Q<~=y4Rz7IqE_09zqVpq-`h2^aj5cEKYH{Qoh7+ z%$xT7*tdNu6v*1V>*k1->9RTD$Q&(CQTOBJNd;S<)1Ei?_+JGm=vWY5=S=j46IpvW z6b|<+Jf{_cdum8>Xt+*d>(#C+{`y41F=&Tf$ET6821UuC6fE_s7|=1`q9R4iyO{OP zkFj#dz+<6Z<*G=r)Cqt6kdkV?Ig1^MDxQcxoqvHOgWSLVoI7aiL0T6US}lxf-ize| z&A`dKL+z3?fn6oSe9LluW(St23K3r}t#QI1dU9HfqkRZl^-=UQ%JFBmv>MgCyfTcN z^}mOdQ`Ya>;8Dz~EQq{)T)(RpTjlNan~?yP&2pQ@yI&;9LCHaK(b^rM@K1Vl%bebl zjoBFmdM3NN0Q;BVj;9}9V#8T_k8z?LlLHPLxko=oQg^|UIl*du00-~cijV&H$&?tz zSN(f(V@*5vHD7@2BX@O4-Uw;0O+HBwYaDfpVF?-x*-S0wq41Pc??egPPNgR2!s|VZ z;OFUVGUW2$pm6`UrcgiJ4>k@qaE)!nJqoM7C>2?%m8{o3&?yzso_+hp=T6b1vjYYv zdFubN<@~l;lR_PF+|CJn3H<5JUb0J-C^V129LTFl7;ML5BOPxjt&6Da3>Owe8L`=c zE#U#uUlV`|o$+Ew{-dE`(W~}e3l2nMRn&rAb+j&)d%^a{xB9<&ICz zmvHY6K49FE*1{<-e(+>s#$=kyHcC#PN0)8dcg?1`fSs3BR>iyCbrZVHOjDcDM=aOP z(OlaNTnt0RTaztbo|5}o%GIB=E!172ZiawRa!)00g8|TtY!+dQr$Tn&J5$7^cmSxs z@`z6}hj}OT^{SfhuP3FKro(RF?1J!KVouLy5{ncA#Wg~&BzgW=0kldu72+%7(;c4m zd(Z#|2f-(c%bNYQoY-Cy4?La@q|J`oI_6zE1oG|NGUWIPfbC!4#0}IX9ieDw=pi3q z2Lb^N6Ew3L00G~u;yn0kV1NJ^ctq(K^70^>z_EZJ_f(`F$#^`(qco3E; z7Zna;HLa?y5hG*!n4C$SmhnRr9s~%RL}QNMKzp;t4JFm(eRNB$uy$x_q@b1P8A6D0a<#!@50s&4bHP|daZS6w9m|6kpj%pi9hjO*ndKtJ;l$A*JxfpJQfT6L!zM@i zzyceZim#BtcTCFAn^2sRFMZ1SNw=WDeWLI=RTaVqJ&BFqP=!`Eifd+Xw04*1)}A;Cr20W*#S#zR1aJt#|Kf^AG<(?*5i_5Ky%JX9>R#)v5rTG)in)*Y-Bg8u@hfZO>0@XXdm%r1NY1+lvMTP- zB?@KO#LgP$7DKUVFy+@K!|G?wPCGR-bxM1A?}WZ#kTD$Tqlf0|=|!6^dU`m0M)Bv> zADIxED{)xv&K5@VY`Ga~rb|IH z+lGS`4_wCqs3155S5SF`Vooh4y9b;Ph(fJal{P*y#Tc!Scv4kDlCAQNOevE_kC;WS zZ$^EsEN8hRm8%Jw^^=AkI$j5A(akg9$ zJM2*tVYk4!YpZ|Si`)LYg=dbscbt`rn8 z^xR(G3JSAwaPs*S2s|8RtsdHY7(mBfon~n_kA%{_jI-b6M|uh`7OBPVQ>BK8KG8JQ zK!QPqu#zlszLZ^FI*&oju-PGJS>);K?kMtV^cT$ME3Z#mAIiS{|1cJWpVq&4mPlc|GIsKJS1@C+lxugkG z>8tKq*-N9@KFbjAB+xVlF1evoFC3AZ7{i|kFy_v8^zFjL7h5(0r}k4SyV&iQF5n0) z(?qqWXq3P0?I2HS`pbf*k;i1Nf{j&B{}uJvzs#!~mYRj$^9&(a-LwsLYAM`l1y_W> zXH3`8DKtNSAkgRQ+5ZN1yN zuo{q$l;lg5-WVEqCOPqp@vlweU7k_j_ZsZW%l%p}&&yF1BgEIL4Y&S!_@KDzS3&H95>9)5{g@ z>`AIaRV}-Bfp=@Aad}!7s2#_3oJ-BEH<3uAL7+gl&~MwsSEMrJHrd06vg}qkulGXA(K90r znsp>0U^0IPM`*(Z^qXxZE8^qnQdRK^1^Y&`{zer02fA%Jx++I5jJ{=OwI@a&O>eUh zcsHliAkY}>Rl1M9T7CH#)z127n0fW87no38)pFv=(%=lH9*U-$uU9I$+9sa=Yo#eC z!Z>nD{Z?FL<4ritP2NhEC=oYds1)K2WsDgt7d#SLADb|yqmtbb(XN?iJAm5(oEv?| zL{g88GLfRD5$ix@#7c;H*EAJGljX^2awpi`8?@%d=0&KIMySW7UfPnv;J>wQT*bh< zSudfX|1f&O9wOAJz`Eg#x`Wz|fC_%Xb$+5A{0)Yn5?=LQRgZ7;BWOcuYaS%H9y?g# z#xTA}u~*dQbav@V;;a&nEJYf5(yfxWMBcW2P995iUc7d-@oVu8{l}mDZQc@j$6HhvCwbd3rH5xj<;*!If*^Vt+f_g{&xY_n_C!9eYLM0wHE;#Wj;#jWH$OK_IlP&yxkvRm> z0j4pCKlqhGf}BIrOqf5v@ z07+|_Tkq-8A1&_xGHDH4brrmyCT;uOo4cKe-@#^Y2KkHh4U-qnR9p6)@MivmCDVo% zFh(Sdo%fo3dFp?)hc?KOoC%Q#r;UijTSnh>p$;Iy0>tfrg?SPGMelDR%;ZRIgX_e$ z>x^=?36lnXSi_;NS&QHg21e+1!!@EL9;=9PXpe$T-(T!1Ik32o?buZQP#8LW*0@SN z!FaMfP~*UJh!!(r*AalK1VcwV)$@bV)4L73OiR~2OaICLqvz%G>ILLnejh%=?4wXe z)2rdkatc-q5}n?r1c^8b$%v>p!c_Vpq5>!mqi%}@W76U8qCB2h_M6PN-($5s04tRp zt8s>0q##7dGCP zpKy^Kz~(b_jOmPy85fmsmKLFqDz{`!66edMtz#~hq^K^!fbZ6}_tc9dinS|1vl+Y2|;Q+JmT=UBbE99L#`h zq4kG8>Pw$6YkoEQASLsV;11Ku9NceU)2@1rtCuPXjSz7OTke$l^81ww$L^Nh}Yk&DIDF@ zW8Z6#`R-rIdcd?Qw}Tia8bv>o^vi#t<1lo|S^M`pYRe&oB^l_MPcuhEoEd1;wXzF5iVa4HXj6I3iNMeua8M!F&$gef6i}N=c z>j3t3z!XHKmBG=o*{gC(1FSus@7Sh!u0w64Vvg^Mr-$c603E#!B+te}sP8vdr&dYQ zM$G`-2C>PUM@Kp&Pipsk`b~uL6~bN(d&)|y%AayJRdOFyYU%UhirUW#uYt_grg+;s zpH7Z{oZh-pJ$^HZbtflV5F2KEZqnz6C&#%(2pwI8+Op)lQ}!(M<JB?+Ufb$23Bc^1W#pt1Nj>MWtNPpF6kLCc`@u1HY>L8%=w5xf3bh9`mp^9*U;ZfoP}i`0Jll2a=AcXEQVu97p$J< zm!Z~K%ntp3W`5GorZI%7>y0(EAmCqT1AEYe0m?2=35$~+ujYPi$v zaIBazR^LAXA=g8qLIP4qy_SO)9~LRS(MpPwW(wMsLU^ zWQV|(`$!~$+ZyFFR}DA>8vhPOC2aCl$`Sx@ZG3jkkV}1XGNmE1)HHh3=e;K`DBmuW zIM=JB@(teqbY)4NxyEb#9^WZs{Fg{X7{=oRr#s#}Fs(4&kzK#?Ko5eA=cgM7ctkV& zyaB>BrP_3@YG(=Z2Nh&nno?7oXJBb z>v7kKv3Bg>nsnNtB*vy4e1*^ptgwIEigJ0w`hq;LE!>uRQpA_UX}-?T(w9nExCJ_r zW&q~dSsP!0{Y$K%fIF2^1UOn4kA0P+&B~YI?n~~rGQ}ns#Bip+;KbN@h(ub#ea#z# z45t(tah&wb{vN=v0rhb>SX?>iDS2h+Ndb=~+oDEc!*A--+%3VKCG9Jca!2>z6PrqS zM1MTKsj*!{Tz zdthbk#=?cCU~p_dvd~-noUNx3Wu^U_^g6dcal+{sjB9lwfJpbRb+kT{Pqr-Ea@Bw0 z0XQSa+?$4_Qg+Bk^5g`jI`>0l z(hmna+gsa+Gc9}7OO!Kz!GHPLneVWFBN{~)w=c_3+>_GIV$)>-p(E3CsII#eHu`q# zx8tXN|NUivd^+?`xG-MI=SW#zZwioryzFA5palTOKVC*L z0QqSr&H|T3ojdYqfX*aO?K%J}`?H#=UXfksAm|Dh??Bs(E&iYH@_WFN&mp!n10&c^ zEaVo9Pbx!(jcjuaW}F#Rd}g~1t9OV%h@c@!Un~vMgICjOiYkrkP+gj4-r_4}{&!f% z!yB*5vs2g&DR7m6TW_04{7f%UGt}?N$s- zsNv~`?SOAnFx{FExCc@Yu!xGE)C!8d=c4ndPhm;2eWxLZ!p}Yi(NJzWV=<)>_P@xn z(3cafD{r&xzQqE*+mLq-dB{fsDj8&K$(VlA>dYI#I0>7{8;sVb@+PYl7hF%gf^tR_ zl{TaiOsWN^WoU+rN?sG*W%7BDOP2QXMY6a<)1KWHLd+U;PBCk>F4(QuspIStl{3&) zIY|Ioc=?r3@D;U!i?qyu)fY;s!)|F$SjW_=Lx_GpJ-Sj=Pp_M-UM5}el%L;W(>*c0 z@6^g*bV8dHF(w}LTcXgmzlG!*y2tR;K!Eh`T_woXti2Q#zn1X@FdfpAH>c(3TFTs! zN>3V${jILwAjR+;=YNvJYQico#eItqaO`c?1J z>hRxvNhwf8n;pGSP$orW6_HV);El6uCu^x1nR zrNB7g!nZoE-=Ajun?~k^E#w`Srl{c|{Mj!F+ZLMB7e{SiXaF_Y$n5Q-+JPRf}(G5Tau0hmdjR@^?1+-sEn3J;zNKE~FQ$7X-A&VU- za)G3s>Z)(}`M;y{PJ}l7av~(t4H16W8FhF8;Z(Uq3VrVIPiV6GdP0S}85%e~G?u~$ zK+1jR!|c%h88kJ}^@Jk*b!>xE!|5fgx`$7NhS0I!dnO&YVc@w^nf5#X$@o9&L@*O{ z86+kmm30~r3t(;xCq!dGW0@z_8qE}hD$($cxR?vsf0CAk`!dS69Plg~bNV3GPh;9k!NLJSKt66Ffvip zfE|4X2lG~^qWe^cx&oi9cf1N|ffuKzP;y;lWmIo`S>biaEj2}Rg<=L9MD^8o-TAR( z`D{;Mca3JPiy9b&m@Sxc&byHjZtB@TE0zM>HsTW+V8-TL}Kk)55N?Yqjpq}n$$a9D^O`A^#j{JWf z=Ble-S+T92XovN}P17ABKo&1lV_&;x^8*<=@@0_zE^qyqW||uC{ak#iWuP4qdSlf1 zpmZV$k#qaXNpI^yY6Rx(kghNee{J-|U+$1{0e(7)Z|`9)%zitA=7FQ(OI85>wM#Do zk4?O|SJw)jEp!XMC`f?25_|^!y#$|PbmmI%;vSopFteG?(8RyGk%7I|ykShha-&cb zqra`FQ&Qfgg4Vtd?=9){0?*@pu=HW4mkgza3ng<~O0r_Rm%5EH_%%}k0WK!^&$0|U z?9Ka?+qIgwV=OxxRovBA4nNOg?+89{?ayMu6{1P`;+YtufUYWSQe>TNduQs(*DwT7 z+ZR)#7*_B`M2sue;G+~(L2vBfYS&mPikY!bK2%{9%ff7H2NFfiyuR4G0=#PZh-4Sp~CTT>z1OkYND<+5NaoqrEaYkok4JKZrNWq3;Uuh8v*54{uns z+J(tY$5of%>ru2ZDuL`Y)IX#{_v-$O_mFqy9tWRQtB)S`~=Hzmw^{>O}V?cGkZT5@*8 za9T7w1$BXJK||G}@fp~JjkYH3#goBxaq(Ec_lp=i%*VB~6Yp)}0|Y?QREL`@Y@>b@ zE0RgfQXlkf%!7qK=P$1yt9Es9y3-7)nZuqqSBqwHbe@y|{1oDtosW;W|Duy*M}gN; zw#qZ=*+>?j6^z-%y$~40d+@mBfaBL1(oh;j+F6)UJSh9Y*@3`F)t8Y6rX_(6eV;8|Q z_nv~Io`n%A(Hzn#STxmC^4w12)Jg`0^AzCNL5p?SLRKvna5lk2HzjOI?u8sU@{ryr z0O>%rY0g}184kX_X33EWd1{d+JRu$|qpAh9#^Hs`iFgf~q}kx}WM5tYXIz*qZ~xaXlNDbOMfP?KlEj?cAA+0<%A^;}?+^{~6(*~? zJ2bRd`Y0x1ov^D%xwq2EZE;-f2-_Gx95f|U)6zW~ zCA(9m!9k2l*9^62m6`yEZy`Oa21Wv9{@!U*eL|er`qJOdC+Ojyapken9M#O&i#y=c z8M(W!_8DN^X@QhQ&z4@9keo3ea z4YWY>b#LEspiXdJ#}}6BZNv001RYl(`}LygpI%gBRm--i6BZ&zz3;oopm@!G)c+h2 zuts=>6a=Je9zg7@zjSBN9sUi=u@j|d2c}xc(r&9g`7qYHsfz{RyU+Krc zz*a+wx{w>PYrZmx>Y*E>nQu|YFj30r%V)}k{W}U&nMVAm4L~-6YAbCB(%0eRlW%*L zTNevvKhxr;St<=*+W?O-3-1ZAx2$~(H)&#dANlRKP$l0@s5eCXlXV#KZL+f{G<$Fe z)acmtk&G2ih>bp!=~rnmR8C7S^&L1KMPg`lY6G-xzY#RYvR5$vDi+C5HCx6ln%wAy z!=s#=bsF!(yA;*B$);d=xboEpXlzIkc6sayFiw4%a}ZIQQqz$QCZx-v`{>0yDHA5% zEiqcmCDn|nO|cumPiH!cI%}AZeN9ZDpkb+R_p2=~w^%x{I&$He`9TYjRQ3j3`b(yP z-73iB3*{I71ui#(_FQtf%@!6sV9`UjPS$~2A$20d=tkQMA;22dONnOOG{3k6 zxU4rGS9`fL6g}wE<;e~gklUDTfUxdEaXF`;S5Gs^m8tUm2_i9aoE zn#EPEtpjD zuRR{MR5A)~79*2XqrKhkWM%{-&FAo98grJ{UX>b93Oyy0SR^XMCG9j=Q1rF>99O?; zvlJZzhGf>wsKyOe5A`JWL`Kae-lXQ{OS;$gW0@|SutG4J?cAB0mwv204k)^+xh=pV z;LhgsA)TT1M5IwI%hP$EO>4G>gPg52>UvI{JFTjgJ%unyu|JJrJMN_y)Bl&W5pkqv zxgJ-_7UTTq2ddO~>{HK?KTG_?s|#e5V(=wu3g0==T4+t!Zh;qv)2YhG z|4w@w8b#&Y))jx7okyOJ#wrO|HD3D%BD9cGoI|o(z3oHx1uQ$Jng#HuT&tZ1`2b*h zv2lNSIbThu+Wqjq#Hh8=k+ErP!%NDdlX12faJbA{Jy@*4trjW>}R%n8A#*+>cVZeI5eVVVe#;BJL&yW6* zU#>0-G$`GRn+%3dTaXt>29@{pXGg1Mm?#>bA_9=FdaZU*V|T+kX)#;}sDqlzs#Of$ zk)n2U_^t_6ZC1I7HA&oHQ0TbB+O$zs6LS-Nz||j>OCU@p-%}%a%o*;B&*V(0bFKAK zmIQtFvNREuSMZZ_E{ruLnDFae8(7f}&dbg@8OMk-af1z5TG_C{7){?Dw7(T>37gqo z>6Ohu0pi;}goId&Dz`7No)_>yvW`G80YeGu=!+c%LpZ=Gz^(od#)qni8#A|sAoZ${ zR+3fE+<;px+j6y9gef=bX4K3-^4&c&wXs~C1wW~KXc9i*QYZXdX4sq%ut6zOFnKIY zok2cVlyWxI*ofX>S9YX6Xx5j0jeYYz(DZ2eTs?6htETkHMs$8Iz3!1JUPbg-*YxI?7q% z4~0XX=O2Ioj~@pZv;|F8s&xE zq!rqGc1jiw6z{SK6_$_9g{%&?Vg5A2e6P`IwjSF{jdC4vg$?|-k@D)}%pjaLfPFTq z^uoOS5jJ=G%`u!C$IBS>z|90(3)RO!;M|n|>XG0mOJ@ht@*Bgm zY&3I5_-u^dWOhuM3jH*5W3qjDnJn41u)V}rMGhL{#|#IY;+1DtNe@p;DS`4Rgb$U~ zpGwX~`|1HyJ)AT;9md~Q<_dlQ_Ed_iJo6Wc`artNR`}#Va2yot5?mjk5h%_Y%wWSi z%KSiT{*C9FehkIxxy9;2_Ug0J;T>(UMsf8o%z6=4jZZIQnuP^#UGbnyCIO}+9$ZEe zHvr0zHDOD*8J|y5&NCh$0a+cl!^9*@pIn%WDM%G;S0}A0OmkZ*7>d?W0c(RA?6{>y z%zd8+nqY>_f`|fsn~#uO|5F^a!p@Wuq5W9AU(Kk6#11A5^4Z`bl$hV1xW=<WrN9Qh&oK{F=o2{~t3u~`?@r_e{B zIJse0!Rc^5L1=DSGw*t$fJLKjVqp3}?08P&{yYJ^|F@4FN-1I7puTr4i>g4Fsa>nY zznf@`=hS=Dhg=;KrN0?cxL6Y1MKMr1VF7i{Un@=M6$Rc=}~*KMv17@PotL>i?dnJKltywmg9^nmeV8G533FxkMC? zwM32;!~`C%MXwS@!xYvM%)s^Xbi}?jrP$lZqJIp*m=`NWpC=!!$L9M*qOjW7Ad-P3 z@DN1|q|@}4m@#TpR|PwHfq+wfb8TA%_rS(~9L#$88kNY0I0#bTr14BrE_UNzvE)3-{yaM+~YNjtVEvAZ3R$ zhy$dtScaLeNfQ0aU{%Al*Unv?FnXutF_jcLcH2lCEPk%h_jJhLHC!bwy2UsuK>W%x zoP)cRF|4vR=O+F$;MJdA1|ub?}EG zARzmdp+<52quP~Dc5KHo9=yuL62&0d4AF#U`dnTMw%aXJ@=8%-xR~N9AWefqQ(?Do ze2V>8rtMQFb$S1KgMzH^@J^|CxaUw!E>=gcdvlRS>K%hBb);d^TkoA9)yZ+dQ40^> zV5;0Z(ibemtT5#uLaOoZ5<(cMAg{tDUr3B0_Y9t->ySYo~?r|ZxXqH1y@TdjJ3vb)0p;tJ; zbIk}m&J z1W^7)Qnk%}9_S&R^`_XjcJfKJ-b0fGqnetgK|#DfB%ytYiy716HNcd9-9$v2XX}El zHQjtJk_URLF3jb|MtmSk9_M4q8|VLlW`|;a|JWZ0ZgqGIZt8(8c;H5En8Vr1by0DX z6ony%HEM zt%7HD!vQnk9vW>c^mOu&;{1%Y$5lGft%h@?y)4e4*ABIB)p~`A_pFw$1`D0yp)o4Z z*4nqJU(RSE5xo1Y;bvXbY_$|ZV7W`?V{w|+Lht4p-J}p~Y2?8}#~!K2{ z>?&&-P9n=yQS>%;FqmS?A@$7|3FNc|g5ZwP*=Sr8FJ>gSN#)UWxmUf`Ys*JSEGkD2 zhR@@)mf%Gdr-#N}d1z+ZHjx?EX@rYqj0(g)A(|`AaW@@j2G3(>>>ZI@aZ{&TcMR+2 z$Z}^b&`VP02>iEz#a`H`+}H)akLDy}{QfH7RW zB%c){E_?KD(Ks&)XQE93cZ}gp5v;B)L+@1$Qk` zf>!da$()ccOUtWE57jv1SEI#OLF*@?TWnLbuZ@k^QVy+Yipd^Tp09dss;^{5>F%4} z1$Zw+Roy0bGUWXo1^cG|9*~LAsRU<9o-AN=^aCTqewQ8VGW4MjhBm7fijTS2Kv=Y| zn7NSr?WnlH3}z`8lhG9-@rl&0cR4l6WM+pGy?m0X$Kj==iniKx{v_ez`$6KsCs+P= z_@8GfqjrWCBd}g)bR-_2U>?8d?!fIZbTERn+`di*g5e`e0b%HvI89Ks!`+uLdc$o3 zc3O?yC)9}qv7V#;N6+)OB$@xe-!@H4N&Q*#1nO6~{a+B8V`@4=oW+;w^2Y_`qj1j? z%#K!7I7}8}^wpq_wj$i{PVmgAO!0u+D3t%IlicnAJQY`pLO5$7__DNOTy+FuPGUk5 z%7)l;P=_A^8l>Q&Vw*^b#xD-j86bO8fn;UbY8GGl)=W}u-B0;ix zn!&hcvy~)0wT#dj7J6PI(qSc;sXuCCbA>%wtyZ)?_29h zdj7&i;Z9wUg?pKbhL%uSQe2A0=*AmWQAR#st=@(?GN@%=MH!SIoIet3Yhnn7DH-ls z3ixQD)A8roMks|jhOFh7b+mTgvBmX1xapL9Z50PAe0_E_@i79?jJogHT3_*}W|yc_Ci2NLBxl5dIk_dh}Cs9-yeaCAt+cdWne8T4c*x;n?n4ptuXY{A4~1g-42EbSheu`T*RsySgWSw&|61>Hwq+UzILVG^u#5 z-c=Gz8Q*333MZ)}dNb@k!=jVa(hUb4HL7_nDSpv7F@`~?8iV%Yb4p(K!JP@5Zhbtt zWL*R)GC{zmLI~WtY3(_U1?Zdh>WsIU32l`kPH-tY7JT5fvTt}EB>&p}-?!Fg@p@zr zB_1Qw>ZV_Fb}+>}Zm}pl)bk%i)o12z5q=HW$fW zY8E0u`cb>(ZCK7MS*2o9dXWztT41MoPboE=qXwz`XBRAJ%GBo+XT8>!Lcl}eu2>c} zYO;X&)J>$fRhjO?hj#z)7YRE`i1Ts-vUP$xx1bF*e>HA~@!;3e-dl(p5b@bdcMZJ* z{5*Z(tCVFjjT5SMBw0R4ldQ4@z@SXZ-4 z0~;792a!Dsjp+Mmq6vUt5tODcu~2#}JY^7WzV)Y#cVBbEnByg*1hVa{3ZP)7gjAP& zOvC~uUM476fS`qPMmbhJQ6U*^4tjgrjxOd(_6r9u_GTZkLr{2J!J_UPH{Rxe?okI} z4>@uv(7L&yH6n_MMPK!A6aNUlrBBifj9A7N z!jlXzrk+gE!fygIixF?&gyKvkQx9DCT>v}xSu|3{>B@{|d=fgd-}xZF>1hO2?#GB|r<=ufxF!t0P3{rAF3bK}biARb*jA(W%t z@sOY`Dlz*jvYLDvQor>1&5;#FunL_6PTvh`xNC9ifZXJ0Xxgruw9ybT-B)<{8_iCK zY%$JX55B(y!UURQk@B54jP(RM|Fbm)ngI-v9&#X%~sV;C92Osx#X)7ihE}6eR1{ z`g8()O6`=hOHdFd(-bEw3ev+&12>qccnx*_Kg+CL&Hu}Baa81kY6~m?b1K;K3_4&2 zxduDAh}COfrw}dMeFBAihjhPBvAQ6YwJHUFDX(Z2=XX1iBLdXcB5eaedgOSRo zsGOJe%PVUnO#3c%MJAC;fb)i>#A@(-MvvW}cX#R!;*x;cW`*L88QE~pT|mtBP@&sU zaCILxPh)e;Wlsq!2|$0?F<_AnX`eKwo(v;k47+{)wrc>UnmIhB@D*=kG=Msb7F02> zv3ZUZ5Y2hlBu^1SHb2@}RX*?vXMDf*d)j354M02z~>&5C2Hel(flWmlPsD_hc-1YrrJ#YqIjhT{tsjSS%|q+&D*_mG3$4&-o8R0l0`qlo~I?)%hnj+(R z?Za%CP{*&?Om

KG97NPB2QDGS$fOB@`4q+@5%o^CiL@R7~~s|M5Hd3!F`>@w$VX z#6>yMQ25I@j=5^Cl+_JE+rFqw=TzTqIQHJ}U^}QA#h{(y8Blr-MC#NwZ+SJ=2=cWd z0SHq+4ZO#<5c>1B2Vo-XGa>I%F$HW7+|{4S&#unW&r&O+AOHeF!4BNCV1t>{wEfC% z^l}FgKw=R+HG|3=QgKDcYy&kl7DJBuPGwnjNX1U1$ywfwqMx1;@)=f6_>GowaVQ*q zs1yqt)~{SJ5hEIOIKY zR4k!nk8V&238OKOsU8!U+|`pED2ntBEyalQu&tH@DtRl9nBC3fr6bcY_YkROLYdQ^ zlUGHOXNnd?b)&%uAcd4nD@w36$Ic{Mn$>Ff&-;g)zIfGNN#ui|kalJ(Gn|17*1B52 cnA#T6m)dmE7_xu>0000000000000000L8&C4FCWD literal 0 HcmV?d00001 diff --git a/docs/proposals/proposal-trigger-and-deploy.md b/docs/proposals/proposal-trigger-and-deploy.md index 2bc9e5a..441cac1 100644 --- a/docs/proposals/proposal-trigger-and-deploy.md +++ b/docs/proposals/proposal-trigger-and-deploy.md @@ -46,6 +46,10 @@ pipeline will support more CNCF projects as they are onboarded. The proposal also includes considerations for a phased implementation of the automation, starting with manual triggering followed by automation via a webhook. +The high level architecture is shown in this diagram. + +![wg green reviews workflow vision](./files/green-reviews-wg-workflow-vision.webp) + ## Motivation To automate the trigger of Falco deployment when upstream aka origin repo @@ -59,10 +63,10 @@ project, in this case Falco. script to be used - **They** need to define any specific requirement for the project during the benchmark - - **They** need to trigger our pipeline when a relase happens in their project - **They** need to help in setting up the configurations required to enable benchmarking job manifests in **Our** repo - **We** need to give permission to call out *green-reviews* GitHub action + - **We** need to trigger the pipeline when a new release happens for their project - **Our** GitHub actions will look for manifests or other resources to deploy the benchmarking job - We need to make evaluation of SCI score **independent** irrespective of projects @@ -86,12 +90,11 @@ It allows providing custom inputs and as a minimum I think we need the name of t ## Proposal -We will provide projects a GitHub webhook and access token the projects can use to -trigger the green reviews pipeline. +We will watch for new releases of the project by subscribing to the Atom feed +of releases that GitHub publish e.g. https://github.com/falcosecurity/falco/releases.atom -It is envisaged that projects will call this webhook when there is a new release -of the project to be measured but they can call the pipeline at other times if -required. +Our automation will call a GitHub webhook to trigger the green reviews pipeline +in our tooling repo. See this example curl command and related [workflow](./files/trigger-deploy.yml) @@ -103,23 +106,23 @@ curl -X POST \ -d '{"ref":"main", "inputs": {"cncf_project": "falco", "cncf_project_sub": "modern-ebpf","version":"0.37.0"}}' ``` -See [design details](#design-details) section for more information. - -### User Stories +The projects will also be able to call this webhook using a fine grained access +token we will provide. +This can be used to trigger the pipeline ad-hoc during development and can be +added to their CI/CD pipeline if additional trigger points are required. -#### Project maintainer adds green reviews pipeline to their CI/CD +### User Stories -Participating CNCF projects will add calling the webhook to their CI/CD pipeline. -They can use either the curl command we provide or an alternative of their choice. +#### Project maintainer creates new release to be measured -The fine grained access token we provide will need to be stored as a secret in -their CI/CD pipeline. +Our automation detects a new release was published and triggers the green +reviews pipeline. #### Project maintainer deploys their project so it can be measured Participating CNCF projects will deploy their project using a gitops approach -with flux. This is decribed in more detail in the design details section. +with flux. This is described in more detail in the design details section. #### Project maintainer triggers pipeline to measure a release @@ -128,7 +131,6 @@ the results to users of the project. ### Risks and Mitigations - Multiple deployments will produce inaccurate results as we can only measure a single project per node. We can set concurrency in the workflow to ensure only a single instance runs at a time. @@ -141,12 +143,36 @@ removed. In future we could create nodes on demand and delete on completion. ## Design Details +### Subscribing to Releases + +A YAML file of CNCF projects and their latest release will be stored in the +tooling repo e.g. + +```yaml +projects: + - name: falco + feed_url: "https://github.com/falcosecurity/falco/releases.atom" + latest_release: "0.37.1" + sub_components: + - ebpf + - modern-ebpf + - kmod +``` + +A scheduled GitHub Action will run every 30 minutes and check the Atom feed of +each project for new releases. + +If a new release is detected the action will trigger the pipeline for the new +release and update the YAML file with the new version. This is to ensure each +release is only triggered once. + +If sub components are specified then the pipeline will be triggered once per +sub component. ### Trigger -CNCF projects will be given a GitHub webhook they can call to trigger the -green reviews pipeline. The webhook will accept 3 inputs and trigger a GitHub -Actions workflow. +The green reviews pipeline will be triggered by sending a [workflow_dispatch](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#workflow_dispatch) +event via its GitHub webhook. Inputs are From 78bc33a836f817d4d2a5d6a0327a310a811007ae Mon Sep 17 00:00:00 2001 From: Ross Fairbanks Date: Mon, 6 May 2024 20:26:13 +0200 Subject: [PATCH 08/20] Updates to goals section Signed-off-by: Ross Fairbanks --- docs/proposals/proposal-trigger-and-deploy.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/proposals/proposal-trigger-and-deploy.md b/docs/proposals/proposal-trigger-and-deploy.md index 441cac1..0235aa5 100644 --- a/docs/proposals/proposal-trigger-and-deploy.md +++ b/docs/proposals/proposal-trigger-and-deploy.md @@ -60,20 +60,20 @@ project, in this case Falco. - For adding *new projects* in our SCI benchmarking pipeline - **They** need to specify what their benchmarking pipeline looks like aka - script to be used + script to be used. See proposal [#2](https://github.com/cncf-tags/green-reviews-tooling/issues/83) - **They** need to define any specific requirement for the project during the benchmark - **They** need to help in setting up the configurations required to enable benchmarking job manifests in **Our** repo - - **We** need to give permission to call out *green-reviews* GitHub action - **We** need to trigger the pipeline when a new release happens for their project + - **We** need to give permission to call out *green-reviews* GitHub action + - **We** need to document the solution including how to onboard new CNCF projects - **Our** GitHub actions will look for manifests or other resources to deploy the benchmarking job -- We need to make evaluation of SCI score **independent** irrespective of projects +- We need to make evaluation of SCI score **independent** irrespective of projects. See proposal [#3](https://github.com/cncf-tags/green-reviews-tooling/issues/83) - Our Current Sub-Goals aka current plan to accomplish - Trigger GitHub Action workflow in green-reviews-tooling repo when - Falco needs to be tested - - Ask Falco team to implement the trigger + a new release of Falco needs to be tested - Deploy correct version of Falco in GitHub Action using Flux - Test the deployment via the Falco trigger From c567e48ae7a45c371dd1d0571caf14b255037cb0 Mon Sep 17 00:00:00 2001 From: Ross Fairbanks Date: Thu, 9 May 2024 17:39:01 +0200 Subject: [PATCH 09/20] Update docs/proposals/proposal-trigger-and-deploy.md Signed-off-by: Ross Fairbanks --- docs/proposals/proposal-trigger-and-deploy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/proposals/proposal-trigger-and-deploy.md b/docs/proposals/proposal-trigger-and-deploy.md index 0235aa5..a136c59 100644 --- a/docs/proposals/proposal-trigger-and-deploy.md +++ b/docs/proposals/proposal-trigger-and-deploy.md @@ -53,7 +53,7 @@ The high level architecture is shown in this diagram. ## Motivation To automate the trigger of Falco deployment when upstream aka origin repo -creates an event. We will then deploy the benchmarking workload for the +creates a new release. We will then deploy the benchmarking workload for the project, in this case Falco. ### Goals From 2995f7688e41661ea305c61c6ccce8d365993fb2 Mon Sep 17 00:00:00 2001 From: Ross Fairbanks Date: Thu, 9 May 2024 18:03:30 +0200 Subject: [PATCH 10/20] Address review comments Signed-off-by: Ross Fairbanks --- docs/proposals/proposal-trigger-and-deploy.md | 48 +++++++------------ 1 file changed, 18 insertions(+), 30 deletions(-) diff --git a/docs/proposals/proposal-trigger-and-deploy.md b/docs/proposals/proposal-trigger-and-deploy.md index a136c59..a935a76 100644 --- a/docs/proposals/proposal-trigger-and-deploy.md +++ b/docs/proposals/proposal-trigger-and-deploy.md @@ -106,8 +106,8 @@ curl -X POST \ -d '{"ref":"main", "inputs": {"cncf_project": "falco", "cncf_project_sub": "modern-ebpf","version":"0.37.0"}}' ``` -The projects will also be able to call this webhook using a fine grained access -token we will provide. +The maintainers of the CNCF projects will also be able to call this webhook +using a fine grained access token we will provide. This can be used to trigger the pipeline ad-hoc during development and can be added to their CI/CD pipeline if additional trigger points are required. @@ -117,23 +117,23 @@ added to their CI/CD pipeline if additional trigger points are required. #### Project maintainer creates new release to be measured Our automation detects a new release was published and triggers the green -reviews pipeline. +reviews pipeline. The Report stage will provide the results to users of the +project. #### Project maintainer deploys their project so it can be measured Participating CNCF projects will deploy their project using a gitops approach with flux. This is described in more detail in the design details section. -#### Project maintainer triggers pipeline to measure a release +#### Project maintainer triggers pipeline to test a new benchmark -Calling the webhook will trigger the pipeline. The Report stage will provide -the results to users of the project. +Calling the webhook will trigger the pipeline allowing the changes to be tested. ### Risks and Mitigations -Multiple deployments will produce inaccurate results as we can only measure -a single project per node. We can set concurrency in the workflow to ensure -only a single instance runs at a time. +Multiple deployments will produce inaccurate results as we can only accurately +measure a single project per node. We can set concurrency in the workflow to +ensure only a single instance runs at a time. Deployment may fail. What alerting do we need? Do we also need to notify the project? @@ -197,30 +197,15 @@ the `green-reviews-tooling` repo. This token will have ### Deploy -Flux will be used to deploy the CNCF project. Projects are able to use either +Flux is used to deploy the CNCF project. Projects are able to use either `kustomization` or `helmrelease` resources to deploy their project. -Project resources that should always be deployed in the cluster are stored in -the current location in the tooling repo, below are format where we might store -project related configurations -``` -# for the cncf_project -clusters/projects/${project_name} - -# and for each cncf_project (different configurations) -clusters/projects/${project_name}/${configuration_name} -``` - -e.g. `/clusters/projects/falco/` -and are reconciled by source-controller. - -When the pipeline executes it will look for yaml files in the projects dir. -If there is a yaml file matching the `cncf_project` input its contents will be +When the pipeline executes it will look for manifest files in the projects dir. +If there is a manifest matching the `cncf_project` input its contents will be applied using kubectl. The same applies for the `cncf_project_sub` input. -The `version` param will need to be injected into the files to ensure the -correct version of the project is deployed. -(For these small minor changes we can utilize kustomize) +The `version` param is injected into the files to ensure the correct version of +the project is deployed. (For these minor changes we can utilize kustomize) ``` projects @@ -235,10 +220,13 @@ The pipeline will use a GitHub secret that has a kubeconfig to access the green reviews cluster. The deploy step in the pipeline will wait for the newly created flux resources to be reconciled before proceeding to the run step. -We will have a node to deploy the project and another to run the benchmarks +We will have a node to deploy Falco and another to run the benchmarks so we will use [concurrency](https://docs.github.com/en/actions/using-jobs/using-concurrency) to only allow a single execution of the pipeline at any one time. +The separate nodes are a best practice to prevent other components affecting +the energy measurements. + ### Cleanup On completion of the pipeline whether it was successful or failed the flux From 00a327b33f128e667f3114c442d7bbf1a6179b62 Mon Sep 17 00:00:00 2001 From: Dipankar Das <65275144+dipankardas011@users.noreply.github.com> Date: Thu, 9 May 2024 22:03:59 +0530 Subject: [PATCH 11/20] feat: added pipeline diagram Signed-off-by: Dipankar Das <65275144+dipankardas011@users.noreply.github.com> --- .../files/trigger-deploy-pipeline.svg | 21 +++++++++++++++++++ docs/proposals/proposal-trigger-and-deploy.md | 2 ++ 2 files changed, 23 insertions(+) create mode 100644 docs/proposals/files/trigger-deploy-pipeline.svg diff --git a/docs/proposals/files/trigger-deploy-pipeline.svg b/docs/proposals/files/trigger-deploy-pipeline.svg new file mode 100644 index 0000000..6d3e562 --- /dev/null +++ b/docs/proposals/files/trigger-deploy-pipeline.svg @@ -0,0 +1,21 @@ + + + + + + + + EquinixClusterProject[2]FalcoProject[N]CNCF ProjectsGreen Reviews Pipelinefetch latest releasesCron Scheduled[GH Workflow]Proposal-001: Trigger & DeployCreate ResourcesPipeline DispatcherDelete Resources* Each Project Pipeline.Can be manuallydispatched* Each Project pipelineResp: Create and Destroy of resources* If New Releaseany(projects[...]), Trigger individual PipelineFalcoBechmark job********Will be decided in other ProposalsFirst supported Project***[GH workflow][GH workflow][GH workflow]Proj[2]Proj[N]Note..................GitHub APICalls \ No newline at end of file diff --git a/docs/proposals/proposal-trigger-and-deploy.md b/docs/proposals/proposal-trigger-and-deploy.md index a935a76..279dd89 100644 --- a/docs/proposals/proposal-trigger-and-deploy.md +++ b/docs/proposals/proposal-trigger-and-deploy.md @@ -143,6 +143,8 @@ removed. In future we could create nodes on demand and delete on completion. ## Design Details +![Pipeline Design](./files/trigger-deploy-pipeline.svg) + ### Subscribing to Releases A YAML file of CNCF projects and their latest release will be stored in the From 29f2b6dab101fe1fdbfe0a4d3a865fede59b90e2 Mon Sep 17 00:00:00 2001 From: Ross Fairbanks Date: Mon, 13 May 2024 16:36:20 +0200 Subject: [PATCH 12/20] Use repo variable for storing latest release Signed-off-by: Ross Fairbanks --- docs/proposals/proposal-trigger-and-deploy.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/proposals/proposal-trigger-and-deploy.md b/docs/proposals/proposal-trigger-and-deploy.md index 279dd89..33188e6 100644 --- a/docs/proposals/proposal-trigger-and-deploy.md +++ b/docs/proposals/proposal-trigger-and-deploy.md @@ -147,14 +147,13 @@ removed. In future we could create nodes on demand and delete on completion. ### Subscribing to Releases -A YAML file of CNCF projects and their latest release will be stored in the +A YAML file of CNCF projects and any sub components will be stored in the tooling repo e.g. ```yaml +# projects.yaml projects: - name: falco - feed_url: "https://github.com/falcosecurity/falco/releases.atom" - latest_release: "0.37.1" sub_components: - ebpf - modern-ebpf @@ -162,10 +161,11 @@ projects: ``` A scheduled GitHub Action will run every 30 minutes and check the Atom feed of -each project for new releases. +each project for new releases. To manage the state a GitHub [repository variable](https://docs.github.com/en/actions/learn-github-actions/variables) +per CNCF project is used to store the latest release version. If a new release is detected the action will trigger the pipeline for the new -release and update the YAML file with the new version. This is to ensure each +release and update the variable with the new version. This is to ensure each release is only triggered once. If sub components are specified then the pipeline will be triggered once per From 37b1c28652cc079ea6dceaaeaa1a2c5cd43d627f Mon Sep 17 00:00:00 2001 From: Dipankar Das <65275144+dipankardas011@users.noreply.github.com> Date: Tue, 14 May 2024 08:58:19 +0530 Subject: [PATCH 13/20] refactorred the diagram Signed-off-by: Dipankar Das <65275144+dipankardas011@users.noreply.github.com> --- docs/proposals/files/trigger-deploy-pipeline.svg | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/proposals/files/trigger-deploy-pipeline.svg b/docs/proposals/files/trigger-deploy-pipeline.svg index 6d3e562..5d1edff 100644 --- a/docs/proposals/files/trigger-deploy-pipeline.svg +++ b/docs/proposals/files/trigger-deploy-pipeline.svg @@ -1,4 +1,4 @@ - + @@ -18,4 +18,4 @@ - EquinixClusterProject[2]FalcoProject[N]CNCF ProjectsGreen Reviews Pipelinefetch latest releasesCron Scheduled[GH Workflow]Proposal-001: Trigger & DeployCreate ResourcesPipeline DispatcherDelete Resources* Each Project Pipeline.Can be manuallydispatched* Each Project pipelineResp: Create and Destroy of resources* If New Releaseany(projects[...]), Trigger individual PipelineFalcoBechmark job********Will be decided in other ProposalsFirst supported Project***[GH workflow][GH workflow][GH workflow]Proj[2]Proj[N]Note..................GitHub APICalls \ No newline at end of file + EquinixClusterProject[2]FalcoProject[N]CNCF ProjectsGreen Reviews Pipelinefetch latest releasesCron Scheduled[GH Workflow]Proposal-001: Trigger & DeployCreate ResourcesPipeline DispatcherDelete Resources* Each Project Pipeline.Can be manuallydispatched* Each Project pipelineResp: Create and Destroy of resources* If New Releaseany(projects[...]), Trigger individual PipelineFalcoBenchmark Job********Will be decided in other ProposalsFirst supported ProjectK8smanifestsK8smanifestsK8smanifests[GH workflow][GH workflow][GH workflow]Proj[2]Proj[N]Note..................GitHub APICalls***GH Variablesstores projectcurrent versions(when there is new relaseit gets updated)reads&Updates \ No newline at end of file From 6094f7c7584fc1e0893468b15ca1e3fa46897ab8 Mon Sep 17 00:00:00 2001 From: Ross Fairbanks Date: Fri, 17 May 2024 12:04:34 +0200 Subject: [PATCH 14/20] Update proposal Signed-off-by: Ross Fairbanks --- .../green-reviews-wg-workflow-vision.webp | Bin 59554 -> 0 bytes ....md => proposal-001-trigger-and-deploy.md} | 92 +++++++----------- 2 files changed, 33 insertions(+), 59 deletions(-) delete mode 100644 docs/proposals/files/green-reviews-wg-workflow-vision.webp rename docs/proposals/{proposal-trigger-and-deploy.md => proposal-001-trigger-and-deploy.md} (63%) diff --git a/docs/proposals/files/green-reviews-wg-workflow-vision.webp b/docs/proposals/files/green-reviews-wg-workflow-vision.webp deleted file mode 100644 index 7df72c4655dbd96edc9080fe2ca4e6ae36169284..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 59554 zcmb@s1#n!u)-~8>W@hG?nK@==W@ct)cI=obW;50PO5tos}g-h&8peiJ=YwU;tPE3V;>>VPxXsD6FU``^Wn4@(=!Zx?co< z{JEQ>|Ksc5{QoP2Vru4M0sw$0epnlux|rB~;D(QUY2xVY3IKo=eeh%+u8x23@CQbB z{s`~`um8ao|H7Alu<>6Q9Q-dERb^2C02~_tfQC0Ra<%{f;K@IDVs{gZ4?pl?ADGGB z)XM$?f7}BE?Ccy&KXAhbrv9*T{J?+wa~c1KAB+FMMn=Z}_%t%I_y_;1Egv;M9xP_% z;%IB+_1De+pBFn@w~zk%D^Y%2;Vqpdl|Ralwt_6%ILQ2i?TzIX{^qSdTK6}$bdyy3 z8=JU@e)Q$P>Y5sf$^4D&ZRP)b-+%cuxB4vgH@0$>QvDm7xrnR$jh!8o|9O_Vv#9Xj zypi(<`X4`THfsOymS$4_`1iI{)%e@S-AY~lZ|q{D@=rY8mZJag&Th*8#BXLVA@aAq zx%20L+HU9a!T!&4Ev=;fsq1Q~D)~2WV)XC$&FqE$?bAi`pV&;z#Kix$H?vp!r@fA@ zBL6(g(e|&o@mF7&*-HGwySS_TQ`gm5^&j5RRq>xbv^J9dGw%PY3y=j!d`wX_fGxlk z;0!PVd;Y!3W}bh>C_vP~(aYJ&!qSyk_+yrt5lh*dFnl6rVPate0RGI`KQ;is z4d!2S5d?Ge-&{yJ0Knf01OnUt%}GxK0Ck1{0BqyGIchxs0Qmp_8167}b9VpB9RU1K z0r9aGAOX+;H~>Nb8Gsr<4`2as0C)jH0C9jcKmni%&;sZKOaPVuyN}2{0KR}AKsX=< zkO)WtWCHR4g@7_Z6`&r_4Cny#0)_x%fN8)2U=6Sh*aw^dE&=y|7Z4B-C=dh?G!PsR zA`l7?IuI5RE)W3_aS&M$We_b8Ll6rPdk{AeUyu-x7?328Optt#a*#TZR*+th5s(>> z6_6c}Bamy5XHYOucu;gu0#Hg&Mo=zLVNe-RRZu-p3s5IeZ_rTCc+hmv0?aHtHZN~mtAS*U%eM`$=`B4`%q&(PY?_Rzu5snFk{yP#*G51?OQ zkYOlbcwiJ@OkuoW5@3p8+F+(&_F-ONQDCWH`C(OItzm;;(_yP&2VvJ?Z{XnINa48Q zl;Eu30^!o(YT<_AcHo}iQQ>LfMd5Yf-QeTlOW}LqSKx0D5D+L4gb=h5ToK|C$`Sez zHW3~X(GVFBr4UUK0}!(in-FIa&yiq|D3FAa^pU)gQjvZjO(C5k!yr>4iy|8#`y*!| zw<0eg-=UzPFrz4-*rCLtd`B5UIYfm*r9>4+HAM|YEkx}{-9rOIBSRBKGeHYMD?%GY z+ee2)r$U!Pw?>aauR@YhddcelR7Q!~ej>fLRUci3FA;uBMvBCL*(~Pr$3yw>RtAy);n~OV$dy0pS z$BSoz7mZhsw~7ynPm8aN?}J~6KaPJ#Ku91#;7E``&`)qmh)F0!XifN)u#51B2#rX9 z$cpGIQ8&>sF$S?Pu`O{r@c{892|kG=i5p2i$t1}ODHW+2X)tLG=>{1r85fy3*;leY zvP*IzayfEe@(S`*3K$A53QLMKik}n@lvI=&lo6E8l!sKoS8Q}_W^B1^%j{_Ea_kZ8ee7=>oE**^)f`8h}ql&AEXNqrrCjD&j zx#IJs1iOTfM2{qdq>SVj$t5WQDHEx3sY_{2X+P-!8F(2LnM|2oSz1|V*)};)Icd3M zxpjF8d3*V01%QH-LbAe!B9)?(V!INglA=G!ZpPGdVF8GW}|LWX5ln zWOiWAZ=Pg+Xu)rhY;j~MXqjqxY9(rwX?0~SX`N^NV54ADY6G;@u&uF!wllPAwMVtL zu^(_CbntYTaint$cieX3aY}Kzbe3^0aRG7Bb7^r!{}4yxZq#mJZaeM*?pf}S9_k)H zJW)LDJ;%Lhy`sDhygz#v`+)nH`1JXb_y+mz_zC;v`-Au!`}YNq1%w9d2TBB%1;GZ{ z1Wg1p1t$gHhG>Meg%X4YhVF$)gjIwihC7EZMes)CMS@3KMNUSsMrB03N1H~E#xTXC z#=ORw#E!->$EC*s9X0fdAmic zWu{fSwXco0t+Ab=cjnqy2&4MkO zt(t9)?am#so$+0j-L*ZFy^~)qzh3u4e(LKV&)VIQo1veXMi5f8u!ZavFYy za+ZBgeco^(bTNLZdAWb(dG%)k@3{ZF{AkUG_dn_XC_i>f#D;4h5mbTZ zfY8>0i-8I-V@Hb?kQ96=ceA7h1OL(N_jS-<$$#`I2Wx80e>1OiY)+NY8JKa5_9*c% zwG31Rj=qHfO}>JSgS|pkTwDP4ygZ-bfq7-jy!XqHFNf1<;^H;ojj?@ItWl`SN|mr~ds0=rJ#GYjCku`+f;L2by-y2ZR7aPGR0O z-ZZL8--zDzj{m zf;R>$f^Pg~C zaJ01+FycQO;0pvkg1zcIao#7K=QVDve(2r)m$_Gqr;BSs{X8?E4AADa=GWFT(lycn zaQnmI7ofx20}%KwIGDE;unCL?3Icz=mVQ(dBnDEy@4b(`3O+l$ZS8ggfp2dR@4~My zuLloE*8xx610O~Q4xtfBwbo)_M~rU|!O zO@c~6JF^s)2$NKIp(DA;%$K3t4*$C^=FEPZ26hD{%KL90%Q3cGdMxP|Ze@`TVOkQY zp;PZX=AKsrV4@>Ho@?2-F%)TNMBwhV>A$`a^_%b6mLoE;Pr8+pyGcI!Kbwds!tl5S zM+9rREEx#exOuUOw@R$ppML`53PB>K4OVK5B8^4L zbWi>FsKSm+U3PQqXqz*{c-O?ES8s|t$r0fAohK|?9=4Qi*mSV|g>AB1D@3J__`ZO* z`qAu#%=03V4{M+ExNi>rqR@PNwI*@=u%zp&7$-U!qg18yt~T#UPuY=!kIipHIzKN9 z#n-18mBM{Bnhok3-?(dc5a$EGwpaNUqc!W6>5Nr>)zK=EbQup&t;?>t|1}XRe%DOy zO|K;D%@n0DFbw_>NV;Dct5>S-7~sgG0V@@IPaHp)YyGMtnB0>1|Zg*#k~DQsE`g zd`M)0rmEb}0|QXIa$7D|77fQHg*8k4)w^Y8735U6&(_71GL2PJJ!Wr{(=KedAS4l- zP+jwEyRcaz`j~ZQmmndPdVSaB56bMHMG@R1C?Shj@HSZNQ_!>Z>=_ z#JCb2$TXf`>vYA-l9q5}zUmN1W)~Mdc0Z#B%?(;45qeSENcI+Zym6()zo8qQA;tUK&;iaZ_R(sx^>Gs?x36o= zv4x1JgON#C1oCTYVtQwfSO$qblh*pM`((>&zn~qIoQaYD5OkQquL>eRjSXxNIy}=k* z8Fs7jCH1HCT$t0`kKM*BovE@h`oxRvstb)G#&<`Yp1gV3g&I!-tN*of!#Q}}v9zSc zl+9P{WQ)5NC%vxWSnZC%Ob@ug^Y@{OJyJyn4@sp3g$o+H@=fZB>mqb7S$QQWo`A}N z6MFeaYPy%qkj~Yw=vk1J_+)d_HLpkKlAQe4y7cj;a6EpCZQlX{WtWRLR&^<%dxsqg zF|44C&wuyt!S+XZK7Gvz)of+Ydt6Ag^Q>V^nMU7fN-XYXsAvkp*qb{iVT{M1UR>_G zD2Zjj3px1G?mza_UKxX3x)>{&(o*S50@Iv{uI9+twKZF|erbU@PCpMB_QL>4?_FF; zPnPeVI^2vZw1)Zp$NUI2-eA#6RKEB*X59RCJ{Y*7s87`F3~V% z<}dvDW&m+sD*b)=)cWYRnSJm7e#Oma?xb&s3+MYC{#lG-+NQOm%BHuzbYs7(OKJ^1 zwEd87VLn2SID?PG4z#sLk{PGZH;g3kd)uqd4eyrto|-a2c^F-=FV7?*u)PU7&BfsX zZ5?m$zk9Jdtk5M;FdL6FYPdSDF8T2rd&JGh(9+E5g7DnmU-4`^ziyp2Ds5Q%?+x2xcS?Ko3;JEWu4@6hdJ zO?&LO;?FOi)k4wG3-1{fC3<-5oX`R{id183zT{Az=Lm!vaVj0nphx%Kzox{>!8|<- z{d@_(>41ztr=?GU~Hp;lILqaf5A6=1S2qnxYTI1y4EF+%53?N9~N@a zo|5_7qyVC_c@UJmtHP z5s5H3;x>1ECK#x)utwXjO_h1znbNDMFG>IP)%&(;=Ji-o=ZmZls>JIKlI%lZXyAZ% z3d`v7M-SCrwmV7S7KL8C;hL4IrpvfW&1v}4MCa31teAFIWpw;owRPQDteTA(eSzg; zsiJ`8)EL6U1#-7$69(wKu4Sx$iFzUm^#!8@F6fKwQ8;^0cNEyWl9DVVAO1AVzqa63iC1$4Y*Lht8H1#)OU9K$*9t_lfS?O@o(oMpuRE`VT=xD5v8U>+t^=|dor)@V7i)pi5CEO34Q!xJ4 z091+tWoK^pj}v5(oA4E$@;S(5gk4p=c9})9;u_gp^h>qLfWC&1O+^mvpWSB49Sz{z z{#Ki)y)}J{^?q!3xt619a`+H>pLI5;nEiOLRM59J4Qt6_I98xH2E~lYdw<{GS38@t zq=s&99IhcW-QAfwP4>G5-l9316mOrsI}Dc~-k&&D42PKeu=76|9R4gdFjW@HJ!(FKmY`3+HhQAhuQJMu&fe6e zhjKd+tm^&3D4gyNS&(1GWSyx(c zW)Way6R*^BE?+;TDVmRjv+}JOP&a+Kym+bM*$^mvn9a~y^{T^dsPX&Zv8#vB9fy1% z#{hthef6;_f<8CGk{psWGaW25q)>N%r@ zUJWDU!C%DkomEqr;wkPxo4WvF7C&$4ec2|*YU&SO@Sk!4m( zzSTYPBrcQKL!%XMDvHU7br-RUusfD@CgA?lApQsA2xc+i4ioh6LRx1Eqd8zNF`|!B zWlBB)dS+S;A29{PAT)8a&y|>CcXbGXM#H%4N$}aRvrX`}vG-bjUsl0=M;*(;(umx! zzVyl68?Pxi%gLa^6t5?g!-T|A&)f9G;BbCMJ92yt`>_qxPOvJ`EXMkt`@4&~L0bFgONW4q198Qgmd~6NtOZ)-(lgFd;>i;4eJLZ8 zMwwmwO06tkrZ-jXmrR#Tlu9Wx#wVHwc8qkft_`TlIylnlBz1rF75qx`kBa}j{>|&i ze0m>1r*K>SV|I6u5^D{H&OBgYp~2+7DPcJx+Mz^SpZ)C@s7f!=CoN=cS~rD_JPCY8 zvt!0iYLN#w;Zw}dW0z);$=Jlb7Uf|e{Y;V@?ek?gU;601)4V3^b&G#wp8K+##wdo< zTqKRSRfY9twcw(Nd>_m~1mC8U8@-TcYH1~HXiJ2yt3fvJ@KB_M4^(7~<`})+KTw0E zs%aN$x5Y>NYb!}@gDZKE!*Kge@PIcu1B{ujc%-Ih*FBmP`fl|+ASASuXyaF*#80IZ zfs&EDUjT3j{(+T{zG6@9!1h?zlF_&;XqzPJ(zCRxOiDO5k{+P0!DX*4N037%Cu&I~ z74dV>MqS~)EdhC(5}rUN zne-XS;$Iux$LgHPo!8tJDU-zQr@BVIZE6~-uc+h|pi zgKR+WoHaSYHbjfzV_tmRjSVO64@Ais|6@n3;Q=$ud7&@QhCCs@y*)*SommaoLT z-b~d%u1&lHUDQXzzIb{eZ}WJ}*j;Kfw9rqD(~6k0{3dnOhaNR6x0^a-SssDc%*{`X zfSzd`8Szek0{fEZ^82crq$ei`XP$^h&nYU zaCQB{uF@hb4qCD6qTjo0Tjg(6kB1s}B&8Q0#+sFIY>v+$}H_VyCE3p1(t_1HxlYesLxKcAaoE|c;TY^HA(d8gT~ zFTLxl^XD^hrHY@9^SoOJ|HpC7_Yy802EN5U58ECFMAqRgG*coyNi>Aqe(YOi>+TIt z{J6od4b$#=2Xi$%g3SR)bp=nX^jS(vLJBGSy80@9*Y$~{17T(?>0A8Qd)yNjlhK-p zG;w3;LTvtS0{tYkT#@_#brOVw+#Jq|C0_@4P^Gb=OCSm(UGn7E{&hEf3HE)`JlyG( zM?%F%kH%B)AoROHD5U)dME$k%{5v$JLFnn98wvz{4hlNH$_O#% z!@I7qLg$MXn^*1rbtLtFBbficpL=oj0N&pli2pi~{p$igGdrbEZ+X$zYv~rcG6RNE z_yD%U8*hjwdO-Znf6`Z8d!*`Z7E#|2o#e($zTbdA&~ITwAo+zt{E+nAuMQ$}?$*HR zp=krGS-7m6e9|@EZzM-Ll~O&sARqP-AjgPg`zUZUTeMNzcW>d(;PDWglOf){>K8d^ z(jG654{NaZ08bZvb^)1~6)>-ZdYpefW?wZb;Q9?CoPa}m?!bPC>_d-oatr!*0I z1mN-v^LkY;SB60bdR?5(^xeG(I5=qrK!AtJ7(hMIR4R^Yx&T+S1|%*+co%Ddv@LsD zx6y?>S6C@1-ECJX-1&_x5X>H$w*^gJOEke@{O&K(TX+kTB<(eEV_-i_I{c2K4X7c? zH_zV0&8}QkycQ1E;==;|iUl9y*0o|JkZI{kc<&*;dett|>>e5GM!;2%5hAR@e^$hH zK_fY5zcZkqd{J`=Pd^Zn!)F_`XnH#^=`wg?jCjBnqxILHXaYTi?diBO)?<0Hy~JnB zDp3;gBiv;k6=J^O!|9S}wBVmj{}e5vWBGtpdJ*#8NjxGFRC3zd82(K6;4!;j(c^{B zTUY+Pe~iVA^GKGPHC1S`@SqTMP%Ri=$xzi>i~DmOGqf``?uYI~)ls6;W+CS|F5FA8 z#$fbn@l`T+S|rHPu|#w1cinj3Go8{73gr9J^`!2RKa19XV?Ge@9Zu0zB5RT)}5aZKY&4r4{m`C_0syMXlSh!#inYUnau z0XcRK$cJ68cNdFJ{p`4VvoCz*njz;sxYoqqb<`l323hb>RQf1Wr00lUDn=fhNW7lM z;tQ|GM?z@J)d=aNwRL<20`>jqU|1n9d^*o=upzP+Ol@JVT+%oD zsJv&TqK#M=VW@t{Jm0&80Pq=Q_wAdxrcFzpQ8JW+c{oNZNX|Hvq#by)P;AA$6dGL^ z2o4j|$oTxH(aH@Z>@;<&ElR#($F;-ITc_`H@MAcmMfu}+?EVh!oqLMYLhSp-y@qv< zuS1q(F&^oZk_5cHYIySt>^3oiZgLxzq_je8e{BrM(64f`)i+HF{{Fdv13J}xJSc2U}24Wk4vkn!byOe z%Fn?-WC{}O+Qoflt?=|%j(S&2u3@-qq4Auqf_nICiXLbIp2gG&Mdhci+a1PNJmVBkcX`AFUYkO}mT_BBn`7tX}zFm^ZI%a2Ej4;yp5r*3tLNFg1AD zxaaDXJXxTNvGffi%SVjV?Ud)PW&&(9wt{2C0FZ zCX_bp8I(491V9IwTf=T#0-_O)hN?X_X>#5(4k8Yp4b^Q+RQJgSs>Sn@`?3`bs+`Is zR)b4!#VrDuXQRx?%ci3Wz&jVDolKLSAVT3JQwDMfTpD&$^CU6AbZ*K0lrnPKCJOni z@S6-d>!@HFO>!V!1sBP>E5#kZyxQS|ir0~Bw{Ofs2u3f(p^caUAl1bo2hhGA8kQ{4c5x;Ie)L2G428j~zS#N-sG|{4n+OCE#1rp&GF& za-S6~ZL-Bf1}cEMIQoi4&lsJ#EE{N-X__rKR`C<}!JOoz^`B1NNXLS(Q7l*zx4by& z>zwXi0%Q8@;MtfGF&S~7GQtlz3tuJ^BseyyLFc*6vu3#`>avyNuV*@7ACi-EIDZy0 zBT~KgH!OEGB~03iZ&l|UHPW0k2Se4p$c1mo@wcOrRq{*iWK`m!+qW@&$FrW{cX2H6 z9)h5nFb;|uiKhGpq9WHgOCM{tn`3z~s9-#wS}1Gncrvm+4sCt??P#*;a_9+uQ$~K8 z%sD_V`3V&dPV`=|3e8dxodLT^e6KnK@)9!Vt;5ut@_M?JtsuGa$c>ZuWtZ+|pe7hF zT~7MrGn0XUe%R zpUB63wdgt^=e2rS#7w%B?itupPjA0|XN+j`&a++*1Fh*b>~W)1uq(8jt=P&d9`JJz zwPSK;IwSqdN-GKCaaNDPr1@ufqSIq$o@3%Mru*f576(7FAJ##ReKfe2KY$d(c5Fev zSp+dQar!)@|WuIkpFhbCPtt;uC+wNphql}w<{tLo7#eS?kIT6|=)Z#iwki~*zLs74e zDfPf0l6DRXd-aMbX2@pi=fzYp?gaua&_JdBklKZU=8i*y#{^8_>t}n_;9~bRJ;?hG zrv8QF{w%uHiWJn|H1HRREC?0oj>b&HhYUO!9bs*P(-045CAVgyxT9pAL?i1Chi^Lp z(6u#+Oko`boxKvg{itO{YFbVw$CLT8ZDh?;yB3Y=2XnEm1CdCh2dO*;T-bGYNk8P<{(Md&fJ&=zB?3^z~hKnSG=Ga=%&IE$B zzg$Uke*E6r~=AW68hBrvGC*<3e{=jRhcLY10ZAAmcaGLQzz)`e_>_TBjO?s1E z&i*8{XYlISc-OH}S;wso-Snc4N`5tIOpEAF%Hh2&x=jgE9VP1+*GmDLYW690>C zo(N^PS3BdkSOH2S$#$N4^ye!ma^uW;zMtUqC{6P&iJ2rG%0yY3MM#(WHn!KR+2+c# z#omGU#)aGkxDYkyH@|YbC?UjdOa`#!{KtkeEQRM72R6B`a`!^SSLLn)l%I7my7Bax zEK3U=tDY)6GcovJ>xC760hFJRZ#uMgCkEBem zj2V0={ifyg=(9j(L2m}(W8Z8w&ROeD{4qV9HfXoJuESUbVXgUPC3F06LW;nfrd&Zm-k`9;l^gL9#sj~IX?|bcda%A7sAO}fyY%E_sYcpbe3R!3LD*l*tiu)2^c}w!C6MZNcPt#(pz#L)?`~kJZo%QRgdDCrn7R)c`+qS+? zX%?LyARr@YE#^IaoSVu?!sOiEVyeZ1)O0-5wVp$Qp9^W1k06BlN@y$-e%&n+ zzolGEq$?37SOml%U@Eia8XO@RtK_YEMKL)ZPTDR$T0w~;jge=E{YrNnYo(dSxaMR) znz`mdmx0P=ya(rkh(0eLu=eR!^8+SYBg9CsSVZs}k1}>t4i3j;F%o2aBB!!!^inR* z11&f!9D__x>^jHv0&OmgYyqcLF&-<$L1#mYWZ9`JAS(ew>buraV=indYo7|-fO~&( z4_NrkSnq%3($>uhWd9ZY6m5}gMUby%Fk$JL%mX881pX-C1wGAbM$c&U>Y|Q#UNFDMQ*x>aDkHINZ++o$T{UFZ}$!e`4&CpB-sR_DMv1 z+G6?izT9TFmtUI*&k%MO+RE_uvss4$%7uoxo~OB`0e$$bdJ1FdEmUu^X8sFHt|Rr= za7>G2Ah4UF{`E1ymN}_vizpmQouwozk^t90TKN%co|Hva8-jLIL*X+L9u|sIw)V-- z-fV7RS>|=~uN!zs`yLXwq2cL{MwK)v*X~5V1}}MfVuXj=gt$bpY{`lvpe}|DAP8=A z?NBKgN6*iu;tfvnA?1$2c-ldLS-nITV8be z#8hhl796W@Z*g&Gc{;ihmF0-2%Kw#t;k$W{XG(H})#)Q1JEI}ZH~5i@K=jZ+gxGG@ zX=JkRl)6ue3|Bad(+;`aG;mNZ0-(cNkyEg$==GtXuy9f|odh;!uKaDmHdLd=*<_=? zd3JFm;D-=Hk9uR}abMRT;w6%NELN<{hQIdpl8F6KmbdTKtDB5Fs)~3F4JfrFEK+T2 zUQ~~MWrhB(9VkxIkm%v7I}I!DS0%$gInlOOjrZe#FQwcM=H+#~IGj#awmcwiJZ(j1 z$2IG$v$^G5LpqpIjD-nT10+EEN0`%uxPyAu>j5fRupDNaq4FMh;gHGv@F&FMT9WsD zg;fSTT1{n|XOwjJy}-#^Yvp@6t1!MJap@skPQ-@aV*?%}l&2r9g(?TUQhm{Q@_v+l z4W2z5p`pV!n0|IQFli_&1?S$ac@MIA1P~O(IXGmFToNHy8|ZDp-X?A(_YI*b1<7_h zveF1DOys>(UwACMofm7f<_RkVaO=M-{V;48w0vK8vhLH4X-xXG!3JDt*@6H zI3@{Drg4Cx?3S=#JH6+Ob-8G+C``p8yxp6b-u+!O^EC(uRwIT;n5uugyO^y=j{>hE zI+R7a;z}}~Cz#Mk0?zW{Iao5g>E*UQVaib#>_s3x}s)tjK6@RX{K4mCK4k%tnY>4BZSHj0;zbNQc zq$CP4y7WP3d&5yP*(CPfB#&D) zoO!2aL2uR{0zfbAm8r1($ErjDZ)Ypr%bK4E2-O}7D3ODB;;$X<>8G#x(wuUtLu8U! zgQEv))ATgQUktSpzA3`B!J$K<9bs@m?@`BX6hyoCK?IK)9Y~MXmJghn4hU>CEV2!i zX(@$7Yu8;TcxB9z9l6RpXmrSqi(KpV6PS_y zG$U$HB~Vk2Q|Hesxs45+B{W3YleWRm4kK5XJ~Z;=07;C$epsrG+B`t>)n+tcH$Fmw zj!G`EK&?Vg6jQylRk!N}OFN)_G8tD3n^fvOv$;>wl&pC&!N+sKUg!7L(6bnXhE$(T zYXepZeWw8%Eu=WS_Ti0BGcojs37}Ys^)Dyp3fZN)qJ4T-WH2aqJjX~?h&n(#8TbUX zyoSw##}m(wdB7`!$8cLal3S0d;Ru2ZhB4~x;h0?wVxv(Lc@5h+Nh@_Gqc2Yyu6(pO zgu4|X`%bwnY09{_63?uU?(z=8*W|@sNi+X=nP*3^DWdj(;ff)*{$1m6(YS06H~c&C z+=S-KU0mL>ev0wK3e{Ge7LOi5SYV^YShvl|49@DrY}JFYr+k0Ej%t~kGee`+DHNA5khhpW#Wqg3n}Iu~WtS@JmttsMM;<+SuL6w>2$}WjinoNP z(Su?knf8yNM{IW#bqXUQ$y?j#ZtT!&&+V)rv2Rd|5=yEZIl=(c96nrL^tR=k@_zn? za%T(d2KbOl-?z|)N4yqQyDFaNRunYsmr<*yW~sb*2@9D_Hv_xLmCjaXatdPYXeDyJ zecGOf?K4GW?1BY$+)j6j$87W?SwUK4i9T{6WwJ$(Wn!KH`z+|IRYSOY(Go>(J*(1= z+Tr7gmzdr4lb=9VpKr|JPxK+AEq-#~S?Lkomm%yUlp$$tr>kG#o5{sllc=RpNXWLB z#@^&c*Nv+32fPf@Sj{(T$0$&V54uz9O4h%P|AZ0XMSC1BQ<3b+zR%C&^!d zxOyQ-H|gi%CE;P?MVR5d;*K0TfjoJG_`Dp5za%|mWgCFp2W#NEEXGj zudiZ$eU-R*DJ;aUKMd{fGRb4};vcdF>PrpT**c0vQcJbk_Dj^lNXH5-(ad;ULXgTt zE3ZX(yoxnlZ?k|%gc<M4V(?t zWO4mM55>$u(wq1!4R~xJ4#T@g)-{Yl+S}M*kE7Tm z^CiDu6wz<7yhQPD-(u#y^LLcrV>2Hv;ae;_i)99X_EI ztC{;i6x79zR?xBT^*suM)(LJ}NQB55IDED-&!CxD4yw!JyP#3SK?1B{;i17D>F0JM z2rX(dp-Pu%l6H0iYgO#%zItc`C`9dNFhRxliVlm$FqT@pqgJ};)d>PrtdKA3epJgQ zW~^OrDy^vvz#u71x*a@NA%!Xrjfr~{A&Yb)#RqSzZ3`oE3j~K!1-~)82F2XVGmjop zaSV+Ey{|uwE54`5)T1QaqHsT~*I9Sxx7hj$M#lY6u|%cZ(_?ZX63JZ-4>{)s^zYux zSxQhjtY?fl3zM3;b|g_ldxM+oVXm|?+SE#0hkzJi_B67ZrdD(sFf#a5+rwED&#-nd zujIA2v(hgTTMDZ~bjywJ0sBHW^y>-CChmO2?r$f`JXaROeQ8lI%>Ar?a1*JDmNyI> zTHILmd6izL>Yw+Vbe%_UuVAvhnAX~Wxz!zu6l3H!yR90P7t3NeAp zUf6IhkriRyFi*&_{)^{)5ZOB=n5pQeilptJ#9?T?2KycSlx zTU)k@_R=blqR140>mZh}WkM{{VxNOR1VkF>TU-1?Pin83Me8pKoXCAL39HJreiIS& zjeU5<6^z{Bx@1ft70$@-H~pAAE3XoGuPfJjxIPP9xFp70RO}Emu5#UrF`jUF_NZ=p zEw^77dSkY>aZy!@YKLHKEqe!6M{zlOX>l_)R`=;$+>-93!nEiROTTD=o<-i}DVuvA zX2{bByvF~wzj*YS@5tZArJBZi%B-hoEHzv6Erziq3LpD;z099mIWlLuZhBkyre}5; zr^!Mtz?Lu{CvLvgJ%FCysSLXm;#1kFbmg={w#%eUG?EnD&?tt~>d_qRoHqx9i00Ze z+m}8vgiE=1^4n+Cn$DYP3gthDrY*)PvlLhHfTX5@eY3t|%iT02b!k$AUjov=a#(lq zPy-&4oPS2@((l1G<>d1!{^s!z4+F04<$LMtABVDdTgd1)bG9&X_;FAv>v@(%bDyH$=ZFGUDq?yftp9aZ!NoT!5V$*b}17}J@pVTu{z=5zxw8}ZjGtCgfB^_-Y zkK;>#%@0>ioGb*>Nd;*BE=zp?t`QP#$hekQ7K`aDOMRP&>6k?wQ#|CWdc>{xpipqcpibJiVDM#jH8>CBO5*9jZ3c3y88XlQru6CREXf*98kAq37gK>%F=Mob^0Lc6Wm^U46L#8JRIjmlgmc5}bCr3DYgs ztECIj8$zNd-d@Od3F4=BUg%!Li(e)yx7r;q=e0;B;wp$1)3n2-OF3~A3ISATcn&fl z6zz9dn-XZBGAOMnE6q-XoIGPiuV@qwBM7&YdcpI+AG)22U7T{E&mF7HRZX?f;NY%N zFc?b>rznWeJWi--g!Ij$-SplDIc}>6qGf1T&EfXYPN%{)hnjRgj@)4hs-m6vE_N$o z7;xs{Y#!Zq#@MCXIpyuzgb*x=d$?pQ&*)kE7jdV|Fao^q9XV$BK zOAu#ml`+;ceQa!!#x zLRUbreTW$adtI(^QhYfTyK#9Q)$5|HNHC?xp7?ea@Kmlvs@WLQOL^&{k+$!Al3c9# zlmY)206;*$zhl%mE^H$L1#iggnwJHDH7cJKOs78A01>yzJ3chgN3SCPv~9CWga9UC zlYu%QuuiuG6}6Yl?KD}P;NTLzZ$Y(M+#qA=qKQF2X+%huT^J{5c=>xX_7xdaa-p!7 zEhTQ5nw-DM3lmh+AAq^i`jr8q|Gl3z;xAx))6@R8P>(-D8FYIgDOs={6QctgjRA|I z`+RZiW3BZq#ny{LuEUYb9L7=_z08RwA$4UVdS~n)S*vKBlywHkBQ|RImIua~qI-); z^}T#BLEu2s>v(5P&A=wtD~5L=(sVQE6kiO zzoNJgGa*x``duH)!D7n_#z^CDNjcd)B_SPgOcD~vT;aBd;Z!VOc!s$epOXwbE$89J zAmY8Gk2dVecmf@NiWp*Ze6=qG3`UxtzJZ`Y+=$?gkv&5(G*FOahBM@GZuEm8@C`jq z{2E?M7*W;DmC(IhtH}(wx_o29xN}x(~ z?L5NLb654fW5!PpB_Y4PXIfY&wAv#PPz>bayFJi2pk#QHJ|K+Fl_aj-)!_^DVn z0$~H%cdNbBO0vMGA>EPt!%Yssfwo3uG4-ZJk93t=&#^;Sb3E4W*p0)*U0;Ad}>a=`U2J|XX02XLZP%l?3vD!h_Fm9hXs=byhGt8{woA@7 zbO90sY`D-b;_q@N<3gTg|LTxH>~@1nC(apURNUUXB6Jz!+_SA)LSJhZ5yx+sviSQH zIyLPS41rJCxHqZhxUJ4wVy)4tOwE>d(635&;&exFAYts?<7YS`7mFVCa4@KK*%hjU zBC`pvSQQ8OzUOCjc^L<^Gm2JWgHKV&Ga#bg2JZCm^taZ@ztj&zIj|CBz%_7Gl#+)*CH^ae{aJfb)ooEc>MA~fwt!9+mNb2uNQ`*!Nc?YuNW#3MJ#4&k3 z?#8Nr%c4de@J`Kwm~JKaDA{g{+0Bu_l{UV7`=BI13|nh-6`+*m)sS@kFtZhW1jkq2 zn}wQk_nhJX*QmCqLAeW=4c=_bdaQ){k_aGT-2o}M-^dt1u)PRgL>YR}2U<|hXt$47 zn}jUpceup0yi*MAD$SVT>xk=#SC7Mw3W}f6P&B~t(v-1eq}TR+K5Q`5ntb}kY^m(e zi$n1mr+5P}zUx<5t(gR1baKLcq6jY{`te@uoKq5Uoj|gmc?RgqB!}so>LV0hEt7F3 zXUsvwc{VXKh8le8F9)ckReKOmi{zkwZz2{CiC6ynLUD+yCjPCJ?iVTnt5fE@lTkxt zwFq*dSr*b^fs{|SReX^`v;$|Jau*jhkxnX~e*2P($U!Pbs^`N-+z0y8bxndM6rlFv z&m>g+s)M2ZPE2)nI$L8MS>xR0xW^bL#?EbkjgHwZG@_L4Jk-H2Z}~OjOsr4J=*2}& z7hm}dnh0#{vE3=*1S$S2j zxr6V*mU|&&tL{)4|6=)y({(LII*Jowxsc|d=3F5*o0sZq?{qa8Mz7=4@Di5B>JZ00ZeA8614potWv)<{p^>fqn#)MI z)_e5-1t;{SHlT^!-`G>#EU#WFcWR~&wgW*8!d{@)@NCh83(cZU#&1pQFhqbp>QvQe7d)o;b?W|yO<}yIN zkk2M5-kBSMQa?0(N}G=R*Fy%z@Kb0?SE^9~kdE@kwmUeOeHe8YCYafZ+*C+GlmX-C z=PK^jv)sK@p~aJu6vl%%gtObojOG}iGP#O(@U&{t^o)A zHx(MftOm!q{E#Q6BUm*>na~KB>2nyD>?Q7kTWT+8IcE)D z>6aAk?HQwbAT|3?@b=@HX2?lpD@=BOreYo%S|r^& z(S~340bE&Js@1;p+DcYz-b;ULx+E0gNHoJZYKd{-Eq|BTeJz~ER(|k#qma z#gq_G5JE?0hT9p+RQEb5u3nkzpu*jsytmS?E8s;=C?a`bH*N^`Y9tA)RuZ@9!+V^ELS275(S_8R9fz(A5iC0;Qo*T z_8SCfO1gKiZ_Hm+gSsNX;pnCkk=QbdCPr@W0z!AD_PGq+GAVi+1$6{F3FIQ)+WTWb zgUFsJ`+IMoHtcru1c*E9oLKt+3pi}X`y?tYqE#|}^Lav4<+w&zFS&9YEBtO3) z=wf7S+baLQ+qc27_AA3bn5pI?-QFcm2@6WF?Fy;y=ex2jr+PZfixQ!n3*+Nrt#qIe z$l7l%v-Br~_xcZ#?+5C=#N%1YYiu#2CVo`VDBN3z)?x;X1dmmG&sP&-WtPf04KkuM ze}7z6B>45lHZS{i)qFRncom%{L4p`aa?xHZ`@kSg!e|#*878Uq_TAag|K`rBxnN#=-S$8B<{U+Q3}ZBq$1{tlp6ctz5E><%8aw`>TIV!S}`0+D4L0Z;KC ziW6VC3}hD}FMP99D@vI4^;`AUM#LfG}tNZy_C&yM54;6969#9VQ6M~ zq~SY62L#_;0i0NQb84cHZ^+X0f+U`HnW}hGGyUjh@ynps%>6vQRQ&Ft=0_rl?lIZH zmPnZ^rc?>Mt>QOla0(MX-lS^-0UnOvgw*?i$8&mS}&*gF`{je|f=Y53dyCDcVTtf})C z)N}RRbS*)Ld6Xmg8v{}qj;fwG9WpZbNbCRMLCjusJdfq11u0r;IL!K7$ zkLY#^DPdNPs2Ojsz9?G;Iq)FXeC8?i**Qn)r9nTp zh&ny_Y;zkBDl%XVCz;wIpTCv4Um=wnbS|vl z^)^&c{@@zhw2(Iz?+uLY0b)~y;*V2#SkV+l-9#3u4_EK~XfVT$jt2+~I0B`%RYC{SjLW?oOkq8;q}? z-M=?5Iuu(jmU!`&AMt~=pWm34!F!36|BS&-^5)`myx=_Eb56j&5_U@A*{i4cdg;oA zaRE0ZaHE?;7ledmdb%Xe0~Z{UW!yyHMc>;&vg63_%&qLGdsrul(OagzUtW*WyltAKSyWV$ZLcQ1mtTnO41Ps-?VTpR3_?o@1SK0KJv$K5M$VXX z`XM_nOG#v79U~yC+)d!wwq8QnBZ;-FM{Zr~OO5}uNg%F~8;ZW4P9*of)(?4q zE<6sW@Yz5%yeP{{CU*G!;e{NvStxBw)W`!EaMv?VQML0)ZGdBNGI>!lybJfu$NZTc zXOD=nS>9R6OdxzegMW@%*Ly;~7@oZkt(VPD1YB0BSq~!T@D2Gv6$2tJB2kw_ydm#e z&QGR%sTNj+Uo-qlH|ybloDC%<%7r0@dkmA$LSm)XI>VSKDmJfM1jNq4=DT}Q6miRu z!6r%`4E#OW8G&%$nHIfrpwAesz*67~I2|+RqWvRLL0TjX6-oZYQz?(#I?=zp-9k z#rl-{EB?U1HXkGg*y_m<2s@JT`&p^K{OH;p3mOd(~btxQKOJZO%k)n{v}^J_U4X#Dd!?RYQvKPI0_~ zguO@Ygno&WiGWNYP=K=pt)3!wOY4BM5=yOk2z(@<^MM-Wj?><1B8ebAwa%OZtk5;4vZ6k8Xn-zYS9+sdjbd^08f5y>2iOxH71PG@ah(2nDoX1Tv*W`^&J)-g zEDqjWnCbhmRn^C(8V1k&nSls~>8;irsu_)PfYGwGPN0nk$Cjg!yn_qez%`z{R0@K@ z^nw~DeDk-BSTF|rx@SO;PN@g${Q+QB#;8J9k}%4b&lgy98NdJYd}I3DSV3n6ag!X8 zPQ@7h=qMC#;INxizabKf5Szo8bnOpib@YMueucPHy`>FGxQ%HnHiiLr1NBuGVHlF+ z)))D;t;bCK^wyoZJk{{`43)Y=WHtslV%W`&W7k{Uw*LJ!?kntDj(|ab9C6tT`{3$v zExhHEVgUe@c*SQj=Nf1aZ#06kSoVNw6MNHALvAnsd39Zw)%a&pkyH1>$$PTUwe_GK7gzm&Qu>a4%$2*|YX8x>}*79Ys8 zhv+=_k}|B9uRS`jd9kJ;86iK_R@^T#b&YvE-_RCAEbs=anCt4o@#B#eS6qC9b(z?FqiHl)cK zmsm}Ej3i?5Yl22E7Vwrbjzipy8!0ybH|^yOgOr}5%|dbmg!Eft!o5%Fosi;jKu7q; zaUc+3HgOOHE(3TgOVJaE=QuzVpMs_@;8=GbE1EqNbm=W;gX+K7bYl^2s_{*IlGZjxU^|R7c_S?YvQFOXQ|G&MdInx&IDHvhNw9g_mNB+dlj-Rk~E3*kBcA-5TAp@v<6?Wuv(m0X$Gk8^IW8hSZKg zQri)hhlh1=6u`x1!Dq){^eyff(yyW)G-JQk?|Ax^&AUk#{ES$cL650LJ0oX3$||}_ z0ietMwf2YqbD;;Pq|^t6*d32SZWheMCDx>8FU+bF;ykbCfX)TVOtD)C$WO!EUI|nm zGNS-rz+Ltahh2ouG!>D;(Me2F8dY^G+;A@BV2=u-(BqK$%}~pBZLaT7=opYBY{==K zOEHKXWS|@LD+W%d_r^ie%uurY#h){R1Qv&q#hYMTt5iLzYj)z0qw8ICiL*d6aD4@H z3E*!={%qaYMOFX+HcrqwBbc^6VzF{N73~6>BTUfu4F(lO4{!;JUd2amGJWfquo&Tt zVC!4O$YG|5j#fEJip0gRs6!o0!g(*!S`GhXQ9U;WV{p^-TQ3zT+qYHfd{O>u0^x*g zr!as7{&4i=dW&|&0>pr$j$+2s+V@|Oz#l;cRbF$kOX3K-aV-U?onJnd8Hpx!1iJ3{D=<0;m3ZX z>B*)By|E>j>&j_VPX<21Nme}nY*~*+ z+PS-Qf=qZP0$wI2%fFPKpp|-Khbnps>_je=Qz5yi!6$*ccj$8!6uA3E;FZwTbo zI8&}x9#>j$okBkS4|Is4khGt9Q4;?ShECQf%#sUP7pEU^`2mYI^aEznyRKNX75~c$ zL0bkE8-CQJsi1Dd7r4iyF*U^XhKE!usF8Z8rx6v1r(LL*Xb_yh&=k&5Pf~U%d}caQ z-U3U3DTbq=)0xzB#)VRn^y23OHpJNxW96#Gl7qX@;0oJmxv#aG-%_EjDy*WdE-uHW zon%c&c@7heZ`c}>r(+6@zTeEzC%Z&PF{RkT*&@D7Fvh(63r ztsjOV#U3&0ZLwoTSSO6|-e2)m_IUN;v)z&$CxyX>XGjBt#XZRit_o=Ca{+w28HbX% zNu9%ew8V8w?-A}fQVV|Bb(Rw2uf#^#puiCBN~zN(LIW}$I-iRFD0oGFCd3&17kUotI#ByA<`=NJila0QN-$;RVsdlrX{@vUz7($vk5)3$emL z#{32IBMjyhJ>^w~<{U_~;r*|!b$PgIW29QhK6vjiH#{-Vd@OiP`AmSeIwx{iKb)TY zc>{#pLQ+}##AUnvOH`N=0g4r6bs!!3jk%vx>e3>9x3E%?@D>Zc-#LCG8^8y;<@$;c z>^M{uF?8U@J>+-E$wFpaNweN`L)e+`@4!`6g>#1H6^@?X{ynn;edTD&*q{dz^tJ~N zrkmVd|6wd?Z^f(SZ)bR)kdr0U5Ds8Bao^6o9%?6~ctoh{@Vbg<`<;5+8}+1Nk1lbtco`E$>A9T^uD9{5RBJ3ms_Okh`EQ4@`OL>K^%V`yqaa}34*7b?@1DKkHZK~y#!=?JA3 z)<2VK^K5w2c*MlWi7q9+F9TaqNcj!xxa*T_Z3K}#Y)LSz z)<^*j{Kga?0a{t1Ct0Icl>prL0Lz|L1>nwaN0|tATU)X-wJq=?YzcdIRc5f+yM*wT zFq`2%@~z?0i{F42h2CHBD-7UB1Nr|GJKc(p#j4(o_jt&Kmyu@zn5BN~b9@00&gT*p zKd8cXN(2YFb}UOOgc>c7<))pva{+lEssc7{_C;{lc&vl`n}G&L=+4_uckNMb@PNzQ z`lAqp5i_rxG|S-Y7$w>c9pk~oQ5TQb19$MG)6=XnkSfRt9v=_{I{MWS@A*>$kmP=- zm;Xc$l^-o({PC}_$(ZpA^73J0oh9tG5mV_K{5iio1;3l;N+BF@2CD=}Nz^*suETFL z_aPrR#u1C&mSpP0#-=X3y7hCzzVI}W$WY8|MvDPq0uR9d7FrlJ?MAi{py}ftlvPDF zN!mfhy1AYtyp)Du@A8j29unwfkd+#s<097NNonlo6|pgbJ}(7^xL`*d!o7d2U__FX zFwO@k3|QP6p)#RGU-W1$wqkDRjxvVN1uC}1I_9sJhW;&xEOT2KkLgc`V8EPfenr{= z=<}^p5*&wwVKz5wrTYBeUrVu)U_;+3G&oiznBCayF`QNDUBhfK?0RR|R8jWlSWvn} zAavY!E@=JEba?@yBcL-BQ1YhEfX-^mj&b5{jC#8S5~Y;X(tR@9gOXS!Bz9`Q%`Q?J2(m>-XQV#d^pk zg(D&Lyq0udsC(#gKA@T>>fP(oqU%9)yPcXm4+UeA(cV3dmjAR>IOkQK1&=L#yFLLr zxel7S6gx8}DBO@gK$Y9e6DgCtY9hCBR7J0?&l0|}S51|k{?rBuZeFo5jIX5Z;Lz4WwqflkXaDJ#ANbi5xvXbTXpbKD`a z9`QO@`j8Kp6^sA06K9H@Xa?r~#WG}8rl?aS9La{jNr<6BQthg7G?_sviePRX(FCG6 z#K1qq)m(KEP)1lLfpn7ZLOdi^fhdXBvv=vCqpB(Zwb!P}Nj%)`lb5oAJ|Cft&$>dD z^Xj}f(paLW7R>V{O8_^$#xSPQDA)2&u_e_%RiDg)VKY&a+Ou%oRh_G9I|*2aS!fct zm|?L(d#tA?Z^-t){?4ukVymM&H;xLcu2Rtc1{={iTD zr=3IsTXFmX@h%>Yi#S<%&lZ#a>1}d|85y)xe)2=p;tW`%lFLlF$Js5w_~7Tl5|tv^ zk!M}i_v{a!2%*Q0SEOu2G31w){UlE3ayQ{&yQ;=#t#%8t(`$2F_h7hyu1ot!?FM>26FU8?ys4Ard8a0EZ8UA$4 z#VQmVHrF+YOM2}P+dR!aSvnXSmm^Qb7-+aJ_@%prZhs|#H&~r(;DX)U>TI(&jMH9x z<4>v*^w=(BNVr5M&sJ2^y3nLu>2e$DbfGiM4ohHPPI5rTRMZwe?7`8=ZugFE%IGJxh zefsN@pK3%!d%zjpxtHgND~EOWVs;+YW`y5`1}~jIpr!Io2WE9TR3B0eS)MrKz12G_ ztxIcGN>)^3FK1EF@0{0H3?ScuN?@@pr3GvElh-0-&CdUzFCnZPkH_yvg!@R)KkZ!5<2z z&mc{TD*#gI8lN0ZpDVc=gQv&N+IbMJu6#An2txQ7A0`1cOB?j!@H6hI;Yj9}0TAh- zS0GbFkfPZ;+kM=m)R?Cm6t|Da0oV=yLc%qpha|}pB%*cxey3a{nyf=3a)^X+BU*W6 zB%_<-S&7H=ITF~31aLuK$}&4MIKJL?}$~jze zN@WKDjGN0n5g+-hJxFOL;6U|kkTWH3w6=LaLP~Q-s$mGF+yX-HP~DO(Tz@G-l$-$S zs!J-+#z+f+UUt@vHyCR_}oz`ic(fnrQeHRT{w{|`{4Zm_Rf6bfw9 zN%L=qHdIbQkN{&QlKvngh?<$4zU_A;wkfm6Gk|(1USO!THM0)HSFMEmd)0>p^O}K= za-)j(Ti4$arz@xMKuuwd-Kzx#nY!rfza!vzPIA`-0mRbG2pDu-Pl|b1+4?hudxe|^ z(DNESB_`T*2`5Cj^L0Ue;fQ|MFXA&{zRrtKMSPAc(7I%dy2(dmj2MuIHirq8TSiKM z!fN1$ajzXhk}k4Q$JUvoWXg%5;!<7g@Z8BLX13=b0hm_J5SUYn^n%B8&y~D3`NE}H z;Qr(tez1J~wBvhCN?Y&*qBzanN9IHz z03D)ovD$Xn1qYwS$Q;!iD9#=ZeuF0Usji&{j6^8mn@satFu~6+u83sPJ6#l_!g&I~ zw4s|s-pI@j8@8nr1wt9)ZziQ@ka!sjtYjr)%+ z$~{dfX1md6>DVadz$OmDCJ|f!00000GrxaxM$Y4<8`zU)+E5bS-qu+o4rS$U*GHH= z0K^a5McxM3YHr^F5ci)7vj}mjS%GeA000000B|k;P{!?z^qxAk!)!6AG5-OvIgowP zGSK+8gf+LB+x$tVfT`$bdaGy2QhiOha(l{)SN9h$7ISU{tUJ#Kteo+;HckJ!$P@e7gSR_6-p}Pnm_fP`=fU_5nt~8deWCYr{q^Y8_ zRhIufB%(yXfZOSZ;r~jCKv8c3X#Gx;2Oi(m^IMxDQ5%aP>l*Mn*@yVu`J8m;#p`V* zBp26AXtxP3*NdL;VGnil3avB%1tG2_fwU89W7MT$ZV!}T)@N0uD%HV=S2$Pb<}7}B zGTidDCh&A}nQS{FIy!hOQ;>U~9a?yW`(R3F5ZE^v#4vH&_T zl{_!VMGR2l(J>ZFC|bW*6r^Oje>J>@uPghW->Cbjt0y)UcIw*o?-!l=A(?XtF(gU> z(3)M{1-$K+9Lhd5!%a$zNJT9nN`6-tTp4Rq$sh_nW4P}V2f6u^XO;N`b{Kbx7`b80 zR@kwbTvqEosQ0&ag#D*}y;7;+C+9yGV&M$VXhJ%cXlh@)*1iM#OD-R&C>%AvKM8ix! zb56^A(E4*3{+BWdu-@?8u~+iLaxxerSMQjNQpkg*_2l@UtdsnvRkvXrDXH=m;6c05 zwMuzI3XFTX7`J8bOA}@jvGkCe#Z$i;9xJZpZiI^{h=({KfOK%~DgyDLD{MH`f;l8M znVA=U>~U5?%nYAK7K@{v^-Q|3{$^CBZs>E0rN11p(!uf0CzfE7rYpkBgzc*6WEO3N zn17Bpw0Cd$b1`FU0+Ti>^$o&Zp-UOjwJ9HYly7j=1$|OBBP?)KNS|!*tFgk=UdRUY{Mf#| z?0h)D_E~&sR(Y3jofZksO|+uy^A3`657a>l_|2F#{mZuaHfni%`fWJw_P&jJ-;atS z&d2kOEZ_rc)0r0Bn@!>ZP0xX4BN~^kz}TT7u^LTyuY|YJ)Uoy$Q8i1$G{^a?39ALJ zklnXssTF32wPXii)fZ$-2D6gzuAkYaD4FcORAB!{Z zCQoS?_K94^D5|?RI1~d>=jDb&Gg+`Db6P#|>m8Gg0qj%nG%1`tfWqS+Bf`?FYay4c ze!$iQbr16d58X}6kfY^OsPQv= z5>bdm+upCj(r-_9i)q1qH^}SLl>}m2TTM<6!AStY#P*6Fym-#}8>*&ik5H!l_J-_4 zSk$n*x;Fmr|Fkphe0 ziS3b}^_vqv^ol8!zzs*qJ| zRWuEpR9)|7(hWbaN*ZdSoDmrZn<)zevmF$Pnq9Y409AJlinm2?O<-AP+P6RH>jc(; zG(B;sjWkKEAuH0j~(<)nh`H_|pPa zg^^7gTDy%1{Px-va#*9L?DS`34j0vw0bMEzXy4F?ncR4?KH5}5_H9|zoR;^ z2@_H@o|;Oa6iFMtrE=%)bvRA&dR-=TD=t?iBH~TaY{8po#S)WgIo#q^cdg3rO0HGY zg7SC2{GOppwpmn{HX=ij<~;tXFeKFcUd29YFWc0XdawNvi}G#r@N55EpEQvzkGY=r z_=+dGV_@3D>(0he%F&v}r@svua-IXC;0peRMeoZWLjCx&RhL|k5C8@7q#BPWWI3s@ z?(*{7x@(x)abSeK9ZGIHlg>EWx31R4$kX`@t>%6Cpoc0ze|NzU7#j3t1@TI{5N|w& zOo?&|l)9UY3FUUy5)zvqL^NO6k;QTWA4o)LYXT53S6tvK9D6;OK|_}hSvge!MgQp) z`L)=q-w>pMmxLaf%mByW%HZT(S&e{$KE%VL`kk%PLX2hiE&}#53P-va*NFJDxK@9Dw&!La{)=ri$lzw9Pq^N@>+hD;8-ie zVKCqz@w;UPhk9G)8nO%D&`Yql$M;66K3D(%4CZSaV9x!dhgX`nFhrpPm(XN43UK%^ z-9+-$pN%XF#HS#`cU?|s9r(gCHss>`cu?Hd$@jhZh)WzYA< z8&+;A2XHeJtxUf_|c!gL7s`rLBhy={&%Uo6scN) zli1-DIn=5Fu)a&F8F*K;vDDc-5U$6`K`iM~b2}e7S2gHy2`$p-M=@H53|{HuV36o0 zvBuR!j6?ou=j+@2mYmG)i9SR-e#=2|;vHg>D)j+5{0AurZ&xlS@XVM~Y4TT4c@#V6VsgL30U}b%Z7(ZVsa_7yBB)w#B_=4P+>l28Y@Ty zH(g}Q=&4q#^`lwI_&Lf236iIlM|t{uWGQrMtY?D&&UWGp1DRv6w_9ux9cKA;YtpRo zxz_R>(;-RcOtr2+Xk56stF|AM$l?!akQo32`)N6HdRFDowh;~yOlY)|9t`V?A6^S| z--%zbtr_WQP>RIH2tLw4&IA%3SdHkm>yPGZ;MYwx_}ym$B@T3?&QdD@Y_3$YPf?Fh z-pHK$ew776q0XbCNm#`m_VZF3Fq-U_Sly9&Cft>`x@2p$Sy&BV%8h_TPDNK zS8II+`@M+Gvu2WM)5lqQ%`JrU^~!!aRMkISF-jK_D5oh;#lw92s8{)wLFmDY3B-Vp z&2SbIG)qmnsi!y`Uylda&mxW0O*a6)skT?^11E50_AQi-jw_hedjRkJ+(v}INSfc4 zxx1oi;Gc@9$m196YsMPMqseo}3a`j3T!V(_6o8Uaf}01KONpxhYW9(`>D%?k>UK(W z*$|BFrNy8OdU(atiBz~lYJ{9)dyxTte6u`LWLr#m7RlVxdmZ`C z)~9R?ZEy=G9=X0qXy#;XKhM%QOL0ild8Q?Ze!F%y@1{puhp&j%*+HwaIM|E!>nlBw zxTlTw#g>2T_|iCJF&U+k7pC(}E86ERiPkHWCx5l6+2ku(SVxm^`aSvnmU5Ryoh9d= z{M*rLzctOz6%+}S20$uMcP99;Q&5)`dx!-i%V5Bz@K~BLE*8@Lg0?nE4s5lU8 zEj}5-R<(6=peAgoe;lhMGbN?em<-v;Q{|F|ls# z!^cY#wRi(t?i+9vkc=evdl@2^Si)FV6MBgC?nxmf;|Gb-n617#dhB#z{D8HXkl&zx zZrqj-jH~0X{u%sbJdEGl(O~RjR<&8{qruI7=K+G&;ppEXLTzs1~P^WM~@O|9yG0dG@Ccgj-i^xRZAe^Zexzi+{H2yP{{qtD4Q}q z9z(~P@eFXbRP0r{i>U1_T5}kcteSJqTIgD{fqt%OzkIps7=h>26+0SsGwC+jyP(Ja1 z;le9At!5DX74tVF)6}Kgv!6MPerGgP883pt^{H-`Vd`_Xo5*KKSm8hxud@6{%Q5_z zQL_%+R(}GKsJO>o%0xrtVHs8wLa@`OwR^fO5%28VhR(@8QDUdFwMh$UwZq3oQc|2J z#@z?nsnejhIwuqe?}?G^R8iAPxM1LbICIulVF zgyst+iIbZiaLHw=f~7wRfZWntuWFPRMcdbd(=DQ2TcdDz$6V!ah@@I<2!LwxCLFQtqqYiEZw6ps6H4M$*@z%@+O={|TGWiy>k~-(VI;*p_&yNI z=c$37teGcyQm;j=eflyk*QPL@d5S7$o`pW2wK3GDUg$U9y$>B5`7uLh%5c#hWluhs zJ*EcFa3YE<)E9gtOd&cOImopQTPmP=R{$!&P#cb=`v8~h8^W;}4(&p9GaEvE{>gVw zp@N`__1|?vT^9G4wQW~*w>JYouA4#-;V{XUf3;vgfu+Da4o#w1V&fsofNm zl&bqr1cO5N?e6_HfGV}-pTw5Yj%J!1$2TAPcHpbNnsV(cT$eq^G3_MC`Dw6wom7^_ zZTJ=NF8SpQ2!_3C7z6D7klEFb^hmr@u}F{ zl^&D(+TfZJUgVHpyc-ZUEqNV7cq4#JJ9E8?I}sx!%&{LRkl22h_)CH&@&3iX`*=q} zCE6%AM+~*C2j)5**;`Q88kq-~qUict(w#w-KyzD~SFFv@WNltwUqaKChEblCA^_o~ z)zkRo5OR;OLfpGA>6UfMD%e?#IK8#g(am#BuGu%At?6^bsJ~-H0Y}~d*&Yi7&m=YV zrsPk!%eWddf|DnQ55O*o@qjBS^9fQYt)X1f8^jfOO+JGZ;yO7HXymM72E-THkdC=a zz(nVECQ$vi5MMm6V-H(4Y*z^S z4ja?u{HEr2KYr13HI@W!?ZJlFq)bz5sIxVayWG&JdES#RbP-mPAmSaBUcVb2BUB#( z5Q#;KxOpQDtqaDXVbQEYRxHJvX*;u?)S5}%t518R646TsB;^$B?}`4}W1U0PFu16s z3a^ktzG`LC(CjVi!=<8EF-DJh^(&vF&{HbEQcjq=H6z zw|x2Qre-v>4F(zoQKwsv=j$3WB?VZ+V{>Dv1TYl?u>V=@w)|(-E=w1gQYVkc_S7ya z@_3m7TLK#$w!xRad}~RT@?dHpdnrMN>Gx3RJGNc)R$V>*S>;gZ1_!p6+{Sa(FZLtk zh%jP=NpIgw15b2J@Yj-`HlLf}s0$D#PxwGCt@Q{{gHmOSo_q}*{FuhTDM8(*`UrWYXtgYxXOASM{;G1yM z7f@uKO%r52GUA53sjmr+yfCTPfStMx#Ya7=g#-bzm|IHx>LYgS!_VGKWB)2nFzbhF zw&*y3svadLLlHZBtH`!6%%zRj7p^Z<7_mBCj0Qfur}3qznv zkB3Y75wjx`*ZprunF85FvSGW0T!2nqmQ4qVvLT^_qE(Jc*FsP;zfcg@^ML+~R~zl6@cPgOp(2sx#qe$anjJNY zNmZq?g2F?ADYeyEB(e#cf~OZn}y{9zX=J95W?Ii#wuoW{xN3Y zp6A270W}iP8_~-bB7q$ih1l%z;My1IGjg)xxDrclmb^09<1yUy!>W))h;#owk>ynZ zcnr{)#94JkjBpJ79ftR+?|L4_YJgGvB8%7#w}BF)F!|ABalT!Q0RR1;89IEXj>Ro} z?c&zJW!EkE4!^jqoBE_agGroiEeF)O5z7_a>3gM)Z4Iwb5!*kZ@Bl17fGqhx#3e5g zxZE?$M+HNB+5UtN++w&WNnGWmBWR`eA~+t(uwC=!F{f1(1`qaYIOA&Q(5o@O9w$_O#a$ZNe}n%|HMI zTBub#%o?=|!0@Z(Q~cQ@aYc1Uu*}Y)%L$(E)l4}$l18%2K&Qo}vMN--peDs$IB~a| zmZ;ea1)MBoplNjFAK^uSxy?z7-)<=bf^eUYAx{iN5kq%FIN-IgJIQq~FgKd#ZkqOS z@W(;%WU&{ubi8QvO9QE%zxdMoO6n%QNbxE-U80n&R|~HIQ0Ii_6gZH}H%7Rp+d(da zpmMm@E-QwH7Ck%R`+kS}+qE85K*5)XUfJ+}&x+f-l;xkuHjmerNNzr#+Rt{R72Y4r zV@Yl_HhMtm=$uavg1_CuzmmnQV27`Pj_tyFK{7_`l=b)FUs}`kI0d9vnsS(lE;Pfn zhvKBM&RklBAtYsg4a|gnuCT+a(--QEp_ry9gM68A186vv+C+Sq(+hP#-9fG6cLF+_ zC8UF2HjB7t#xn4lxjUz^bZ0v*COsmzo+ZzpXhloT@lVC8kr;{_OyH`qKahCu`C)v( z>*miRG8&Zo0vtQmxCCLqKlcdxTQecPcnnwa780DKeT&6f+L^@fOi||*%FOFKrkP34 ztAr(nW|cWWCfSPnSev(UB1@gOPHnURR?5LVvZ8g4J=2 zE{70U$#3d6MhL`92gsv%5eM~L8)@;JhmmFR%6YNr;(m+go_dK92Z9`r=c!LR61G$^E60l%|I7>CxZNHpfYP#`&o(+Gb24iUz=_udDO<#D{o{&ZRj zOI{>`qT^CjajKj=Ytr(NtlJ6HU2n~?VP*O-8y<&xUdE@Dk*=OUSU1XbkNqz zzcE60Vfp)4kvi9$QsxWl2!g8*W#z$oTu46>FnH=hJ-Mm|!V>Gauei4#FJ&R1j^h7I zB1|KW0YZ5#?K$OZes*AgYbk19AJHdPYXw9Rd3p zx#{yN?W$uBrRl7Wr}}gZ*1+SydeD&Oxd28$xxeH~Ih2}XR3zPnd9>ASr|KNtt$Y6- z2q_|^N$G2yh9M^sq7!@;=-LP5)*h&M8_ox7;6Q#;nB9fm3e&&-eDxd za|tN$aC9o#;r(@y{7oWmo?o$tqwTT$`T9Z5U*v^}s%e)CQ%!syH=rIseaa`DgTt3< ze(?}rvM#yDoce9cNYm1bO4~81=?CXh#fzufB`QQaOW?_OCFNpZ;Mc>L{N)sq#HYI< z)}L8KM{6^9`~i}S-b~xBfe~?skTpTzIbqPq5>ynB^ldKb0}>`M%b`k$QD};ezE(xR zl?K0pj8ez^(Plqn`qWf*#QGcrOMyQE`~St7mox$dm<5)Y8vl6k@C*BGG0Rhzx?~~6 zo)F8c2dUy@Yz2K=?o)13JZnzZKMRN1S!n_B}$^`$M*m$42Z>FF?Q64UqiEcJ^5C20-KnQ4EOFLr!R0AHJMlHJ`&fEf!L)01^#hulKmY zWmReie*KdX)Iw)I--5ZwHtOI@sgs3(lgaRM2)LiZfQ7F|2jMb%jhAv@?G=00c{ITk zWqQW>Z+z*qLlpfIF&C~n1dRK_pY3)Cf$4P#ZVWx&|3aO4jcah1hoiJEm|4Pa=f^h< zG@Lu>slx?lf{G3r@rNq7dKPZoOZw5)9hGc$2s_C+6Q~Np!jlZeU!fHPCLm}(fw%x$ zF4OOK6K21_eY7%V89G9Jp$Seog_~4mh(h^z{y-33BKFYXNqD`jaa;YaO;AejcM;?{ zy7{*t4!uO9SU8-Ab%(=2t`wJO=3U%{eK55>r{1LOseQ?xfB@q~;{~2y!4O@$Gwq>r zx{(!1jOZ|CTmW_JN{ddcCVrDNS|4wES_ip_``(we&PtbjjvUPEmxbdUvpqh{nBo1- zz~mrh<#4(uhMgj5!N)svWgAAn`eua9De_v>x~6~v(l8Z(lTI1l%sd%00^yEBY73BO^HD@69(dQ1-*NNZ7NsKtdzN)leNTSy2Y+%<+WlCso{r#lj z!Ws^fp0W=Gc^}I}s`j;lGcsFNFq^35CW1!vuENa|h4c1i`HR|p{cd1!5_qGSMH5JK zt4B?m##fh1YV>k*kkvMDOl_wvR4h3&zPkd2AO3u-QmFs?cyM>k9AH2_aLSb;Io-$&0qS2ylA; zJ&@VpuX<>D+r02flOEW$>Khp3kidTNJS@3~RWTUXqwjXG9^Urns3(qf6vIak@)-4I00GbrxhWQu6srRxepq?c*}4bPjVK&G+=x; z0Z*i+G4$0<>99jj$owc$0TE$%QkJw$3!q&+jl+nAdZ5&SFALM50uZgkJ1ML(=h~N~ z6g(#Wbeb{M#QBf429@I8VqW4%fN2Cq`_ChbJ?cNyJ5Eg5DU7T0Wjy+b1TYZhJRjRe zev4?KX8V=8R=SuKhU*^$T22gTr-bHFeOGIA=_d0^&e`htf04zw58?u`PFFYQftxhT z_RVukSqlrk{1LU6)-B`Z4ne}9(ZvXuAQT@5knySk`0V7R$KOh!NZ!4Om@`HYcyvZ+ zNN=R{7v`^w`jBf_a2Ph-P<#G;jb#ufaZi$O!i}Tojh5vf2z0}>h^dc&qK8;$ZVO3FMCA^) zmojpW64J1sH*KB!_!z%S-E8ro%d|c!!1t!&Ty*dHg5EU5(>m zp-d8aBmrE|pBJVq5vl2Z#?-B@@TE>dSdt=70n=OX6}Rmy??#cd;WV#xTlyZi+!Iyh zc$c@&js`e^Uys2mt{vU9RHD_Qe5Q`}c@_evzlTc!)zXi@6J&-_>@;gH&c5#8cy>f? z#kjnL75e$_4+3nu?3o4oK)Adc!NBFBM9caxmTg-b2jp%$DK}byZLgh9C!_+04w6Rn zz9iz%MS%2SyI)uvS|)=6(qme04%Il^#?79$s+*TjtiM%$Ans;=+UIL|0sw3@kRVvu1gjeT-L zAp1U$T5Sx=iD6HYVYE5nj*ImhBgpD)8_IL`wNoYv2G69)L+;-$q)cNdp(AB*p z1ugrjw$1I-%B;CMRFfF$iZa9iOW<<$us@_ir+rKWB48CVImjaSiM}&&Cs_>qUskO0 zAX{PQ=DC&BsLq3!ym(uJ>N3uBrNIJaL&dN8=a5ry{&G>!7%2ftHNor$Be=TzGEY zIO`_jUGv}wsfrwsL-bM*RNE}}+KIPC?;sHDPE5oyB>Nj8i_F_VH{Z9xDVM#j1lnQT zqs~xe^`Z9tu0{o6_LI(qXfh!IJ6_6F8hNDeD4^Pc%%G=%pb1q9ohgooPlO;oDTaiT zwqB|%#%$J0S2%k$kB&scx}o=HO)LyVg8gW`MdX3E0Z=bpanM&4gz|^oA>bGptFa3` zTpR5LnC+UixN=s<9Te;8T3gU1N$?63gAeBiWQr`#$-b{=2GdYd;J1;UwmP4X`94ZxpbdyF#WFn8PqGhks|4C*0j>H@U;`q=S)r_y8HsSm0 zw08`3;*(JH;gcCAzjydGcm>xeVwG~rAre3c2Fq(BR!Jj+XnPlsK@WHdYSQvuMA2?E zXusrS@e~$pw1VL{g4*WPBhx2Ir3FK|b+-g>%K1xHe7|P?TF?L$9nUHSJVz7pYWB$-1-geHTh@w8$A`cp#s_?%V$CTjk6FWtptw&lh3ot zzrFyQ00sJDXbWSxyWF(tD6F5$M)GbowYN4ktD10d+2kPo;KxfPJAunrES@tcE%E)U za1ZyZ;%&W|U!cM)yjj^7`Nd{Gax@Oy7EDi73-u;FWdYRtDXVKMgY-ry2DmyoNBOS68mbieE!?Ej}wX89s3C( zg0SPe_b0Ej6OL=9Rs zKk`Z#5Po1-&Z4}^-wk7J|IyMSE*S?lw@t8|zkv^!TE81SJbA}kT~i9&KA@|?!;h=< z4&vYN1i)$X5O0^rVK5Wur*ghg+RY?6)@93ln7CPUo8XLvb0^(XDnXIJ(vp^z=zF=a z0nAZt&!bsqqu`-H7%BdRQD65w@seJ|*yf|@b!)pgW9RGy zgQWWKcQbXbLwaw)kWpq;CZPpLIVhJTGG!8zM~O@avA`|GEv$q>8fE-lvjlopWy3WHgUi@qBpBI@7u0gMKH_ zAqC>rS?W!EdF;)~qo&Tkmds7=NALH@GcN^u6sb%<9m;pFgj*zdm%>6XwOOn~hWg3! zMSjMSnLE}zH-zqSf8wz6`82Jdzc$~=ZvtTMf+r{62J1nfW8rS^Dd^~Dqb}b#0WFjv z0QnTy1g{&?pR@@^m(ojyc<0~I+?^HYzJgukD~UV8Xe*N6Vma{nfC=|@a13PRfqv- zpauLrK`IEGYOkL`*mGS}W|&#N$+4GnGqmB!v;P^&@BLt}m+7?6WQoKl4FHY5d#dX? zFOokJCC^d{2tv*PUBsZ|%yNud_o-6#&GnLXDVD+B9e;HvRoUzb=&6u-i!Ta(u43nNHa){LIf3{`LJi=`y0`4n2uLID0{QQB$~#C)_*p8_P;>oMxcy zx$4kzL&U^L&-Mf-vCmd>4KGT4#Chwi)5(f3R6$w@TqZrq-OK};D?k>4=%58;#*rzCreF%1Gt(s4uoHqm7KuD&clm)Ptnq#<(LjRwyMvmB!Qu zzPLteIW(?!zzSAe@`iGAhREmlb|pFCfy82bVX&NkQu^c*HaE>GkADMxk4}$!P?l~P^eq_mo3On zAD3F&^PUJ2Lzg4pVskZ`S8tL-aaq<=(9@j$Lcytub1K?prOxLCQ4C9?CiXX{RL19- z+;+qcO9$}OT!Dk`{Ql1lU`qhb}`tSF>-AB8iJzc*YMD=R#L|l)X&Z~N>JC+|2=aAWFDp+F~ zg0)>!23+ibEm8oO@-*mdEW-KWpRt`cR)4gMK1^3ty!7?Cna3Gcx8z1z zoPr7DP6ifcNS*MHg79zF-i&J%``ryevl;{TUfFsf1wJS|^~CsdqRWOd)}Ig^Fa2$5 zjf?yL78_N9X1JN1U4dGDkz5dQ!uVMG%{4*-Q9Vfedf=$zAr6w5J5cu&RARUMt;eWn zTg)dSxm2hgEoJ^XhmR&+rac|w0IMtl4nIQO(i25xO0aRt-;MDCfZuTRZSUTV!Keny_#o5{#`y(u zB59mk6Yby^J3(tz4HRqW1J_zs_@oUzD&>}(?ZQ2SUwk&fI8W?94plFqsDa-SSc)&K zA|C0bqPqb4KV3QGO#S#X9Q0G*_)Ep2bPCG&#j;7MfVK!y&gzMsIR4exH-_;>;SmeN zFB8NR9B2+ng=YuFjk)7`cnuFVy7aPXZu*Hav|{Aa+=Ce_e=v4bV%ZP_WaPKD!w#`v z`v6ysWLy3qF7NnL(swoUyV-8GE9S`Fk#=YfxiW65j_>X?IPBBZ)R{RXbf+}~qM7yK2qf`|b z5O|pHuFohM=SR!EPS|rM<3090i~49$b{eT3UKP{p5)R(c zD!J%mjt=_P@i^4beh|!nHTS7VXg`*{6E$&lVd9r8`AtN{|0XtJN1x99poo43EbtT+ zh=yc+^j&XLq+V~pPjeEct2+_77t~GC%V0UW2Zq@$w55g1rd5jcwUi7|pjuA&|1vjz z>YPGT=WVgVp9k{+odH!S{nP`xcFLFISvL{6|X8)gTA%{E;hjeJT-5gLdyra&Ce)p^Bua@pHo9WAv$C0 zP#^v5zPJ!xQ`5r01|X)ewleH1jJrKSJ?m+4u3}#^biYFOe8ZSwk|-U!a|3NT zHijHWPUelD030FXJA_jC{0o|DJjpmYc_53gs7L4w@Vm$%3*N{_xUcLueqw9XyKDns z+!On%ZWm}(d1&1=QF-Y;RpsLO2n|G$Hm%E-gzm4zb%B^dcoOleZ_g(c-XGJ4n9&Yw zX46!CjfMWTIgj8dvUAOtC1PxQj|4!ir{rP65(01-#M(u|nv;-h2*|_z;uK+PHTjGx zbVW^5y}#>(7Q&|^p4x~tFM6dlW)4^+b|9lS2Kv}U2@sEP&q5RfD$wn@Kt^ni6DVuD zE>mYGIqoGYd$H!{76eyPS_jPgUtFBq zKjUQOv01=6@V&;~LGdF&MI0~48 z*zLf<`zV8;!!@{BW|!M#Jr|Ps@B{^R5kp^l;9-sIY$STv(BYPU-;+$kGK8s3j^G$c z2BB|n0%QxuAp`61B91}J3 zcov0=dcvE(qKPeYn^;Fsj%D!b#GNu_SVvRsF>}rF{hdjq@R{@;zga%Sn^<`Lc+P{B zMnHZNMr3JndZAg)H99DBhxLB|=4H@|fTp==*Pp(lP-$u-bHp~tDdc<=TC81E_(kI| zG;>4L%@oG8-4k3Pjy>sMnhqX86eAHcF!a@r2IQOwM6+*Oj`uYYN#0YNANg=R)=O(9( zk|7=0(aUM zw@ob`MZ__=$8jsEW4DLfi1WX8G+R$$c@gfgH9c&B=6n^qVD6+*H4Q&TB8e9+@)$99 zsQCTe(lyH`&-0XP`89jdf>G{M7xl2pZ#oiA1^#q$0MobXXKQL7lVX|%Pcmi$gqM)( zgqF`ZOnaaBbkK*V5z{G7pv<%URlBxbzO*IIK}+T%E0*cwhp$DUdo|!oK0g440tZxo zLv==XS=`Ec`U7Fh+tzwG`rj#`ff@U!>;M@{fNSA3OG0mD9C#r*LVotG^_sb*#wyo z6e6p3Kmc16A=F{#b)^%v@{<>kHkFLuOJrX)xD)C{#|fEYQ?9~us2hli>2dY`I~GJ{?dkmzSCAbYa@*L$S1E4( zUZQhG{Pd@0TIA^HW|qTI;U}HOl`=z>eWKV#d@A9lCja%ebKyAYOFO8h#?~}YA4R{k zrG)kjEU^mq(?4OfgzAipIJWD+%*kDbzA2p;015>nDy}U+H)&?dm|8ozwdK{XtEo9|PhszPtLdVMWNNM#i z6ugS*L`ya!tgkKc$ht(1v0%fV`_S=*`Th0pAs zJSjq`3dM(c+opzVq^(-yQ3`c(6sToqh^om!8jcJOQ!&={ZyiQ7b%v5ifFJgh-9%5p zAS~b`nvXz#ioha*xXUI(i(UrE)tS$^r^dGzyfE#Rxi6(p_eem=VEauv$#$EdWNF zPA&%vF*l|Atm?OF$(jEnhn;anD06uqawg@UWyJK!mS;lEOWD0 z<_+@@--^n`$9ZD$XHi*>> zS65)DlaS3RC%*90oY+8emuB`7rQw13WXh8SX5Gc&m{~zoN4+4PnnkbyvK%~sr8Imb z$4y;dfJz#MGo((x&(|_flySM-$w>7E(m;R`tP~Mw{7xU+lwXMDhp^^!GRaW758&C% zAn6{pe@4Zt$7nkk+@!5Z>KVMx82GwCA>raz4}fGVHxaB-i(Kxyh&eHXrtWqnst^}L zXze;1B*6Nt1cdMji0*6-_00NDED?62CQX-;ecl$bycKx<)srDp!I%jjlci@_D7mfG z$7um9XCak_2sp>Lx(odEX3tn?h!qf}(oU*j3=4YS2Khm*GQqAP+YT-L*A{9wN$4Hi z%6IM-(h5iMyFv8R6#QcLc(lL;rCr!+e#U4Uke@LI&x(lr(c+0P(SXwmgls7)xQy7M>Dv+mv&vP5?EE& z%!`oe9gF?0a?!^awvkv#~z3STw%w2y*}?c<5b5eI3ohteQ<&YKBP z^4dGW=vy$uSooo_nQIqTb;({qo+91{5H3P`ewLMjvi_e=xsnRYaq?@Ku+qYShY;h; zo`?k#sNu}->~vH9OAVEB#_b^Hr734enU=eZKLu`_^hc>>;i!fLQs0(+g{X-yw3S%K zPrtr4-E_cM_MS2c1`I|g!pOM&e(Ku^aCZ9G4E4%*_TycX){`zeu2W9GHb4TfD01!x zz?_N(4KtmLNP3F<@mwfP>W;kWH)WPI*1+s@^iIp5x~CotA4{LBy~QLd-uPD>kF%AKQNkcqaq z%#dP4fX`DzafAEkWe3Cgy~=4{p~B|geP+Lv-K5j1C9Vtx;6t3*#{IcW2NaPo6F`#6 zHg#T0Mc(zIL%2IOZ$QAM(Hnm~NV@3CsZv7x_jcOt69x1cRPSasst#=S`nC6f&?;Vt zp+&YqtmzaB)s5^)`fKUm`8)vhzV7b$B__c}=G_N>kMHei-M&uxX#6{ED+HrbYnu-p zN2?mI(&`h#+Wx4(2)bDX-H1wEh6?v0Y~W9$m_w^t-_#bwz`CELdm{A#UGXW5V9O~r z+4$n+ZLuhdVcn}eh=x(ty)c|o*zV8BcrCd?Hc2|&vQQ*BFHGbI?~4h^&1`&l^zP_A zes@D|BKCH_X2w=Ju6HgPoi7k#UH`7j!upe;xk`zT1n@5uHzhzW*#`MvNQp4sN1zLa z)~^6{BDX;QAp8*TltW##m~i!Joy)`K_lmDLT74MD34u%G^6{%6{@@ZAXFv_F`UqGI zpUyjxfc?{TiAQ(lhu%&ovIfa=NLKM{OI2zs)Fg&ih^q=#(}BvGxQf>EW#0`v-o<}7 zZJ(XS&R?2rMY|SDy^i9kze^z7y>6+P;A=Udb;yH=_bk$UcW&3CLZApf4MP918MYLW^R2T_MX-j2( zZzV|gpJSj!=`clO(wsjnO`rYpd#Q=MS_q6VTmrhqYWg@nk9i=7b0bv(zC8-_gEJtZ6{o{Q`P;CHmHi(-A{qwVzbe$S9(pN zd{i96zkmP5+tHy=O1ON*lh9;~go@*DKJ#aoYNV3;V>%k9=h@o`z_rhqeX7nTFQ7MA z)Fn4Eq?PKFR*@NL3Kz{OL(KMtU_$1Ek|JyIPAf7Tsa-`^ClUgMb* zrmckioB0yB_Swb3R+`9)@u6(Nq}3E_tp2hIs#_>fO?oArWb2Qf3n5qDf6#O*A+m9D zHP1HZM%aeKV<|Uj_#;3Yaa=H!he+7MzFPWd2{#Lp#ymkmSMfTQODtL?-sqs?UfX)X z#Z?wTal7`Q4zOy5!kcqKn`0gSdbSJ8w3&%Y(7RN?Y5pjgt2Ek7 zI(rhK6}{R%Jxd7;U}eZ{CqT2*bkhH~_cz5muQ*%HZVQ4X{^X}F^0A+iwC&J>+oA8u zZDmqH++5ES1a9HnxEzH@af&doG{t$1D7% zp~ldOqLm2|9|A}$z?iRY(+oN0I6pwlj?K%GGbTIEPY)t#0T?JGQZXabRReAyIb1@= z*0~lAJL{+)tikYn6N>Do%$(8-p_Fu#2*#|7X<{b-DXiTm69^>I`3Zo4B9S1;HK@#Rp=D+pjM+D?WF1i z8JV|OpbL#7pJ!cJHeBzXU#<>{X@#^NuL9DD{J+T`K6#~-&U08&qe^{HryF^F1Fr$= z-gHf=+ooY{yr(q0%`zVJfj`nfDmEtvts&w_yK2_@$OBM^?V>C-l7}0VDmp5!`Ag3y3*mOf3(ujxBlj-J(aJYDiG_-;tt_+J_i%nB^ z-DpB1GzWqej1%{Ql-Ej&d1V$y3MQkb&vy?xd_?R{ic7i|akt@+tZMqO`fDBsGg}~1 zxyAGwv3Ablem#`(7W=@6an@!+)Q<~=y4Rz7IqE_09zqVpq-`h2^aj5cEKYH{Qoh7+ z%$xT7*tdNu6v*1V>*k1->9RTD$Q&(CQTOBJNd;S<)1Ei?_+JGm=vWY5=S=j46IpvW z6b|<+Jf{_cdum8>Xt+*d>(#C+{`y41F=&Tf$ET6821UuC6fE_s7|=1`q9R4iyO{OP zkFj#dz+<6Z<*G=r)Cqt6kdkV?Ig1^MDxQcxoqvHOgWSLVoI7aiL0T6US}lxf-ize| z&A`dKL+z3?fn6oSe9LluW(St23K3r}t#QI1dU9HfqkRZl^-=UQ%JFBmv>MgCyfTcN z^}mOdQ`Ya>;8Dz~EQq{)T)(RpTjlNan~?yP&2pQ@yI&;9LCHaK(b^rM@K1Vl%bebl zjoBFmdM3NN0Q;BVj;9}9V#8T_k8z?LlLHPLxko=oQg^|UIl*du00-~cijV&H$&?tz zSN(f(V@*5vHD7@2BX@O4-Uw;0O+HBwYaDfpVF?-x*-S0wq41Pc??egPPNgR2!s|VZ z;OFUVGUW2$pm6`UrcgiJ4>k@qaE)!nJqoM7C>2?%m8{o3&?yzso_+hp=T6b1vjYYv zdFubN<@~l;lR_PF+|CJn3H<5JUb0J-C^V129LTFl7;ML5BOPxjt&6Da3>Owe8L`=c zE#U#uUlV`|o$+Ew{-dE`(W~}e3l2nMRn&rAb+j&)d%^a{xB9<&ICz zmvHY6K49FE*1{<-e(+>s#$=kyHcC#PN0)8dcg?1`fSs3BR>iyCbrZVHOjDcDM=aOP z(OlaNTnt0RTaztbo|5}o%GIB=E!172ZiawRa!)00g8|TtY!+dQr$Tn&J5$7^cmSxs z@`z6}hj}OT^{SfhuP3FKro(RF?1J!KVouLy5{ncA#Wg~&BzgW=0kldu72+%7(;c4m zd(Z#|2f-(c%bNYQoY-Cy4?La@q|J`oI_6zE1oG|NGUWIPfbC!4#0}IX9ieDw=pi3q z2Lb^N6Ew3L00G~u;yn0kV1NJ^ctq(K^70^>z_EZJ_f(`F$#^`(qco3E; z7Zna;HLa?y5hG*!n4C$SmhnRr9s~%RL}QNMKzp;t4JFm(eRNB$uy$x_q@b1P8A6D0a<#!@50s&4bHP|daZS6w9m|6kpj%pi9hjO*ndKtJ;l$A*JxfpJQfT6L!zM@i zzyceZim#BtcTCFAn^2sRFMZ1SNw=WDeWLI=RTaVqJ&BFqP=!`Eifd+Xw04*1)}A;Cr20W*#S#zR1aJt#|Kf^AG<(?*5i_5Ky%JX9>R#)v5rTG)in)*Y-Bg8u@hfZO>0@XXdm%r1NY1+lvMTP- zB?@KO#LgP$7DKUVFy+@K!|G?wPCGR-bxM1A?}WZ#kTD$Tqlf0|=|!6^dU`m0M)Bv> zADIxED{)xv&K5@VY`Ga~rb|IH z+lGS`4_wCqs3155S5SF`Vooh4y9b;Ph(fJal{P*y#Tc!Scv4kDlCAQNOevE_kC;WS zZ$^EsEN8hRm8%Jw^^=AkI$j5A(akg9$ zJM2*tVYk4!YpZ|Si`)LYg=dbscbt`rn8 z^xR(G3JSAwaPs*S2s|8RtsdHY7(mBfon~n_kA%{_jI-b6M|uh`7OBPVQ>BK8KG8JQ zK!QPqu#zlszLZ^FI*&oju-PGJS>);K?kMtV^cT$ME3Z#mAIiS{|1cJWpVq&4mPlc|GIsKJS1@C+lxugkG z>8tKq*-N9@KFbjAB+xVlF1evoFC3AZ7{i|kFy_v8^zFjL7h5(0r}k4SyV&iQF5n0) z(?qqWXq3P0?I2HS`pbf*k;i1Nf{j&B{}uJvzs#!~mYRj$^9&(a-LwsLYAM`l1y_W> zXH3`8DKtNSAkgRQ+5ZN1yN zuo{q$l;lg5-WVEqCOPqp@vlweU7k_j_ZsZW%l%p}&&yF1BgEIL4Y&S!_@KDzS3&H95>9)5{g@ z>`AIaRV}-Bfp=@Aad}!7s2#_3oJ-BEH<3uAL7+gl&~MwsSEMrJHrd06vg}qkulGXA(K90r znsp>0U^0IPM`*(Z^qXxZE8^qnQdRK^1^Y&`{zer02fA%Jx++I5jJ{=OwI@a&O>eUh zcsHliAkY}>Rl1M9T7CH#)z127n0fW87no38)pFv=(%=lH9*U-$uU9I$+9sa=Yo#eC z!Z>nD{Z?FL<4ritP2NhEC=oYds1)K2WsDgt7d#SLADb|yqmtbb(XN?iJAm5(oEv?| zL{g88GLfRD5$ix@#7c;H*EAJGljX^2awpi`8?@%d=0&KIMySW7UfPnv;J>wQT*bh< zSudfX|1f&O9wOAJz`Eg#x`Wz|fC_%Xb$+5A{0)Yn5?=LQRgZ7;BWOcuYaS%H9y?g# z#xTA}u~*dQbav@V;;a&nEJYf5(yfxWMBcW2P995iUc7d-@oVu8{l}mDZQc@j$6HhvCwbd3rH5xj<;*!If*^Vt+f_g{&xY_n_C!9eYLM0wHE;#Wj;#jWH$OK_IlP&yxkvRm> z0j4pCKlqhGf}BIrOqf5v@ z07+|_Tkq-8A1&_xGHDH4brrmyCT;uOo4cKe-@#^Y2KkHh4U-qnR9p6)@MivmCDVo% zFh(Sdo%fo3dFp?)hc?KOoC%Q#r;UijTSnh>p$;Iy0>tfrg?SPGMelDR%;ZRIgX_e$ z>x^=?36lnXSi_;NS&QHg21e+1!!@EL9;=9PXpe$T-(T!1Ik32o?buZQP#8LW*0@SN z!FaMfP~*UJh!!(r*AalK1VcwV)$@bV)4L73OiR~2OaICLqvz%G>ILLnejh%=?4wXe z)2rdkatc-q5}n?r1c^8b$%v>p!c_Vpq5>!mqi%}@W76U8qCB2h_M6PN-($5s04tRp zt8s>0q##7dGCP zpKy^Kz~(b_jOmPy85fmsmKLFqDz{`!66edMtz#~hq^K^!fbZ6}_tc9dinS|1vl+Y2|;Q+JmT=UBbE99L#`h zq4kG8>Pw$6YkoEQASLsV;11Ku9NceU)2@1rtCuPXjSz7OTke$l^81ww$L^Nh}Yk&DIDF@ zW8Z6#`R-rIdcd?Qw}Tia8bv>o^vi#t<1lo|S^M`pYRe&oB^l_MPcuhEoEd1;wXzF5iVa4HXj6I3iNMeua8M!F&$gef6i}N=c z>j3t3z!XHKmBG=o*{gC(1FSus@7Sh!u0w64Vvg^Mr-$c603E#!B+te}sP8vdr&dYQ zM$G`-2C>PUM@Kp&Pipsk`b~uL6~bN(d&)|y%AayJRdOFyYU%UhirUW#uYt_grg+;s zpH7Z{oZh-pJ$^HZbtflV5F2KEZqnz6C&#%(2pwI8+Op)lQ}!(M<JB?+Ufb$23Bc^1W#pt1Nj>MWtNPpF6kLCc`@u1HY>L8%=w5xf3bh9`mp^9*U;ZfoP}i`0Jll2a=AcXEQVu97p$J< zm!Z~K%ntp3W`5GorZI%7>y0(EAmCqT1AEYe0m?2=35$~+ujYPi$v zaIBazR^LAXA=g8qLIP4qy_SO)9~LRS(MpPwW(wMsLU^ zWQV|(`$!~$+ZyFFR}DA>8vhPOC2aCl$`Sx@ZG3jkkV}1XGNmE1)HHh3=e;K`DBmuW zIM=JB@(teqbY)4NxyEb#9^WZs{Fg{X7{=oRr#s#}Fs(4&kzK#?Ko5eA=cgM7ctkV& zyaB>BrP_3@YG(=Z2Nh&nno?7oXJBb z>v7kKv3Bg>nsnNtB*vy4e1*^ptgwIEigJ0w`hq;LE!>uRQpA_UX}-?T(w9nExCJ_r zW&q~dSsP!0{Y$K%fIF2^1UOn4kA0P+&B~YI?n~~rGQ}ns#Bip+;KbN@h(ub#ea#z# z45t(tah&wb{vN=v0rhb>SX?>iDS2h+Ndb=~+oDEc!*A--+%3VKCG9Jca!2>z6PrqS zM1MTKsj*!{Tz zdthbk#=?cCU~p_dvd~-noUNx3Wu^U_^g6dcal+{sjB9lwfJpbRb+kT{Pqr-Ea@Bw0 z0XQSa+?$4_Qg+Bk^5g`jI`>0l z(hmna+gsa+Gc9}7OO!Kz!GHPLneVWFBN{~)w=c_3+>_GIV$)>-p(E3CsII#eHu`q# zx8tXN|NUivd^+?`xG-MI=SW#zZwioryzFA5palTOKVC*L z0QqSr&H|T3ojdYqfX*aO?K%J}`?H#=UXfksAm|Dh??Bs(E&iYH@_WFN&mp!n10&c^ zEaVo9Pbx!(jcjuaW}F#Rd}g~1t9OV%h@c@!Un~vMgICjOiYkrkP+gj4-r_4}{&!f% z!yB*5vs2g&DR7m6TW_04{7f%UGt}?N$s- zsNv~`?SOAnFx{FExCc@Yu!xGE)C!8d=c4ndPhm;2eWxLZ!p}Yi(NJzWV=<)>_P@xn z(3cafD{r&xzQqE*+mLq-dB{fsDj8&K$(VlA>dYI#I0>7{8;sVb@+PYl7hF%gf^tR_ zl{TaiOsWN^WoU+rN?sG*W%7BDOP2QXMY6a<)1KWHLd+U;PBCk>F4(QuspIStl{3&) zIY|Ioc=?r3@D;U!i?qyu)fY;s!)|F$SjW_=Lx_GpJ-Sj=Pp_M-UM5}el%L;W(>*c0 z@6^g*bV8dHF(w}LTcXgmzlG!*y2tR;K!Eh`T_woXti2Q#zn1X@FdfpAH>c(3TFTs! zN>3V${jILwAjR+;=YNvJYQico#eItqaO`c?1J z>hRxvNhwf8n;pGSP$orW6_HV);El6uCu^x1nR zrNB7g!nZoE-=Ajun?~k^E#w`Srl{c|{Mj!F+ZLMB7e{SiXaF_Y$n5Q-+JPRf}(G5Tau0hmdjR@^?1+-sEn3J;zNKE~FQ$7X-A&VU- za)G3s>Z)(}`M;y{PJ}l7av~(t4H16W8FhF8;Z(Uq3VrVIPiV6GdP0S}85%e~G?u~$ zK+1jR!|c%h88kJ}^@Jk*b!>xE!|5fgx`$7NhS0I!dnO&YVc@w^nf5#X$@o9&L@*O{ z86+kmm30~r3t(;xCq!dGW0@z_8qE}hD$($cxR?vsf0CAk`!dS69Plg~bNV3GPh;9k!NLJSKt66Ffvip zfE|4X2lG~^qWe^cx&oi9cf1N|ffuKzP;y;lWmIo`S>biaEj2}Rg<=L9MD^8o-TAR( z`D{;Mca3JPiy9b&m@Sxc&byHjZtB@TE0zM>HsTW+V8-TL}Kk)55N?Yqjpq}n$$a9D^O`A^#j{JWf z=Ble-S+T92XovN}P17ABKo&1lV_&;x^8*<=@@0_zE^qyqW||uC{ak#iWuP4qdSlf1 zpmZV$k#qaXNpI^yY6Rx(kghNee{J-|U+$1{0e(7)Z|`9)%zitA=7FQ(OI85>wM#Do zk4?O|SJw)jEp!XMC`f?25_|^!y#$|PbmmI%;vSopFteG?(8RyGk%7I|ykShha-&cb zqra`FQ&Qfgg4Vtd?=9){0?*@pu=HW4mkgza3ng<~O0r_Rm%5EH_%%}k0WK!^&$0|U z?9Ka?+qIgwV=OxxRovBA4nNOg?+89{?ayMu6{1P`;+YtufUYWSQe>TNduQs(*DwT7 z+ZR)#7*_B`M2sue;G+~(L2vBfYS&mPikY!bK2%{9%ff7H2NFfiyuR4G0=#PZh-4Sp~CTT>z1OkYND<+5NaoqrEaYkok4JKZrNWq3;Uuh8v*54{uns z+J(tY$5of%>ru2ZDuL`Y)IX#{_v-$O_mFqy9tWRQtB)S`~=Hzmw^{>O}V?cGkZT5@*8 za9T7w1$BXJK||G}@fp~JjkYH3#goBxaq(Ec_lp=i%*VB~6Yp)}0|Y?QREL`@Y@>b@ zE0RgfQXlkf%!7qK=P$1yt9Es9y3-7)nZuqqSBqwHbe@y|{1oDtosW;W|Duy*M}gN; zw#qZ=*+>?j6^z-%y$~40d+@mBfaBL1(oh;j+F6)UJSh9Y*@3`F)t8Y6rX_(6eV;8|Q z_nv~Io`n%A(Hzn#STxmC^4w12)Jg`0^AzCNL5p?SLRKvna5lk2HzjOI?u8sU@{ryr z0O>%rY0g}184kX_X33EWd1{d+JRu$|qpAh9#^Hs`iFgf~q}kx}WM5tYXIz*qZ~xaXlNDbOMfP?KlEj?cAA+0<%A^;}?+^{~6(*~? zJ2bRd`Y0x1ov^D%xwq2EZE;-f2-_Gx95f|U)6zW~ zCA(9m!9k2l*9^62m6`yEZy`Oa21Wv9{@!U*eL|er`qJOdC+Ojyapken9M#O&i#y=c z8M(W!_8DN^X@QhQ&z4@9keo3ea z4YWY>b#LEspiXdJ#}}6BZNv001RYl(`}LygpI%gBRm--i6BZ&zz3;oopm@!G)c+h2 zuts=>6a=Je9zg7@zjSBN9sUi=u@j|d2c}xc(r&9g`7qYHsfz{RyU+Krc zz*a+wx{w>PYrZmx>Y*E>nQu|YFj30r%V)}k{W}U&nMVAm4L~-6YAbCB(%0eRlW%*L zTNevvKhxr;St<=*+W?O-3-1ZAx2$~(H)&#dANlRKP$l0@s5eCXlXV#KZL+f{G<$Fe z)acmtk&G2ih>bp!=~rnmR8C7S^&L1KMPg`lY6G-xzY#RYvR5$vDi+C5HCx6ln%wAy z!=s#=bsF!(yA;*B$);d=xboEpXlzIkc6sayFiw4%a}ZIQQqz$QCZx-v`{>0yDHA5% zEiqcmCDn|nO|cumPiH!cI%}AZeN9ZDpkb+R_p2=~w^%x{I&$He`9TYjRQ3j3`b(yP z-73iB3*{I71ui#(_FQtf%@!6sV9`UjPS$~2A$20d=tkQMA;22dONnOOG{3k6 zxU4rGS9`fL6g}wE<;e~gklUDTfUxdEaXF`;S5Gs^m8tUm2_i9aoE zn#EPEtpjD zuRR{MR5A)~79*2XqrKhkWM%{-&FAo98grJ{UX>b93Oyy0SR^XMCG9j=Q1rF>99O?; zvlJZzhGf>wsKyOe5A`JWL`Kae-lXQ{OS;$gW0@|SutG4J?cAB0mwv204k)^+xh=pV z;LhgsA)TT1M5IwI%hP$EO>4G>gPg52>UvI{JFTjgJ%unyu|JJrJMN_y)Bl&W5pkqv zxgJ-_7UTTq2ddO~>{HK?KTG_?s|#e5V(=wu3g0==T4+t!Zh;qv)2YhG z|4w@w8b#&Y))jx7okyOJ#wrO|HD3D%BD9cGoI|o(z3oHx1uQ$Jng#HuT&tZ1`2b*h zv2lNSIbThu+Wqjq#Hh8=k+ErP!%NDdlX12faJbA{Jy@*4trjW>}R%n8A#*+>cVZeI5eVVVe#;BJL&yW6* zU#>0-G$`GRn+%3dTaXt>29@{pXGg1Mm?#>bA_9=FdaZU*V|T+kX)#;}sDqlzs#Of$ zk)n2U_^t_6ZC1I7HA&oHQ0TbB+O$zs6LS-Nz||j>OCU@p-%}%a%o*;B&*V(0bFKAK zmIQtFvNREuSMZZ_E{ruLnDFae8(7f}&dbg@8OMk-af1z5TG_C{7){?Dw7(T>37gqo z>6Ohu0pi;}goId&Dz`7No)_>yvW`G80YeGu=!+c%LpZ=Gz^(od#)qni8#A|sAoZ${ zR+3fE+<;px+j6y9gef=bX4K3-^4&c&wXs~C1wW~KXc9i*QYZXdX4sq%ut6zOFnKIY zok2cVlyWxI*ofX>S9YX6Xx5j0jeYYz(DZ2eTs?6htETkHMs$8Iz3!1JUPbg-*YxI?7q% z4~0XX=O2Ioj~@pZv;|F8s&xE zq!rqGc1jiw6z{SK6_$_9g{%&?Vg5A2e6P`IwjSF{jdC4vg$?|-k@D)}%pjaLfPFTq z^uoOS5jJ=G%`u!C$IBS>z|90(3)RO!;M|n|>XG0mOJ@ht@*Bgm zY&3I5_-u^dWOhuM3jH*5W3qjDnJn41u)V}rMGhL{#|#IY;+1DtNe@p;DS`4Rgb$U~ zpGwX~`|1HyJ)AT;9md~Q<_dlQ_Ed_iJo6Wc`artNR`}#Va2yot5?mjk5h%_Y%wWSi z%KSiT{*C9FehkIxxy9;2_Ug0J;T>(UMsf8o%z6=4jZZIQnuP^#UGbnyCIO}+9$ZEe zHvr0zHDOD*8J|y5&NCh$0a+cl!^9*@pIn%WDM%G;S0}A0OmkZ*7>d?W0c(RA?6{>y z%zd8+nqY>_f`|fsn~#uO|5F^a!p@Wuq5W9AU(Kk6#11A5^4Z`bl$hV1xW=<WrN9Qh&oK{F=o2{~t3u~`?@r_e{B zIJse0!Rc^5L1=DSGw*t$fJLKjVqp3}?08P&{yYJ^|F@4FN-1I7puTr4i>g4Fsa>nY zznf@`=hS=Dhg=;KrN0?cxL6Y1MKMr1VF7i{Un@=M6$Rc=}~*KMv17@PotL>i?dnJKltywmg9^nmeV8G533FxkMC? zwM32;!~`C%MXwS@!xYvM%)s^Xbi}?jrP$lZqJIp*m=`NWpC=!!$L9M*qOjW7Ad-P3 z@DN1|q|@}4m@#TpR|PwHfq+wfb8TA%_rS(~9L#$88kNY0I0#bTr14BrE_UNzvE)3-{yaM+~YNjtVEvAZ3R$ zhy$dtScaLeNfQ0aU{%Al*Unv?FnXutF_jcLcH2lCEPk%h_jJhLHC!bwy2UsuK>W%x zoP)cRF|4vR=O+F$;MJdA1|ub?}EG zARzmdp+<52quP~Dc5KHo9=yuL62&0d4AF#U`dnTMw%aXJ@=8%-xR~N9AWefqQ(?Do ze2V>8rtMQFb$S1KgMzH^@J^|CxaUw!E>=gcdvlRS>K%hBb);d^TkoA9)yZ+dQ40^> zV5;0Z(ibemtT5#uLaOoZ5<(cMAg{tDUr3B0_Y9t->ySYo~?r|ZxXqH1y@TdjJ3vb)0p;tJ; zbIk}m&J z1W^7)Qnk%}9_S&R^`_XjcJfKJ-b0fGqnetgK|#DfB%ytYiy716HNcd9-9$v2XX}El zHQjtJk_URLF3jb|MtmSk9_M4q8|VLlW`|;a|JWZ0ZgqGIZt8(8c;H5En8Vr1by0DX z6ony%HEM zt%7HD!vQnk9vW>c^mOu&;{1%Y$5lGft%h@?y)4e4*ABIB)p~`A_pFw$1`D0yp)o4Z z*4nqJU(RSE5xo1Y;bvXbY_$|ZV7W`?V{w|+Lht4p-J}p~Y2?8}#~!K2{ z>?&&-P9n=yQS>%;FqmS?A@$7|3FNc|g5ZwP*=Sr8FJ>gSN#)UWxmUf`Ys*JSEGkD2 zhR@@)mf%Gdr-#N}d1z+ZHjx?EX@rYqj0(g)A(|`AaW@@j2G3(>>>ZI@aZ{&TcMR+2 z$Z}^b&`VP02>iEz#a`H`+}H)akLDy}{QfH7RW zB%c){E_?KD(Ks&)XQE93cZ}gp5v;B)L+@1$Qk` zf>!da$()ccOUtWE57jv1SEI#OLF*@?TWnLbuZ@k^QVy+Yipd^Tp09dss;^{5>F%4} z1$Zw+Roy0bGUWXo1^cG|9*~LAsRU<9o-AN=^aCTqewQ8VGW4MjhBm7fijTS2Kv=Y| zn7NSr?WnlH3}z`8lhG9-@rl&0cR4l6WM+pGy?m0X$Kj==iniKx{v_ez`$6KsCs+P= z_@8GfqjrWCBd}g)bR-_2U>?8d?!fIZbTERn+`di*g5e`e0b%HvI89Ks!`+uLdc$o3 zc3O?yC)9}qv7V#;N6+)OB$@xe-!@H4N&Q*#1nO6~{a+B8V`@4=oW+;w^2Y_`qj1j? z%#K!7I7}8}^wpq_wj$i{PVmgAO!0u+D3t%IlicnAJQY`pLO5$7__DNOTy+FuPGUk5 z%7)l;P=_A^8l>Q&Vw*^b#xD-j86bO8fn;UbY8GGl)=W}u-B0;ix zn!&hcvy~)0wT#dj7J6PI(qSc;sXuCCbA>%wtyZ)?_29h zdj7&i;Z9wUg?pKbhL%uSQe2A0=*AmWQAR#st=@(?GN@%=MH!SIoIet3Yhnn7DH-ls z3ixQD)A8roMks|jhOFh7b+mTgvBmX1xapL9Z50PAe0_E_@i79?jJogHT3_*}W|yc_Ci2NLBxl5dIk_dh}Cs9-yeaCAt+cdWne8T4c*x;n?n4ptuXY{A4~1g-42EbSheu`T*RsySgWSw&|61>Hwq+UzILVG^u#5 z-c=Gz8Q*333MZ)}dNb@k!=jVa(hUb4HL7_nDSpv7F@`~?8iV%Yb4p(K!JP@5Zhbtt zWL*R)GC{zmLI~WtY3(_U1?Zdh>WsIU32l`kPH-tY7JT5fvTt}EB>&p}-?!Fg@p@zr zB_1Qw>ZV_Fb}+>}Zm}pl)bk%i)o12z5q=HW$fW zY8E0u`cb>(ZCK7MS*2o9dXWztT41MoPboE=qXwz`XBRAJ%GBo+XT8>!Lcl}eu2>c} zYO;X&)J>$fRhjO?hj#z)7YRE`i1Ts-vUP$xx1bF*e>HA~@!;3e-dl(p5b@bdcMZJ* z{5*Z(tCVFjjT5SMBw0R4ldQ4@z@SXZ-4 z0~;792a!Dsjp+Mmq6vUt5tODcu~2#}JY^7WzV)Y#cVBbEnByg*1hVa{3ZP)7gjAP& zOvC~uUM476fS`qPMmbhJQ6U*^4tjgrjxOd(_6r9u_GTZkLr{2J!J_UPH{Rxe?okI} z4>@uv(7L&yH6n_MMPK!A6aNUlrBBifj9A7N z!jlXzrk+gE!fygIixF?&gyKvkQx9DCT>v}xSu|3{>B@{|d=fgd-}xZF>1hO2?#GB|r<=ufxF!t0P3{rAF3bK}biARb*jA(W%t z@sOY`Dlz*jvYLDvQor>1&5;#FunL_6PTvh`xNC9ifZXJ0Xxgruw9ybT-B)<{8_iCK zY%$JX55B(y!UURQk@B54jP(RM|Fbm)ngI-v9&#X%~sV;C92Osx#X)7ihE}6eR1{ z`g8()O6`=hOHdFd(-bEw3ev+&12>qccnx*_Kg+CL&Hu}Baa81kY6~m?b1K;K3_4&2 zxduDAh}COfrw}dMeFBAihjhPBvAQ6YwJHUFDX(Z2=XX1iBLdXcB5eaedgOSRo zsGOJe%PVUnO#3c%MJAC;fb)i>#A@(-MvvW}cX#R!;*x;cW`*L88QE~pT|mtBP@&sU zaCILxPh)e;Wlsq!2|$0?F<_AnX`eKwo(v;k47+{)wrc>UnmIhB@D*=kG=Msb7F02> zv3ZUZ5Y2hlBu^1SHb2@}RX*?vXMDf*d)j354M02z~>&5C2Hel(flWmlPsD_hc-1YrrJ#YqIjhT{tsjSS%|q+&D*_mG3$4&-o8R0l0`qlo~I?)%hnj+(R z?Za%CP{*&?Om

KG97NPB2QDGS$fOB@`4q+@5%o^CiL@R7~~s|M5Hd3!F`>@w$VX z#6>yMQ25I@j=5^Cl+_JE+rFqw=TzTqIQHJ}U^}QA#h{(y8Blr-MC#NwZ+SJ=2=cWd z0SHq+4ZO#<5c>1B2Vo-XGa>I%F$HW7+|{4S&#unW&r&O+AOHeF!4BNCV1t>{wEfC% z^l}FgKw=R+HG|3=QgKDcYy&kl7DJBuPGwnjNX1U1$ywfwqMx1;@)=f6_>GowaVQ*q zs1yqt)~{SJ5hEIOIKY zR4k!nk8V&238OKOsU8!U+|`pED2ntBEyalQu&tH@DtRl9nBC3fr6bcY_YkROLYdQ^ zlUGHOXNnd?b)&%uAcd4nD@w36$Ic{Mn$>Ff&-;g)zIfGNN#ui|kalJ(Gn|17*1B52 cnA#T6m)dmE7_xu>0000000000000000L8&C4FCWD diff --git a/docs/proposals/proposal-trigger-and-deploy.md b/docs/proposals/proposal-001-trigger-and-deploy.md similarity index 63% rename from docs/proposals/proposal-trigger-and-deploy.md rename to docs/proposals/proposal-001-trigger-and-deploy.md index 33188e6..28475ea 100644 --- a/docs/proposals/proposal-trigger-and-deploy.md +++ b/docs/proposals/proposal-001-trigger-and-deploy.md @@ -1,6 +1,6 @@ # Proposal-001 - Trigger and Deploy GitHub Action workflow from an upstream CNCF project -To trigger our benchmarking task to run when a particular CNCF project gets certain kinds of event, such as a new `release`. +Trigger the Green Reviews pipeline to run when a particular CNCF project gets certain kinds of event, such as a new `release`. - Tracking issue: [#83](https://github.com/cncf-tags/green-reviews-tooling/issues/83) - Implementation issue: [#84](https://github.com/cncf-tags/green-reviews-tooling/issues/84) @@ -39,43 +39,31 @@ rejected, withdrawn, or replaced. ## Summary This proposal focuses on automating the Green Reviews pipeline for Falco by -defining a trigger mechanism, involving the Falco team in the implementation, -deploying Falco using Flux, and testing the deployment process. In future the -pipeline will support more CNCF projects as they are onboarded. +defining a trigger mechanism, deploying Falco using Flux, and deleting the +resources at the end of the pipeline run. The pipeline will support more CNCF +projects as they are onboarded. -The proposal also includes considerations for a phased implementation of the -automation, starting with manual triggering followed by automation via a webhook. - -The high level architecture is shown in this diagram. - -![wg green reviews workflow vision](./files/green-reviews-wg-workflow-vision.webp) +This proposal doesn't cover running benchmark tests or reporting metrics which +are described in separate proposals. ## Motivation -To automate the trigger of Falco deployment when upstream aka origin repo -creates a new release. We will then deploy the benchmarking workload for the -project, in this case Falco. +In the current implementation Falco is permanently deployed using Flux. With +the new deployment approach it is only deployed when there is a new version +to benchmark. + +This lets us use the cluster resources more efficiently and enables benchmarking +multiple configurations of Falco and more CNCF projects as they are onboarded. ### Goals -- For adding *new projects* in our SCI benchmarking pipeline - - **They** need to specify what their benchmarking pipeline looks like aka - script to be used. See proposal [#2](https://github.com/cncf-tags/green-reviews-tooling/issues/83) - - **They** need to define any specific requirement for the project during - the benchmark - - **They** need to help in setting up the configurations required to enable - benchmarking job manifests in **Our** repo - - **We** need to trigger the pipeline when a new release happens for their project - - **We** need to give permission to call out *green-reviews* GitHub action - - **We** need to document the solution including how to onboard new CNCF projects - - **Our** GitHub actions will look for manifests or other resources to - deploy the benchmarking job -- We need to make evaluation of SCI score **independent** irrespective of projects. See proposal [#3](https://github.com/cncf-tags/green-reviews-tooling/issues/83) -- Our Current Sub-Goals aka current plan to accomplish - - Trigger GitHub Action workflow in green-reviews-tooling repo when - a new release of Falco needs to be tested - - Deploy correct version of Falco in GitHub Action using Flux - - Test the deployment via the Falco trigger +- Trigger the pipeline when a new release of a project happens +- Allow additional runs of the pipeline by calling a GitHub webhook +- Deploy the new version of the project using flux +- Delete the resources at the end of the pipeline run +- Communicate changes to the deployment process needing to be made by the Falco +team +- Document the solution including how to onboard new projects ### Non-Goals @@ -84,27 +72,13 @@ project, in this case Falco. ### Linked Docs - **Slack Discussion Thread** [Link](https://cloud-native.slack.com/archives/C060EDHN431/p1712765271470189) -- **Triggering GitHub Action**: For triggering the workflow AIUI we could use a -webhook to trigger a workflow_dispatch event. [Workflow Dispatch](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#workflow_dispatch). -It allows providing custom inputs and as a minimum I think we need the name of the CNCF project and the version to be deployed. [Providing Inputs for event that trigger workflows](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#providing-inputs) ## Proposal We will watch for new releases of the project by subscribing to the Atom feed of releases that GitHub publish e.g. https://github.com/falcosecurity/falco/releases.atom -Our automation will call a GitHub webhook to trigger the green reviews pipeline -in our tooling repo. - -See this example curl command and related [workflow](./files/trigger-deploy.yml) - -```bash -curl -X POST \ - -H "Accept: application/vnd.github.v3+json" \ - -H "Authorization: token $GITHUB_PAT" \ - https://api.github.com/repos/cncf-tags/green-reviews-tooling/actions/workflows/pipeline.yaml/dispatches \ - -d '{"ref":"main", "inputs": {"cncf_project": "falco", "cncf_project_sub": "modern-ebpf","version":"0.37.0"}}' -``` +Our automation will call the GitHub REST API to trigger the pipeline. The maintainers of the CNCF projects will also be able to call this webhook using a fine grained access token we will provide. @@ -116,14 +90,12 @@ added to their CI/CD pipeline if additional trigger points are required. #### Project maintainer creates new release to be measured -Our automation detects a new release was published and triggers the green -reviews pipeline. The Report stage will provide the results to users of the -project. +Our automation detects a new release was published and triggers the pipeline. #### Project maintainer deploys their project so it can be measured Participating CNCF projects will deploy their project using a gitops approach -with flux. This is described in more detail in the design details section. +with flux. #### Project maintainer triggers pipeline to test a new benchmark @@ -132,11 +104,8 @@ Calling the webhook will trigger the pipeline allowing the changes to be tested. ### Risks and Mitigations Multiple deployments will produce inaccurate results as we can only accurately -measure a single project per node. We can set concurrency in the workflow to -ensure only a single instance runs at a time. - -Deployment may fail. What alerting do we need? Do we also need to notify the -project? +measure a single project per node. We can set [concurrency](https://docs.github.com/en/actions/using-jobs/using-concurrency) +in the workflow to ensure only a single instance runs at a time. Uninstall at end of pipeline fails. We can wait till all flux finalizers are removed. In future we could create nodes on demand and delete on completion. @@ -173,8 +142,10 @@ sub component. ### Trigger -The green reviews pipeline will be triggered by sending a [workflow_dispatch](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#workflow_dispatch) -event via its GitHub webhook. +The green reviews pipeline will be triggered by sending a [workflow_dispatch](https://docs.github.com/en/rest/actions/workflows?apiVersion=2022-11-28#create-a-workflow-dispatch-event) +event via the GitHub REST API. + +See example [workflow](./files/trigger-deploy.yml) Inputs are @@ -188,9 +159,12 @@ curl -X POST \ -H "Accept: application/vnd.github.v3+json" \ -H "Authorization: token $GITHUB_PAT" \ https://api.github.com/repos/cncf-tags/green-reviews-tooling/actions/workflows/pipeline.yaml/dispatches \ - -d '{"ref":"main", "inputs": {"cncf_project": "falco", "cncf_project_sub": "modern-ebpf","version":"0.37.0"}}' + -d '{"ref":"0.2.0", "inputs": {"cncf_project": "falco", "cncf_project_sub": "modern-ebpf","version":"0.37.0"}}' ``` +The pipeline is versioned by creating releases of the `green-reviews-tooling` +repo. The git tag to use is passed via the `ref` param. + The CNCF projects will be given a GitHub fine grained access token limited to the `green-reviews-tooling` repo. This token will have @@ -231,7 +205,7 @@ the energy measurements. ### Cleanup -On completion of the pipeline whether it was successful or failed the flux +On completion of the pipeline run whether it was successful or failed the flux resources will be deleted via kubectl. The pipeline will wait for the flux resources to be deleted before exiting. From ffb0454b55e33b61cabf14a0f4c0abcc905b3ddd Mon Sep 17 00:00:00 2001 From: Ross Fairbanks Date: Tue, 21 May 2024 15:11:01 +0200 Subject: [PATCH 15/20] Remove example workflow Signed-off-by: Ross Fairbanks --- docs/proposals/files/trigger-deploy.yml | 30 ------------------- .../proposal-001-trigger-and-deploy.md | 2 -- 2 files changed, 32 deletions(-) delete mode 100644 docs/proposals/files/trigger-deploy.yml diff --git a/docs/proposals/files/trigger-deploy.yml b/docs/proposals/files/trigger-deploy.yml deleted file mode 100644 index bc36601..0000000 --- a/docs/proposals/files/trigger-deploy.yml +++ /dev/null @@ -1,30 +0,0 @@ - -name: TriggerTest - -on: - workflow_dispatch: - inputs: - cncf_project: - description: 'CNCF Project Name' - required: true - default: 'falco' - cncf_project_sub: - description: 'CNCF Project Subcomponent' - required: false - default: 'modern-ebpf' - version: - description: 'Version' - required: true - default: '0.37.0' - -jobs: - echo-inputs: - runs-on: ubuntu-latest - steps: - - name: Checkout repository - uses: actions/checkout@v3 - - - name: Echo Inputs - run: | - echo "Add logic to deploy ${{ github.event.inputs.cncf_project }} ${{ github.event.inputs.cncf_project_sub }}" - echo "version ${{ github.event.inputs.version }}" diff --git a/docs/proposals/proposal-001-trigger-and-deploy.md b/docs/proposals/proposal-001-trigger-and-deploy.md index 28475ea..8f0b867 100644 --- a/docs/proposals/proposal-001-trigger-and-deploy.md +++ b/docs/proposals/proposal-001-trigger-and-deploy.md @@ -145,8 +145,6 @@ sub component. The green reviews pipeline will be triggered by sending a [workflow_dispatch](https://docs.github.com/en/rest/actions/workflows?apiVersion=2022-11-28#create-a-workflow-dispatch-event) event via the GitHub REST API. -See example [workflow](./files/trigger-deploy.yml) - Inputs are - `cncf_project`: **required** Project to be deployed e.g. `falco` From eee8dd5d6e714ad4d34cd555f75c700cec28eb46 Mon Sep 17 00:00:00 2001 From: Ross Fairbanks Date: Wed, 22 May 2024 18:24:03 +0200 Subject: [PATCH 16/20] Address review comments Signed-off-by: Ross Fairbanks --- .../proposal-001-trigger-and-deploy.md | 43 ++++++------------- 1 file changed, 14 insertions(+), 29 deletions(-) diff --git a/docs/proposals/proposal-001-trigger-and-deploy.md b/docs/proposals/proposal-001-trigger-and-deploy.md index 8f0b867..47e7bb1 100644 --- a/docs/proposals/proposal-001-trigger-and-deploy.md +++ b/docs/proposals/proposal-001-trigger-and-deploy.md @@ -149,7 +149,8 @@ Inputs are - `cncf_project`: **required** Project to be deployed e.g. `falco` - `cncf_project_sub`: **optional** Subcomponent if project has multiple variants -they wish to test e.g. `modern-ebpf` +they wish to test e.g. Falco wish to test 3 falco drivers `modern-ebpf`, `kmod` +and `ebpf` - `version`: **required** Version of project to be tested e.g. `0.37.0` ```sh @@ -210,39 +211,23 @@ resources to be deleted before exiting. This is to ensure that the cluster state is clean before the next execution of the pipeline. -### Graduation Criteria (Optional) +## Drawbacks - +The pull based approach means there can be up to a 30 minute delay before a new +release is measured. -## Drawbacks (Optional) - - +If this is too long the CNCF projects can trigger the pipeline using the GitHub +REST API with the access token we provide. ## Alternatives - +Initially a solely push based solution was proposed but there was concern this +would require CNCF projects to make changes to their pipelines. -## Infrastructure Needed (Optional) +The pull based solution of subscribing to project relases was added. The downside +to this is the delay in triggering the pipeline. - +## Infrastructure Needed -- GitHub access token for CNCF projects +A GitHub access token for CNCF projects to trigger a Green Review. Either for +testing changes or to add the trigger to their CI/CD pipeline. From 3ca6ed2c862b1a4fec96460d8e6e26881f4cd0ae Mon Sep 17 00:00:00 2001 From: Ross Fairbanks Date: Wed, 22 May 2024 18:42:54 +0200 Subject: [PATCH 17/20] fix: Typos Signed-off-by: Ross Fairbanks --- docs/proposals/proposal-001-trigger-and-deploy.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/proposals/proposal-001-trigger-and-deploy.md b/docs/proposals/proposal-001-trigger-and-deploy.md index 47e7bb1..285b995 100644 --- a/docs/proposals/proposal-001-trigger-and-deploy.md +++ b/docs/proposals/proposal-001-trigger-and-deploy.md @@ -222,9 +222,9 @@ REST API with the access token we provide. ## Alternatives Initially a solely push based solution was proposed but there was concern this -would require CNCF projects to make changes to their pipelines. +would require CNCF projects to make changes to their CI/CD pipelines. -The pull based solution of subscribing to project relases was added. The downside +The pull based solution of subscribing to project releases was added. The downside to this is the delay in triggering the pipeline. ## Infrastructure Needed From 7161cac4f1935702f528edb7ca7eaba0f5cb183d Mon Sep 17 00:00:00 2001 From: Ross Fairbanks Date: Thu, 23 May 2024 18:41:05 +0200 Subject: [PATCH 18/20] fix: Make check for releases hourly Signed-off-by: Ross Fairbanks --- docs/proposals/proposal-001-trigger-and-deploy.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/proposals/proposal-001-trigger-and-deploy.md b/docs/proposals/proposal-001-trigger-and-deploy.md index 285b995..27a32c3 100644 --- a/docs/proposals/proposal-001-trigger-and-deploy.md +++ b/docs/proposals/proposal-001-trigger-and-deploy.md @@ -129,7 +129,7 @@ projects: - kmod ``` -A scheduled GitHub Action will run every 30 minutes and check the Atom feed of +A scheduled GitHub Action will run every hour and check the Atom feed of each project for new releases. To manage the state a GitHub [repository variable](https://docs.github.com/en/actions/learn-github-actions/variables) per CNCF project is used to store the latest release version. @@ -213,7 +213,7 @@ the pipeline. ## Drawbacks -The pull based approach means there can be up to a 30 minute delay before a new +The pull based approach means there can be up to an hour delay before a new release is measured. If this is too long the CNCF projects can trigger the pipeline using the GitHub From c08f37228c03644658ebd41192b52d864eea3aee Mon Sep 17 00:00:00 2001 From: Ross Fairbanks Date: Wed, 29 May 2024 09:50:42 +0200 Subject: [PATCH 19/20] Address review comments Signed-off-by: Ross Fairbanks --- docs/proposals/proposal-001-trigger-and-deploy.md | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/docs/proposals/proposal-001-trigger-and-deploy.md b/docs/proposals/proposal-001-trigger-and-deploy.md index 27a32c3..8289a7a 100644 --- a/docs/proposals/proposal-001-trigger-and-deploy.md +++ b/docs/proposals/proposal-001-trigger-and-deploy.md @@ -195,18 +195,17 @@ The pipeline will use a GitHub secret that has a kubeconfig to access the green reviews cluster. The deploy step in the pipeline will wait for the newly created flux resources to be reconciled before proceeding to the run step. -We will have a node to deploy Falco and another to run the benchmarks -so we will use [concurrency](https://docs.github.com/en/actions/using-jobs/using-concurrency) +We will use [concurrency](https://docs.github.com/en/actions/using-jobs/using-concurrency) to only allow a single execution of the pipeline at any one time. -The separate nodes are a best practice to prevent other components affecting -the energy measurements. - ### Cleanup -On completion of the pipeline run whether it was successful or failed the flux -resources will be deleted via kubectl. The pipeline will wait for the flux -resources to be deleted before exiting. +On completion of the pipeline run, whether it was successful or failed, the CNCF +project resources will be deleted by deleting their flux resources. + +The same logic using the `cncf_project` and `cncf_project_sub` inputs will be +used to select which manifests should be deleted. The manifests will be deleted +using `kubectl delete -f --wait` so we wait for finalizers. This is to ensure that the cluster state is clean before the next execution of the pipeline. From 88c92280fd9e936bf86b90d01db05f7419365118 Mon Sep 17 00:00:00 2001 From: Ross Fairbanks Date: Wed, 29 May 2024 13:48:31 +0200 Subject: [PATCH 20/20] Address review comments Signed-off-by: Ross Fairbanks --- docs/proposals/proposal-001-trigger-and-deploy.md | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/docs/proposals/proposal-001-trigger-and-deploy.md b/docs/proposals/proposal-001-trigger-and-deploy.md index 8289a7a..4558b51 100644 --- a/docs/proposals/proposal-001-trigger-and-deploy.md +++ b/docs/proposals/proposal-001-trigger-and-deploy.md @@ -192,8 +192,11 @@ projects ``` The pipeline will use a GitHub secret that has a kubeconfig to access the -green reviews cluster. The deploy step in the pipeline will wait for the newly -created flux resources to be reconciled before proceeding to the run step. +green reviews cluster and the manifests will be applied using `kubectl apply -f`. + +We then need to wait for the flux resources to be reconciled. This is done +using `kubectl wait` and by waiting for all kustomization or helmrelease +resources in the target namespace e.g. `falco` to be ready. We will use [concurrency](https://docs.github.com/en/actions/using-jobs/using-concurrency) to only allow a single execution of the pipeline at any one time. @@ -203,6 +206,9 @@ to only allow a single execution of the pipeline at any one time. On completion of the pipeline run, whether it was successful or failed, the CNCF project resources will be deleted by deleting their flux resources. +A successful pipeline run is once the necessary metrics have been written to +long term storage. This will be covered by proposal 3 [Report](https://github.com/cncf-tags/green-reviews-tooling/issues/95). + The same logic using the `cncf_project` and `cncf_project_sub` inputs will be used to select which manifests should be deleted. The manifests will be deleted using `kubectl delete -f --wait` so we wait for finalizers.