From 09e9ad0f0ee1b5c5ecefc0f18895a5159ef9d75a Mon Sep 17 00:00:00 2001
From: Ludovico Magnocavallo <ludomagno@google.com>
Date: Fri, 21 Oct 2022 01:45:39 +0200
Subject: [PATCH 1/8] github extra stage

---
 fast/extras/00-cicd-github/cicd-versions.tf   |  11 ++
 fast/extras/00-cicd-github/main.tf            | 112 ++++++++++++++++++
 .../00-cicd-github/providers.tf}              |   3 +
 fast/extras/00-cicd-github/variables.tf       |  60 ++++++++++
 fast/stages/{00-cicd => 00-cicd_}/README.md   |   0
 fast/stages/00-cicd_/cicd-providers.tf        |  24 ++++
 fast/stages/{00-cicd => 00-cicd_}/github.tf   |  23 ++--
 fast/stages/{00-cicd => 00-cicd_}/gitlab.tf   |   4 -
 .../{00-cicd/cicd.tf => 00-cicd_/main.tf}     |  14 ++-
 .../{00-cicd => 00-cicd_}/outputs-files.tf    |   0
 .../{00-cicd => 00-cicd_}/outputs-gcs.tf      |   0
 fast/stages/{00-cicd => 00-cicd_}/outputs.tf  |   0
 .../stages/{00-cicd => 00-cicd_}/variables.tf |   0
 fast/stages/{00-cicd => 00-cicd_}/versions.tf |   0
 14 files changed, 230 insertions(+), 21 deletions(-)
 create mode 100644 fast/extras/00-cicd-github/cicd-versions.tf
 create mode 100644 fast/extras/00-cicd-github/main.tf
 rename fast/{stages/00-cicd/main.tf => extras/00-cicd-github/providers.tf} (92%)
 create mode 100644 fast/extras/00-cicd-github/variables.tf
 rename fast/stages/{00-cicd => 00-cicd_}/README.md (100%)
 create mode 100644 fast/stages/00-cicd_/cicd-providers.tf
 rename fast/stages/{00-cicd => 00-cicd_}/github.tf (74%)
 rename fast/stages/{00-cicd => 00-cicd_}/gitlab.tf (97%)
 rename fast/stages/{00-cicd/cicd.tf => 00-cicd_/main.tf} (70%)
 rename fast/stages/{00-cicd => 00-cicd_}/outputs-files.tf (100%)
 rename fast/stages/{00-cicd => 00-cicd_}/outputs-gcs.tf (100%)
 rename fast/stages/{00-cicd => 00-cicd_}/outputs.tf (100%)
 rename fast/stages/{00-cicd => 00-cicd_}/variables.tf (100%)
 rename fast/stages/{00-cicd => 00-cicd_}/versions.tf (100%)

diff --git a/fast/extras/00-cicd-github/cicd-versions.tf b/fast/extras/00-cicd-github/cicd-versions.tf
new file mode 100644
index 0000000000..23651dced6
--- /dev/null
+++ b/fast/extras/00-cicd-github/cicd-versions.tf
@@ -0,0 +1,11 @@
+terraform {
+  required_version = ">= 1.3.1"
+  required_providers {
+    github = {
+      source  = "integrations/github"
+      version = "~> 4.0"
+    }
+  }
+}
+
+
diff --git a/fast/extras/00-cicd-github/main.tf b/fast/extras/00-cicd-github/main.tf
new file mode 100644
index 0000000000..afa8d13e29
--- /dev/null
+++ b/fast/extras/00-cicd-github/main.tf
@@ -0,0 +1,112 @@
+/**
+ * Copyright 2022 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+locals {
+  _modules_repository = [
+    for k, v in var.repositories : k if v.modules_source
+  ]
+  _populate_md = flatten([
+    for k, v in var.repositories : [
+      for f in fileset(path.module, "${v.populate_with}/*.md") : {
+        repository = k
+        file       = f
+        name       = replace(f, "${v.populate_with}/", "")
+      }
+    ] if v.populate_with != null
+  ])
+  _populate_tf = flatten([
+    for k, v in var.repositories : [
+      for f in fileset(path.module, "${v.populate_with}/*.tf") : {
+        repository = k
+        file       = f
+        name       = replace(f, "${v.populate_with}/", "")
+      }
+    ] if v.populate_with != null
+  ])
+  modules_repository = (
+    length(local._modules_repository) > 0 ? local._modules_repository.0 : null
+  )
+  repository_files = {
+    for k in concat(
+      local._populate_md,
+      [
+        for f in local._populate_tf :
+        f if !startswith(f.name, "0") && f.name != "globals.tf"
+      ]
+    ) : "${k.repository}/${k.name}" => k
+  }
+}
+
+resource "github_repository" "default" {
+  for_each = var.repositories
+  name     = each.key
+  description = (
+    each.value.description != null
+    ? each.value.description
+    : "FAST stage ${each.key}."
+  )
+  visibility         = each.value.visibility
+  auto_init          = each.value.auto_init
+  allow_auto_merge   = try(each.value.allow.auto_merge, null)
+  allow_merge_commit = try(each.value.allow.merge_commit, null)
+  allow_rebase_merge = try(each.value.allow.rebase_merge, null)
+  allow_squash_merge = try(each.value.allow.squash_merge, null)
+  has_issues         = try(each.value.features.issues, null)
+  has_projects       = try(each.value.features.projects, null)
+  has_wiki           = try(each.value.features.wiki, null)
+  gitignore_template = try(each.value.templates.gitignore, null)
+  license_template   = try(each.value.templates.license, null)
+
+  dynamic "template" {
+    for_each = try(each.value.templates.repository, null) != null ? [""] : []
+    content {
+      owner      = each.value.templates.repository.owner
+      repository = each.value.templates.repository.name
+    }
+  }
+}
+
+resource "tls_private_key" "default" {
+  count     = local.modules_repository != null ? 1 : 0
+  algorithm = "ED25519"
+}
+
+resource "github_actions_secret" "default" {
+  count           = local.modules_repository != null ? 1 : 0
+  repository      = github_repository.default[local.modules_repository].name
+  secret_name     = "CICD_MODULES_KEY"
+  plaintext_value = tls_private_key.default.0.private_key_openssh
+}
+
+resource "github_repository_file" "default" {
+  for_each   = local.repository_files
+  repository = github_repository.default[each.value.repository].name
+  branch     = "main"
+  file       = each.value.name
+  content = (
+    endswith(each.value.name, ".tf") && local.modules_repository != null
+    ? replace(
+      file(each.value.file),
+      "/source\\s*=\\s*\"../../../",
+      "source = \"git@github.com:${var.organization}/${local.modules_repository}.git/"
+    )
+    : file(each.value.file)
+  )
+  commit_message      = "Managed by Terraform"
+  commit_author       = "Terraform User"
+  commit_email        = "terraform@example.com"
+  overwrite_on_create = true
+}
diff --git a/fast/stages/00-cicd/main.tf b/fast/extras/00-cicd-github/providers.tf
similarity index 92%
rename from fast/stages/00-cicd/main.tf
rename to fast/extras/00-cicd-github/providers.tf
index 3ea74b550c..63954de899 100644
--- a/fast/stages/00-cicd/main.tf
+++ b/fast/extras/00-cicd-github/providers.tf
@@ -14,3 +14,6 @@
  * limitations under the License.
  */
 
+provider "github" {
+  owner = var.organization
+}
diff --git a/fast/extras/00-cicd-github/variables.tf b/fast/extras/00-cicd-github/variables.tf
new file mode 100644
index 0000000000..85d8aa7394
--- /dev/null
+++ b/fast/extras/00-cicd-github/variables.tf
@@ -0,0 +1,60 @@
+/**
+ * Copyright 2022 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+
+variable "organization" {
+  description = "GitHub organization."
+  type        = string
+}
+
+variable "repositories" {
+  description = "Repositories to create."
+  type = map(object({
+    allow = optional(object({
+      auto_merge   = optional(bool)
+      merge_commit = optional(bool)
+      rebase_merge = optional(bool)
+      squash_merge = optional(bool)
+    }))
+    auto_init   = optional(bool)
+    description = optional(string)
+    features = optional(object({
+      issues   = optional(bool)
+      projects = optional(bool)
+      wiki     = optional(bool)
+    }))
+    modules_source = optional(bool, false)
+    templates = optional(object({
+      gitignore = optional(string, "Terraform")
+      license   = optional(string)
+      repository = optional(object({
+        name  = string
+        owner = string
+      }))
+    }), {})
+    populate_with = optional(string)
+    visibility    = optional(string, "private")
+  }))
+  default  = {}
+  nullable = true
+  validation {
+    condition = alltrue([
+      for k, v in var.repositories :
+      try(regex("^[a-zA-Z0-9_.]+$", k), null) != null
+    ])
+    error_message = "Repository names must match '^[a-zA-Z0-9_.]+$'."
+  }
+}
diff --git a/fast/stages/00-cicd/README.md b/fast/stages/00-cicd_/README.md
similarity index 100%
rename from fast/stages/00-cicd/README.md
rename to fast/stages/00-cicd_/README.md
diff --git a/fast/stages/00-cicd_/cicd-providers.tf b/fast/stages/00-cicd_/cicd-providers.tf
new file mode 100644
index 0000000000..5ea51121b1
--- /dev/null
+++ b/fast/stages/00-cicd_/cicd-providers.tf
@@ -0,0 +1,24 @@
+/**
+ * Copyright 2022 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+provider "github" {
+  base_url = var.github.url
+  owner    = local.github_groups[0]
+}
+
+provider "gitlab" {
+  base_url = var.gitlab.url
+}
diff --git a/fast/stages/00-cicd/github.tf b/fast/stages/00-cicd_/github.tf
similarity index 74%
rename from fast/stages/00-cicd/github.tf
rename to fast/stages/00-cicd_/github.tf
index 88e73618ef..b4c7a57095 100644
--- a/fast/stages/00-cicd/github.tf
+++ b/fast/stages/00-cicd_/github.tf
@@ -15,12 +15,9 @@
  */
 
 locals {
-  github_groups = distinct([for k, v in local.cicd_repositories_by_system["github"] : v.group])
-}
-
-provider "github" {
-  base_url = var.github.url
-  owner    = local.github_groups[0]
+  github_groups = distinct([
+    for k, v in local.cicd_repositories_by_system["github"] : v.group
+  ])
 }
 
 data "github_organization" "organization" {
@@ -29,17 +26,21 @@ data "github_organization" "organization" {
 }
 
 data "github_repository" "repositories" {
-  for_each  = { for name, repo in local.cicd_repositories_by_system["github"] : name => repo if !try(repo.create, true) }
+  for_each = {
+    for name, repo in local.cicd_repositories_by_system["github"] :
+    name => repo if !try(repo.create, true)
+  }
   full_name = format("%s/%s", each.value.group, each.value.name)
 }
 
 resource "github_repository" "repositories" {
-  for_each = { for name, repo in local.cicd_repositories_by_system["github"] : name => repo if try(repo.create, true) }
-
+  for_each = {
+    for name, repo in local.cicd_repositories_by_system["github"] :
+    name => repo if try(repo.create, true)
+  }
   name        = each.value.name
   description = each.value.description
-
-  visibility = var.github.visibility
+  visibility  = var.github.visibility
 }
 
 resource "github_actions_secret" "actions-modules-key" {
diff --git a/fast/stages/00-cicd/gitlab.tf b/fast/stages/00-cicd_/gitlab.tf
similarity index 97%
rename from fast/stages/00-cicd/gitlab.tf
rename to fast/stages/00-cicd_/gitlab.tf
index 47f1515e67..bb6e28b1a1 100644
--- a/fast/stages/00-cicd/gitlab.tf
+++ b/fast/stages/00-cicd_/gitlab.tf
@@ -19,10 +19,6 @@ locals {
   gitlab_existing_groups = distinct([for k, v in local.cicd_repositories_by_system["gitlab"] : v.group if !try(v.create_group, false)])
 }
 
-provider "gitlab" {
-  base_url = var.gitlab.url
-}
-
 data "gitlab_group" "group" {
   for_each  = toset(local.gitlab_existing_groups)
   full_path = each.value
diff --git a/fast/stages/00-cicd/cicd.tf b/fast/stages/00-cicd_/main.tf
similarity index 70%
rename from fast/stages/00-cicd/cicd.tf
rename to fast/stages/00-cicd_/main.tf
index 948ab60edc..a9627f0e53 100644
--- a/fast/stages/00-cicd/cicd.tf
+++ b/fast/stages/00-cicd_/main.tf
@@ -17,18 +17,20 @@
 locals {
   supported_cicd_systems = ["gitlab", "github", "sourcerepo"]
   cicd_repositories = {
-    for k, v in coalesce(var.cicd_repositories, {}) : k => merge(v,
-      { group = join("/", slice(split("/", v.name), 0, length(split("/", v.name)) - 1)) },
-      { name = element(split("/", v.name), length(split("/", v.name)) - 1) },
-    { create_group = try(v.create_group, true) })
+    for k, v in coalesce(var.cicd_repositories, {}) : k => merge(v, {
+      create_group = try(v.create_group, true)
+      group        = join("/", slice(split("/", v.name), 0, length(split("/", v.name)) - 1))
+      name         = element(split("/", v.name), length(split("/", v.name)) - 1)
+    })
     if(
       v != null
       &&
       contains(local.supported_cicd_systems, try(v.type, ""))
     )
   }
-  cicd_repositories_by_system = { for system in local.supported_cicd_systems : system => {
-    for k, v in local.cicd_repositories : k => v if v.type == system
+  cicd_repositories_by_system = {
+    for system in local.supported_cicd_systems : system => {
+      for k, v in local.cicd_repositories : k => v if v.type == system
     }
   }
 }
diff --git a/fast/stages/00-cicd/outputs-files.tf b/fast/stages/00-cicd_/outputs-files.tf
similarity index 100%
rename from fast/stages/00-cicd/outputs-files.tf
rename to fast/stages/00-cicd_/outputs-files.tf
diff --git a/fast/stages/00-cicd/outputs-gcs.tf b/fast/stages/00-cicd_/outputs-gcs.tf
similarity index 100%
rename from fast/stages/00-cicd/outputs-gcs.tf
rename to fast/stages/00-cicd_/outputs-gcs.tf
diff --git a/fast/stages/00-cicd/outputs.tf b/fast/stages/00-cicd_/outputs.tf
similarity index 100%
rename from fast/stages/00-cicd/outputs.tf
rename to fast/stages/00-cicd_/outputs.tf
diff --git a/fast/stages/00-cicd/variables.tf b/fast/stages/00-cicd_/variables.tf
similarity index 100%
rename from fast/stages/00-cicd/variables.tf
rename to fast/stages/00-cicd_/variables.tf
diff --git a/fast/stages/00-cicd/versions.tf b/fast/stages/00-cicd_/versions.tf
similarity index 100%
rename from fast/stages/00-cicd/versions.tf
rename to fast/stages/00-cicd_/versions.tf

From d2d15e7409b74b0b26d089e14f1e971dd6432c8f Mon Sep 17 00:00:00 2001
From: Ludovico Magnocavallo <ludomagno@google.com>
Date: Fri, 21 Oct 2022 01:46:31 +0200
Subject: [PATCH 2/8] remove original cicd stage

---
 fast/stages/00-cicd_/README.md         | 206 -------------------------
 fast/stages/00-cicd_/cicd-providers.tf |  24 ---
 fast/stages/00-cicd_/github.tf         |  52 -------
 fast/stages/00-cicd_/gitlab.tf         |  66 --------
 fast/stages/00-cicd_/main.tf           |  40 -----
 fast/stages/00-cicd_/outputs-files.tf  |  24 ---
 fast/stages/00-cicd_/outputs-gcs.tf    |  23 ---
 fast/stages/00-cicd_/outputs.tf        |  34 ----
 fast/stages/00-cicd_/variables.tf      | 145 -----------------
 fast/stages/00-cicd_/versions.tf       |  38 -----
 10 files changed, 652 deletions(-)
 delete mode 100644 fast/stages/00-cicd_/README.md
 delete mode 100644 fast/stages/00-cicd_/cicd-providers.tf
 delete mode 100644 fast/stages/00-cicd_/github.tf
 delete mode 100644 fast/stages/00-cicd_/gitlab.tf
 delete mode 100644 fast/stages/00-cicd_/main.tf
 delete mode 100644 fast/stages/00-cicd_/outputs-files.tf
 delete mode 100644 fast/stages/00-cicd_/outputs-gcs.tf
 delete mode 100644 fast/stages/00-cicd_/outputs.tf
 delete mode 100644 fast/stages/00-cicd_/variables.tf
 delete mode 100644 fast/stages/00-cicd_/versions.tf

diff --git a/fast/stages/00-cicd_/README.md b/fast/stages/00-cicd_/README.md
deleted file mode 100644
index a0b9273352..0000000000
--- a/fast/stages/00-cicd_/README.md
+++ /dev/null
@@ -1,206 +0,0 @@
-# CI/CD bootstrap
-
-The primary purpose of this stage is to set up your CI/CD project structure automatically, with most of the necessary configuration to run the pipelines out of the box.
-
-## How to run this stage
-
-This stage is meant to be executed after the [bootstrap](../00-bootstrap) stage has run, as it leverages the automation service account and bucket created there.
-The entire stage is optional, you may also choose to create your repositories manually.
-
-### Providers configuration
-
-The default way of making sure you have the right permissions, is to use the identity of the service account pre-created for this stage during bootstrap, and that you are a member of the group that can impersonate it via provider-level configuration (`gcp-devops` or `organization-admins`).
-
-To simplify setup, the previous stage pre-configures a valid providers file in its output, and optionally writes it to a local file if the `outputs_location` variable is set to a valid path.
-
-If you have set a valid value for `outputs_location` in the bootstrap stage (see the [bootstrap stage README](../00-bootstrap/#output-files-and-cross-stage-variables) for more details), simply link the relevant `providers.tf` file from this stage's folder in the path you specified:
-
-```bash
-# `outputs_location` is set to `~/fast-config`
-ln -s ~/fast-config/providers/00-cicd-providers.tf .
-```
-
-If you have not configured `outputs_location` in bootstrap, you can derive the providers file from that stage's outputs:
-
-```bash
-cd ../00-bootstrap
-terraform output -json providers | jq -r '.["00-cicd"]' \
-  > ../00-cicd/providers.tf
-```
-
-If you want to continue to rely on `outputs_location` logic, create a `terraform.tfvars` file and configure it as described [here](../00-bootstrap/#output-files-and-cross-stage-variables).
-
-### Variable configuration
-
-There are two broad sets of variables you will need to fill in:
-
-- variables shared by other stages (org id, billing account id, etc.), or derived from a resource managed by a different stage (folder id, automation project id, etc.)
-- variables specific to resources managed by this stage
-
-To avoid the tedious job of filling in the first group of variable with values derived from other stages' outputs, the same mechanism used above for the provider configuration can be used to leverage pre-configured `.tfvars` files.
-
-If you configured a valid path for `outputs_location` in the bootstrap stage, simply link the relevant `terraform-*.auto.tfvars.json` files from the outputs folder. For this stage, you need the `.tfvars` file compiled manually for the bootstrap stage, and the one generated by it:
-
-```bash
-# `outputs_location` is set to `~/fast-config`
-ln -s ~/fast-config/tfvars/00-bootstrap.auto.tfvars.json .
-# also copy the tfvars file used for the bootstrap stage
-cp ../00-bootstrap/terraform.tfvars .
-```
-
-A second set of variables is specific to this stage, they are all optional so if you need to customize them, create an extra `terraform.tfvars` file or add them to the file copied from bootstrap.
-
-Refer to the [Variables](#variables) table at the bottom of this document, for a full list of variables, their origin (e.g. a stage or specific to this one), and descriptions explaining their meaning. The sections below also describe some of the possible customizations.
-
-### CI/CD systems
-
-#### Gitlab
-
-To configure Gitlab, add the following variable:
-
-```hcl
-gitlab = {
-  url                    = "https://gitlab.com" # Or self-hosted URL
-  project_visibility     = "private"
-  shared_runners_enabled = true
-}
-```
-
-Also set `GITLAB_TOKEN` to a token that has appropriate permissions.
-
-#### GitHub
-
-To configure GitHub, add the following variable:
-
-```hcl
-github = {
-  url        = null # Or GitHub Enterprise base URL
-  visibility = "private"
-}
-```
-
-Also set `GITHUB_TOKEN` to a token that has appropriate permissions.
-
-### CI/CD repositories
-
-While the other stages create the necessary supporting structure for their CI/CD pipelines, like service accounts
-and such, the `00-cicd` stage creates all the repositories in your CI/CD system through automation. Its
-configuration is essentially a combination of all the `cicd_repositories` variables of the other stages
-plus additional CI/CD system specific configuration information.
-
-This is an example of configuring the repositories in this stage.
-
-```hcl
-cicd_repositories = {
-  bootstrap = {
-    branch            = null
-    identity_provider = "github-sample"
-    name              = "my-gh-org/fast-bootstrap"
-    description       = "Google Cloud bootstrapping"
-    type              = "github"
-    create            = true
-    create_group      = true
-  }
-  cicd = {
-    branch            = null
-    identity_provider = "github-sample"
-    name              = "my-gh-org/fast-cicd"
-    description       = "Fabric FAST CI/CD setup"
-    type              = "github"
-    create            = true
-    create_group      = true
-  }
-  resman = {
-    branch            = "main"
-    identity_provider = "github-sample"
-    name              = "my-gh-org/fast-resman"
-    description       = "Google Cloud resource management"
-    type              = "github"
-    create            = true
-    create_group      = true
-  }
-  networking = {
-    branch            = "main"
-    identity_provider = "github-sample"
-    name              = "my-gh-org/fast-networking"
-    description       = "Google Cloud networking setup"
-    type              = "github"
-    create            = true
-    create_group      = true
-  }
-  security = {
-    branch            = "main"
-    identity_provider = "github-sample"
-    description       = "Google Cloud security settings"
-    name              = "my-gh-org/fast-security"
-    type              = "github"
-    create            = true
-    create_group      = true
-  }
-  data-platform = {
-    branch            = "main"
-    identity_provider = "github-sample"
-    name              = "my-gh-org/fast-data-platform"
-    description       = "Google Cloud data platform"
-    type              = "github"
-    create            = true
-    create_group      = true
-  }
-  project-factory = {
-    branch            = "main"
-    identity_provider = "github-sample"
-    name              = "my-gh-org/fast-project-factory"
-    description       = "Google Cloud project factory"
-    type              = "github"
-    create            = true
-    create_group      = true
-  }
-}
-```
-
-The `type` attribute can be set to one of the supported repository types: `github` or `gitlab`.
-
-Once the stage is applied the generated output files will contain pre-configured workflow files for each repository, that will use Workload Identity Federation via a dedicated service account for each repository to impersonate the automation service account for the stage.
-
-Once done, you can run this stage:
-
-```bash
-terraform init
-terraform apply
-```
-
-<!-- TFDOC OPTS files:1 show_extra:1 -->
-<!-- BEGIN TFDOC -->
-
-## Files
-
-| name | description | resources |
-|---|---|---|
-| [cicd.tf](./cicd.tf) | None | <code>tls_private_key</code> |
-| [github.tf](./github.tf) | None | <code>github_actions_secret</code> · <code>github_repository</code> |
-| [gitlab.tf](./gitlab.tf) | None | <code>gitlab_group</code> · <code>gitlab_project</code> · <code>gitlab_project_variable</code> |
-| [main.tf](./main.tf) | Module-level locals and resources. |  |
-| [outputs-files.tf](./outputs-files.tf) | Output files persistence to local filesystem. | <code>local_file</code> |
-| [outputs-gcs.tf](./outputs-gcs.tf) | Output files persistence to automation GCS bucket. | <code>google_storage_bucket_object</code> |
-| [outputs.tf](./outputs.tf) | Module outputs. |  |
-| [variables.tf](./variables.tf) | Module variables. |  |
-| [versions.tf](./versions.tf) | Version pins. |  |
-
-## Variables
-
-| name | description | type | required | default | producer |
-|---|---|:---:|:---:|:---:|:---:|
-| [automation](variables.tf#L17) | Automation resources created by the bootstrap stage. | <code title="object&#40;&#123;&#10;  outputs_bucket          &#61; string&#10;  project_id              &#61; string&#10;  project_number          &#61; string&#10;  federated_identity_pool &#61; string&#10;  federated_identity_providers &#61; map&#40;object&#40;&#123;&#10;    issuer           &#61; string&#10;    issuer_uri       &#61; string&#10;    name             &#61; string&#10;    principal_tpl    &#61; string&#10;    principalset_tpl &#61; string&#10;  &#125;&#41;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | ✓ |  | <code>00-bootstrap</code> |
-| [cicd_repositories](variables.tf#L35) | CI/CD repository configuration. Identity providers reference keys in the `federated_identity_providers` variable. Set to null to disable, or set individual repositories to null if not needed. | <code title="object&#40;&#123;&#10;  bootstrap &#61; object&#40;&#123;&#10;    branch       &#61; string&#10;    name         &#61; string&#10;    description  &#61; string&#10;    type         &#61; string&#10;    create       &#61; bool&#10;    create_group &#61; bool&#10;  &#125;&#41;&#10;  resman &#61; object&#40;&#123;&#10;    branch       &#61; string&#10;    name         &#61; string&#10;    description  &#61; string&#10;    type         &#61; string&#10;    create       &#61; bool&#10;    create_group &#61; bool&#10;  &#125;&#41;&#10;  networking &#61; object&#40;&#123;&#10;    branch       &#61; string&#10;    name         &#61; string&#10;    description  &#61; string&#10;    type         &#61; string&#10;    create       &#61; bool&#10;    create_group &#61; bool&#10;  &#125;&#41;&#10;  security &#61; object&#40;&#123;&#10;    branch       &#61; string&#10;    name         &#61; string&#10;    description  &#61; string&#10;    type         &#61; string&#10;    create       &#61; bool&#10;    create_group &#61; bool&#10;  &#125;&#41;&#10;  data-platform &#61; object&#40;&#123;&#10;    branch       &#61; string&#10;    name         &#61; string&#10;    description  &#61; string&#10;    type         &#61; string&#10;    create       &#61; bool&#10;    create_group &#61; bool&#10;  &#125;&#41;&#10;  project-factory &#61; object&#40;&#123;&#10;    branch       &#61; string&#10;    name         &#61; string&#10;    description  &#61; string&#10;    type         &#61; string&#10;    create       &#61; bool&#10;    create_group &#61; bool&#10;  &#125;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code>null</code> |  |
-| [custom_roles](variables.tf#L132) | Custom roles defined at the org level, in key => id format. | <code title="object&#40;&#123;&#10;  service_project_network_admin &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code>null</code> | <code>00-bootstrap</code> |
-| [github](variables.tf#L120) | GitHub settings | <code title="object&#40;&#123;&#10;  url        &#61; string&#10;  visibility &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code title="&#123;&#10;  url        &#61; null&#10;  visibility &#61; &#34;private&#34;&#10;&#125;">&#123;&#8230;&#125;</code> |  |
-| [gitlab](variables.tf#L106) | Gitlab settings | <code title="object&#40;&#123;&#10;  url                    &#61; string&#10;  project_visibility     &#61; string&#10;  shared_runners_enabled &#61; bool&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code title="&#123;&#10;  url                    &#61; &#34;https:&#47;&#47;gitlab.com&#34;&#10;  project_visibility     &#61; &#34;private&#34;&#10;  shared_runners_enabled &#61; true&#10;&#125;">&#123;&#8230;&#125;</code> |  |
-| [outputs_location](variables.tf#L141) | Enable writing provider, tfvars and CI/CD workflow files to local filesystem. Leave null to disable | <code>string</code> |  | <code>null</code> |  |
-
-## Outputs
-
-| name | description | sensitive | consumers |
-|---|---|:---:|---|
-| [tfvars](outputs.tf#L30) | Terraform variable files for the following stages. | ✓ |  |
-
-<!-- END TFDOC -->
diff --git a/fast/stages/00-cicd_/cicd-providers.tf b/fast/stages/00-cicd_/cicd-providers.tf
deleted file mode 100644
index 5ea51121b1..0000000000
--- a/fast/stages/00-cicd_/cicd-providers.tf
+++ /dev/null
@@ -1,24 +0,0 @@
-/**
- * Copyright 2022 Google LLC
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-provider "github" {
-  base_url = var.github.url
-  owner    = local.github_groups[0]
-}
-
-provider "gitlab" {
-  base_url = var.gitlab.url
-}
diff --git a/fast/stages/00-cicd_/github.tf b/fast/stages/00-cicd_/github.tf
deleted file mode 100644
index b4c7a57095..0000000000
--- a/fast/stages/00-cicd_/github.tf
+++ /dev/null
@@ -1,52 +0,0 @@
-/**
- * Copyright 2022 Google LLC
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-locals {
-  github_groups = distinct([
-    for k, v in local.cicd_repositories_by_system["github"] : v.group
-  ])
-}
-
-data "github_organization" "organization" {
-  for_each = toset(local.github_groups)
-  name     = each.value
-}
-
-data "github_repository" "repositories" {
-  for_each = {
-    for name, repo in local.cicd_repositories_by_system["github"] :
-    name => repo if !try(repo.create, true)
-  }
-  full_name = format("%s/%s", each.value.group, each.value.name)
-}
-
-resource "github_repository" "repositories" {
-  for_each = {
-    for name, repo in local.cicd_repositories_by_system["github"] :
-    name => repo if try(repo.create, true)
-  }
-  name        = each.value.name
-  description = each.value.description
-  visibility  = var.github.visibility
-}
-
-resource "github_actions_secret" "actions-modules-key" {
-  for_each = { for name, repo in local.cicd_repositories_by_system["github"] : name => repo }
-
-  repository      = try(each.value.create, true) ? github_repository.repositories[each.key].name : data.github_repository.repositories[each.key].name
-  secret_name     = "CICD_MODULES_KEY"
-  plaintext_value = tls_private_key.cicd-modules-key.private_key_openssh
-}
diff --git a/fast/stages/00-cicd_/gitlab.tf b/fast/stages/00-cicd_/gitlab.tf
deleted file mode 100644
index bb6e28b1a1..0000000000
--- a/fast/stages/00-cicd_/gitlab.tf
+++ /dev/null
@@ -1,66 +0,0 @@
-/**
- * Copyright 2022 Google LLC
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-locals {
-  gitlab_create_groups   = distinct([for k, v in local.cicd_repositories_by_system["gitlab"] : v.group if try(v.create_group, false)])
-  gitlab_existing_groups = distinct([for k, v in local.cicd_repositories_by_system["gitlab"] : v.group if !try(v.create_group, false)])
-}
-
-data "gitlab_group" "group" {
-  for_each  = toset(local.gitlab_existing_groups)
-  full_path = each.value
-}
-
-data "gitlab_project" "projects" {
-  for_each = { for name, repo in local.cicd_repositories_by_system["gitlab"] : name => repo if !try(repo.create, true) }
-  id       = format("%s/%s", each.value.group, each.value.name)
-}
-
-resource "gitlab_group" "group" {
-  for_each = toset(local.gitlab_create_groups)
-
-  name        = each.value
-  path        = each.value
-  description = "Cloud Foundation Fabric FAST: github.com/GoogleCloudPlatform/cloud-foundation-fabric/tree/master/fast/"
-}
-
-resource "gitlab_project" "projects" {
-  for_each = { for name, repo in local.cicd_repositories_by_system["gitlab"] : name => repo if try(repo.create, true) }
-
-  name         = each.value.name
-  namespace_id = each.value.create_group ? gitlab_group.group[each.value.group].id : data.gitlab_group.group[each.value.group].id
-  description  = each.value.description
-
-  visibility_level       = var.gitlab.project_visibility
-  shared_runners_enabled = var.gitlab.shared_runners_enabled
-  auto_devops_enabled    = false
-}
-
-resource "gitlab_project_variable" "project-modules-key" {
-  for_each = { for name, repo in local.cicd_repositories_by_system["gitlab"] : name => repo }
-
-  project = try(each.value.create, true) ? gitlab_project.projects[each.key].id : data.gitlab_project.projects[each.key].id
-
-  key   = "CICD_MODULES_KEY"
-  value = base64encode(tls_private_key.cicd-modules-key.private_key_openssh)
-
-  protected     = false
-  masked        = true
-  variable_type = "env_var"
-}
-
-
-
diff --git a/fast/stages/00-cicd_/main.tf b/fast/stages/00-cicd_/main.tf
deleted file mode 100644
index a9627f0e53..0000000000
--- a/fast/stages/00-cicd_/main.tf
+++ /dev/null
@@ -1,40 +0,0 @@
-/**
- * Copyright 2022 Google LLC
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-locals {
-  supported_cicd_systems = ["gitlab", "github", "sourcerepo"]
-  cicd_repositories = {
-    for k, v in coalesce(var.cicd_repositories, {}) : k => merge(v, {
-      create_group = try(v.create_group, true)
-      group        = join("/", slice(split("/", v.name), 0, length(split("/", v.name)) - 1))
-      name         = element(split("/", v.name), length(split("/", v.name)) - 1)
-    })
-    if(
-      v != null
-      &&
-      contains(local.supported_cicd_systems, try(v.type, ""))
-    )
-  }
-  cicd_repositories_by_system = {
-    for system in local.supported_cicd_systems : system => {
-      for k, v in local.cicd_repositories : k => v if v.type == system
-    }
-  }
-}
-
-resource "tls_private_key" "cicd-modules-key" {
-  algorithm = "ED25519"
-}
diff --git a/fast/stages/00-cicd_/outputs-files.tf b/fast/stages/00-cicd_/outputs-files.tf
deleted file mode 100644
index 6c201fc4c7..0000000000
--- a/fast/stages/00-cicd_/outputs-files.tf
+++ /dev/null
@@ -1,24 +0,0 @@
-/**
- * Copyright 2022 Google LLC
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-# tfdoc:file:description Output files persistence to local filesystem.
-
-resource "local_file" "tfvars" {
-  for_each        = var.outputs_location == null ? {} : { 1 = 1 }
-  file_permission = "0644"
-  filename        = "${pathexpand(var.outputs_location)}/tfvars/00-cicd.auto.tfvars.json"
-  content         = jsonencode(local.tfvars)
-}
diff --git a/fast/stages/00-cicd_/outputs-gcs.tf b/fast/stages/00-cicd_/outputs-gcs.tf
deleted file mode 100644
index 3a03ae4d71..0000000000
--- a/fast/stages/00-cicd_/outputs-gcs.tf
+++ /dev/null
@@ -1,23 +0,0 @@
-/**
- * Copyright 2022 Google LLC
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-# tfdoc:file:description Output files persistence to automation GCS bucket.
-
-resource "google_storage_bucket_object" "tfvars" {
-  bucket  = var.automation.outputs_bucket
-  name    = "tfvars/00-bootstrap.auto.tfvars.json"
-  content = jsonencode(local.tfvars)
-}
diff --git a/fast/stages/00-cicd_/outputs.tf b/fast/stages/00-cicd_/outputs.tf
deleted file mode 100644
index 6430e2b314..0000000000
--- a/fast/stages/00-cicd_/outputs.tf
+++ /dev/null
@@ -1,34 +0,0 @@
-/**
- * Copyright 2022 Google LLC
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-locals {
-  gitlab_cicd_https = { for k, v in local.cicd_repositories_by_system["gitlab"] : k => v.create ? gitlab_project.projects[k].http_url_to_repo : data.gitlab_project.projects[k].http_url_to_repo }
-  gitlab_cicd_ssh   = { for k, v in local.cicd_repositories_by_system["gitlab"] : k => v.create ? gitlab_project.projects[k].ssh_url_to_repo : data.gitlab_project.projects[k].ssh_url_to_repo }
-  github_cicd_https = { for k, v in local.cicd_repositories_by_system["github"] : k => v.create ? github_repository.repositories[k].http_clone_url : data.github_repository.repositories[k].http_clone_url }
-  github_cicd_ssh   = { for k, v in local.cicd_repositories_by_system["github"] : k => v.create ? github_repository.repositories[k].git_clone_url : data.github_repository.repositories[k].git_clone_url }
-
-  tfvars = {
-    cicd_repositories = merge(local.cicd_repositories_by_system["gitlab"], local.cicd_repositories_by_system["github"])
-    cicd_ssh_urls     = merge(local.gitlab_cicd_ssh, local.github_cicd_ssh)
-    cicd_https_urls   = merge(local.gitlab_cicd_https, local.github_cicd_https)
-  }
-}
-
-output "tfvars" {
-  description = "Terraform variable files for the following stages."
-  sensitive   = true
-  value       = local.tfvars
-}
diff --git a/fast/stages/00-cicd_/variables.tf b/fast/stages/00-cicd_/variables.tf
deleted file mode 100644
index c5cc5f695c..0000000000
--- a/fast/stages/00-cicd_/variables.tf
+++ /dev/null
@@ -1,145 +0,0 @@
-/**
- * Copyright 2022 Google LLC
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-variable "automation" {
-  # tfdoc:variable:source 00-bootstrap
-  description = "Automation resources created by the bootstrap stage."
-  type = object({
-    outputs_bucket          = string
-    project_id              = string
-    project_number          = string
-    federated_identity_pool = string
-    federated_identity_providers = map(object({
-      issuer           = string
-      issuer_uri       = string
-      name             = string
-      principal_tpl    = string
-      principalset_tpl = string
-    }))
-  })
-}
-
-variable "cicd_repositories" {
-  description = "CI/CD repository configuration. Identity providers reference keys in the `federated_identity_providers` variable. Set to null to disable, or set individual repositories to null if not needed."
-  type = object({
-    bootstrap = object({
-      branch       = string
-      name         = string
-      description  = string
-      type         = string
-      create       = bool
-      create_group = bool
-    })
-    resman = object({
-      branch       = string
-      name         = string
-      description  = string
-      type         = string
-      create       = bool
-      create_group = bool
-    })
-    networking = object({
-      branch       = string
-      name         = string
-      description  = string
-      type         = string
-      create       = bool
-      create_group = bool
-    })
-    security = object({
-      branch       = string
-      name         = string
-      description  = string
-      type         = string
-      create       = bool
-      create_group = bool
-    })
-    data-platform = object({
-      branch       = string
-      name         = string
-      description  = string
-      type         = string
-      create       = bool
-      create_group = bool
-    })
-    project-factory = object({
-      branch       = string
-      name         = string
-      description  = string
-      type         = string
-      create       = bool
-      create_group = bool
-    })
-  })
-  default = null
-  validation {
-    condition = alltrue([
-      for k, v in coalesce(var.cicd_repositories, {}) :
-      v == null || try(v.name, null) != null
-    ])
-    error_message = "Non-null repositories need a non-null name."
-  }
-  validation {
-    condition = alltrue([
-      for k, v in coalesce(var.cicd_repositories, {}) :
-      v == null || (
-        contains(["github", "gitlab", "sourcerepo"], coalesce(try(v.type, null), "null"))
-      )
-    ])
-    error_message = "Invalid repository type, supported types: 'github' 'gitlab' or 'sourcerepo'."
-  }
-}
-
-variable "gitlab" {
-  description = "Gitlab settings"
-  type = object({
-    url                    = string
-    project_visibility     = string
-    shared_runners_enabled = bool
-  })
-  default = {
-    url                    = "https://gitlab.com"
-    project_visibility     = "private"
-    shared_runners_enabled = true
-  }
-}
-
-variable "github" {
-  description = "GitHub settings"
-  type = object({
-    url        = string
-    visibility = string
-  })
-  default = {
-    url        = null
-    visibility = "private"
-  }
-}
-
-variable "custom_roles" {
-  # tfdoc:variable:source 00-bootstrap
-  description = "Custom roles defined at the org level, in key => id format."
-  type = object({
-    service_project_network_admin = string
-  })
-  default = null
-}
-
-variable "outputs_location" {
-  description = "Enable writing provider, tfvars and CI/CD workflow files to local filesystem. Leave null to disable"
-  type        = string
-  default     = null
-}
diff --git a/fast/stages/00-cicd_/versions.tf b/fast/stages/00-cicd_/versions.tf
deleted file mode 100644
index 1e30586f59..0000000000
--- a/fast/stages/00-cicd_/versions.tf
+++ /dev/null
@@ -1,38 +0,0 @@
-# Copyright 2022 Google LLC
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     https://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-terraform {
-  required_version = ">= 1.3.1"
-  required_providers {
-    google = {
-      source  = "hashicorp/google"
-      version = ">= 4.36.0" # tftest
-    }
-    google-beta = {
-      source  = "hashicorp/google-beta"
-      version = ">= 4.36.0" # tftest
-    }
-    github = {
-      source  = "integrations/github"
-      version = "~> 4.0"
-    }
-    gitlab = {
-      source  = "gitlabhq/gitlab"
-      version = ">= 3.16.1"
-    }
-
-  }
-}
-
-

From b60bfdaed75b40ca1214f0aca578c1da24322006 Mon Sep 17 00:00:00 2001
From: Ludovico Magnocavallo <ludomagno@google.com>
Date: Fri, 21 Oct 2022 01:59:47 +0200
Subject: [PATCH 3/8] allow setting commit attributes via variabes

---
 fast/extras/00-cicd-github/cicd-versions.tf  | 16 +++++++++
 fast/extras/00-cicd-github/main.tf           |  6 ++--
 fast/extras/00-cicd-github/variables.tf      | 10 ++++++
 tests/fast/stages/s00_cicd/__init__.py       | 13 --------
 tests/fast/stages/s00_cicd/test_providers.py | 34 --------------------
 5 files changed, 29 insertions(+), 50 deletions(-)
 delete mode 100644 tests/fast/stages/s00_cicd/__init__.py
 delete mode 100644 tests/fast/stages/s00_cicd/test_providers.py

diff --git a/fast/extras/00-cicd-github/cicd-versions.tf b/fast/extras/00-cicd-github/cicd-versions.tf
index 23651dced6..3186511c6f 100644
--- a/fast/extras/00-cicd-github/cicd-versions.tf
+++ b/fast/extras/00-cicd-github/cicd-versions.tf
@@ -1,3 +1,19 @@
+/**
+ * Copyright 2022 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
 terraform {
   required_version = ">= 1.3.1"
   required_providers {
diff --git a/fast/extras/00-cicd-github/main.tf b/fast/extras/00-cicd-github/main.tf
index afa8d13e29..338acc6965 100644
--- a/fast/extras/00-cicd-github/main.tf
+++ b/fast/extras/00-cicd-github/main.tf
@@ -105,8 +105,8 @@ resource "github_repository_file" "default" {
     )
     : file(each.value.file)
   )
-  commit_message      = "Managed by Terraform"
-  commit_author       = "Terraform User"
-  commit_email        = "terraform@example.com"
+  commit_message      = "${var.commmit_config.message} (${each.value.name})"
+  commit_author       = var.commmit_config.author
+  commit_email        = var.commmit_config.email
   overwrite_on_create = true
 }
diff --git a/fast/extras/00-cicd-github/variables.tf b/fast/extras/00-cicd-github/variables.tf
index 85d8aa7394..21f2833466 100644
--- a/fast/extras/00-cicd-github/variables.tf
+++ b/fast/extras/00-cicd-github/variables.tf
@@ -14,6 +14,16 @@
  * limitations under the License.
  */
 
+variable "commmit_config" {
+  description = "Configure commit metadata."
+  type = object({
+    author  = optional(string, "FAST loader")
+    email   = optional(string, "fast-loader@fast.gcp.tf")
+    message = optional(string, "FAST initial loading")
+  })
+  default  = {}
+  nullable = false
+}
 
 variable "organization" {
   description = "GitHub organization."
diff --git a/tests/fast/stages/s00_cicd/__init__.py b/tests/fast/stages/s00_cicd/__init__.py
deleted file mode 100644
index 6d6d1266c3..0000000000
--- a/tests/fast/stages/s00_cicd/__init__.py
+++ /dev/null
@@ -1,13 +0,0 @@
-# Copyright 2022 Google LLC
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
diff --git a/tests/fast/stages/s00_cicd/test_providers.py b/tests/fast/stages/s00_cicd/test_providers.py
deleted file mode 100644
index e45c869e3d..0000000000
--- a/tests/fast/stages/s00_cicd/test_providers.py
+++ /dev/null
@@ -1,34 +0,0 @@
-# Copyright 2022 Google LLC
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-import os
-'''
-github = {
-  source  = "integrations/github"
-  version = "~> 4.0"
-}
-gitlab = {
-  source  = "gitlabhq/gitlab"
-  version = ">= 3.16.1"
-}
-'''
-
-
-def test_providers(basedir):
-  "Test providers file."
-  p = os.path.join(basedir, 'fast/stages/00-cicd/versions.tf')
-  with open(p) as f:
-    data = f.read()
-    assert 'integrations/github' in data
-    assert 'gitlabhq/gitlab' in data

From 38d06f34bc2f4a5076186e2b5aece58c74229049 Mon Sep 17 00:00:00 2001
From: Ludovico Magnocavallo <ludomagno@google.com>
Date: Fri, 21 Oct 2022 02:03:47 +0200
Subject: [PATCH 4/8] remove reference to deleted stage

---
 fast/stages/README.md | 2 --
 1 file changed, 2 deletions(-)

diff --git a/fast/stages/README.md b/fast/stages/README.md
index 29fdc4c0f2..9b41bf1cae 100644
--- a/fast/stages/README.md
+++ b/fast/stages/README.md
@@ -24,8 +24,6 @@ To destroy a previous FAST deployment follow the instructions detailed in [clean
 - [Bootstrap](00-bootstrap/README.md)  
   Enables critical organization-level functionality that depends on broad permissions. It has two primary purposes. The first is to bootstrap the resources needed for automation of this and the following stages (service accounts, GCS buckets). And secondly, it applies the minimum amount of configuration needed at the organization level, to avoid the need of broad permissions later on, and to implement a minimum of security features like sinks and exports from the start.\
   Exports: automation variables, organization-level custom roles
-- [CI/CD Bootstrap](00-cicd/README.md)  
-  Optionally set up CI/CD repositories and project structure automatically for GitHub and Gitlab. This stage is not needed if repository are created manually.
 - [Resource Management](01-resman/README.md)  
   Creates the base resource hierarchy (folders) and the automation resources required later to delegate deployment of each part of the hierarchy to separate stages. This stage also configures organization-level policies and any exceptions needed by different branches of the resource hierarchy.\
   Exports: folder ids, automation service account emails

From 896e5d2ec59ce7fa0abbc1591d7a1d7640a271cc Mon Sep 17 00:00:00 2001
From: Ludovico Magnocavallo <ludomagno@google.com>
Date: Sun, 23 Oct 2022 17:21:43 +0200
Subject: [PATCH 5/8] optional repo creation, documentation

---
 fast/extras/00-cicd-github/README.md        |  70 ++++++++++++++
 fast/extras/00-cicd-github/github_token.png | Bin 0 -> 56718 bytes
 fast/extras/00-cicd-github/main.tf          | 100 +++++++++++---------
 fast/extras/00-cicd-github/variables.tf     |  48 +++++-----
 fast/extras/README.md                       |   5 +
 5 files changed, 156 insertions(+), 67 deletions(-)
 create mode 100644 fast/extras/00-cicd-github/README.md
 create mode 100644 fast/extras/00-cicd-github/github_token.png
 create mode 100644 fast/extras/README.md

diff --git a/fast/extras/00-cicd-github/README.md b/fast/extras/00-cicd-github/README.md
new file mode 100644
index 0000000000..ee06d73b44
--- /dev/null
+++ b/fast/extras/00-cicd-github/README.md
@@ -0,0 +1,70 @@
+# FAST GitHub repository management
+
+This small extra stage allows creation and management of GitHub repositories used to host FAST stage code, including initial population of files and rewriting of module sources.
+
+This stage is designed for quick repository creation in a GitHub organization, and is not suited for medium or long-term repository management especially if you enable initial population of files.
+
+## Initial population caveats
+
+Initial file population of repositories is controlled via the `populate_from` attribute, and needs a bit of care:
+
+- never run this stage gain with the same variables used for population once the repository starts being used,  as **Terraform will manage file state and revert any changes at each apply**, which is probably not what you want.
+- be mindful when enabling initial population of the modules repository, as the number of resulting files to manage is very close to the GitHub hourly limit for their API
+
+The scenario for which this stage has been designed is one-shot creation and/or population of stage repositories, running it multiple times with different variables and Terraform states if incrmental creation is needed for subsequent FAST stages (e.g. GKE, data platform, etc.).
+
+## GitHub provider credentials
+
+A [GitHub token](https://github.com/settings/tokens) is needed to authenticate against their API. The token needs organization-level permissions, like shown in this screenshot:
+
+<p align="center">
+  <img src="github_token.png" alt="GitHub token scopes.">
+</p>
+
+## Variable configuration
+
+The `organization` required variable sets the GitHub organization where repositories will be created, and is used to configure the Terraform provider.
+
+The `repositories` variable is where you configure which repositories to create, whether initial population of files is desired, and which repository is used to host modules.
+
+This is an example that creates repositories for stages 00 and 01, defines an existing repositories as the source for modules, and populates initial files for stages 00, 01, and 02:
+
+```hcl
+organization = "ludomagno"
+repositories = {
+  fast_00_bootstrap = {
+    create_options = {
+      description = "FAST bootstrap."
+      features = {
+        issues = true
+      }
+    }
+    populate_from = "../../stages/00-bootstrap"
+  }
+  fast_01_resman = {
+    create_options = {
+      description = "FAST resource management."
+      features = {
+        issues = true
+      }
+    }
+    populate_from = "../../stages/01-resman"
+  }
+  fast_02_networking = {
+    populate_from = "../../stages/02-networking-peering"
+  }
+  fast_modules = {
+    has_modules = true
+  }
+}
+```
+
+The `create_options` repository attribute controls creation: if the attribute is not present, the repository is assumed to be already existing.
+
+Initial population depends on a modules repository being configured, identified by the `has_modules` attribute, and on `populate_from` attributes in each repository where population is required, pointing to the folder holding the files to be committed.
+
+Finally, a `commit_config` variable is optional: it can be used to configure author, email and message used in commits for initial population of files, its defaults are probably fine for most use cases.
+
+## Modules secret
+
+When initial population is configured for a repository, this stage also adds a secret with the private key used to authenticate against the modules repository. This matches the configuration of the GitHub workflow files created for each FAST stage when CI/CD is enabled.
diff --git a/fast/extras/00-cicd-github/github_token.png b/fast/extras/00-cicd-github/github_token.png
new file mode 100644
index 0000000000000000000000000000000000000000..02426484cef4229b03a518703be6f4772627a2a5
GIT binary patch
literal 56718
zcmd?Rby!sE+cqq0*b*uYN)AXPAT3fOA>H7J)RvG2=^R2q>Fx&U7&bZNuvNOdL%IZ{
zVW@Wv?!BGg`#sNhe1E)uJjeTa9D>K~TC?tT$9bODd0qDesj0}`#iPW#b?eq$c{yo~
zTep5A1pe0I{0_88))0CFzc3s%WF>FG`lvT<-2&Z`mwu+@X7GL1GgVuA_H>Us(^oWW
zsjNHZrNpx@_@b@mtQO`4iSAPD>Pn;o%g@-}d$T16g5LR3a0N5Wsqt|4Ycgc9<(&q`
zQ}jI3+~OftmaPma2*ByMFxXP^oTz*WZ|WB}I~HE!yMEGV;90usQRe(%_vCw1f0dP`
zr6n<f5PS;*>z^NfxBOg42{9D-pP@ItyM>KKh4Jeu46Jw9(PV^lP3#g)hrBwc9qjH)
zWejQJqf$tM2M;Mi#iYf@*_?XF9Nt{Io#j$9jPv)zf0a^otT~sv+CS7ta{c;B*lR)9
z;Vm<C2p1Cv<a_JyAM2R7c!31V<#Ys5!wDBQRIU1|wa;i%XH>sf25OKJ=B~%|zWe7|
z)Lk;9gsL62SH>#{g5y{s*PaANq)S}0sHpM>AD_a;v%=36r{y8JK3OLbCcT#lojDwI
zu^-wZOxkHLmvtplS=Xq?whfI_qM`G`y_X25e*Pr>a}1qJZ^-0%0bR%Uklz*iRjxPf
zjIAwcdLcsM$R&-W!zJwffnCa#-!|AAPQ)Y;63}ewN-HOrO=xNR_>6>VUat>0-Q(c5
zjVh~y8RkvL=?T^6spHz|hy`4o19c(ci;sM!t3jS^c#p2VF3T&Dh<=SeYcu#A2Vt?v
zm(TNY8JE??hnG8dlFnwmhaB5&%7h!Qe_#nOo)dH#>h|U~guZl2P?|BUp0Dx!k@0Xp
z;k>>38(pdS=<eLoZgj30zu-La3Ma@QZVPdwTzBDG8YQyh9RBEXvU5mN&-lB}la0%`
znB~B0y`tXI6tAuN29woi`tUwZTE&GP81MSN=knAi@zI%x@eVqxGdSKuhJR-W6uC~n
z83D`?-6)bgFMKv<H?q>S?`-~boR2W9!hAxVcl*qCzqH#f693+LPUH0{zwqU`;!2p5
zSw~sf)rar3${0irDkG~gz*DA8R$=h&ff(Ba2^SHatF44Jxuz`ENf&##!LtXK!@4V}
zO-GCELeD?V@K^^bd3b;NE^hKc&v7n&e?N4O*Squ8M(sTI{x?pk6-RYyDj63VUc;-c
zY_Z(eU4;%~(a)or`l84rM0CVi=nsxsyT)XGE$K`fEMh%BHM>CxZr7Q&l^2H#EGEuN
zWAI71_-{l^h!34!n{GN66Ve;a$`y1Dea%x|PMJO4-zkOP$TnR^nt{Y4KYEKw_pyt9
z9aMLjEzUTkd;Idb*9p~7!$5{zD2s{S<;yxdV~M0a384<SM5$<eSEpeLqpGWzq^*}_
z9`%d{_&Xbgs8d3y7X10;9`ggQ9#QwYT;&cgXn9TVo7Y<Z?newPV4v}noy=b}i8_y)
z@-BSP-hVd!*<neOf`WM6{%C0hVPm_XE__bpp!`)y*eeB-VL6p`LtO2RsC$@~h&DzR
z?I-itkE{K0BIyPkKGt5^a~E4}6QjS)-yht2iBYa>Pbd~KsQ>)hDJZoPUg(RHRL1>6
zkPB^3+B}TR^mQ}fqIN2pnVe7#M_l}#<UYc(a+$x@`6CM6O{a?&_+00(^pnZdZha>l
zmds5-JtkGtd87<~?A{+_d%nT`K5v$Z&-HqoQwgaZ7IwM3c%8&8>$=G(Vk`2NV<F<o
zEhZHh0G(NliPN^g@DN~@Yi8W$C{|V;^uk#RbrWfuObfi8y5JAzho{nC3p8b1><wwI
z95ztNAe_QWY7Y#7C#_9;@L5w?O<R*cN1JERGYtCup*X4KTB<SIPsfGy2P>a93^_^h
zH(#$k^sbT=A9&?V^S1nv{u8$?N6hl(-xeg=FMJQibo0{_6n{@+hw}>(OqH*=hqw`z
zb!ES1>8e`OHKg4*&2?P<ENQe$CAG{=5RveC-tH0vmlJwWv(A-N-@HY?soFINnPqak
zXXPC@C1L1OVy%xhqf?R~bqx9;)(Cy~Bt673uDj0c)o^vg2%USf-rK7`HfHygDv+!r
z-6m6a2^78-(*-(hGkekrDln%DX>H;|uzTp1HpOMrPNEu}#u<g}uJGJ-prKo@jZNAP
zvpAQoRu<$Pkg>OyS58DaVbJ!DFgU+Yg+_6i5Tt`ibF~YqS{B!=0GX`b{iE&=q_BhA
zg|QxuF~5)WcC&cf(I`RAaI<)}OG<=&+;66bXZofqaU3Sf`Lqr_rw<(VggmQ|_aVDp
zP31MMF0YmTeJQ_J6ml=YBTp0TuILFI&ynArpsk=YvP|C&CmU7}?@A8euUlqt)xak8
zjHHA~4nq(Ay&SxQ#R_tOGh+Gw!g;VaHY;eqK~VYwTHF8st|O)(Z1Nbl;|qcqSa!^|
z3}NN0#+z_O1w3WhsFPnDKId9_DZkjIIeq$SnGM$1vN**jf1){byu!QgFvc;KHD)+m
zob$S%Tv6<~JPYAg<A@{f_Iy=3*V2Huv+QMK)n%*|^!{yt<U8JjvoXKKKUo&YlEX_i
zp_QLv4wJG|#aJMJwDyX$A>PK>yOfl$2CH&J{&nFw_ZoujNKX<8uim>9&9TD^bl72T
zlf30;NyaLVLDZ~})%>Z<@N*ztM09G^TCt2nnw3J&r;H>R!-SE*rD%GlDNh6|*Z9lU
zCv}fTc*g5<#o|qyx#*yD>r0zk#`T+8-zlfs<Qm@Sw35{C(3cIn86vMD=r~pd(wBoX
zIo$c1x~U`7xkV3MoAujA%OlG_iGMmCJe6+?ZworfMeem)DJ0t*jJK<854GIiogc|B
zoHyr^FXL}H7izUUPwM0}x#CitHyG4csJ@3p6vT6wj3$TjaAUD6gJOU&kdqG5i^WQu
z!xmto&GVPq<wyrlAyxNb#oqWzawV`QHu6>-qDu1V;xE|FPfAk?U*hRRlpyc!@sJ7c
zL9@@3kdNA4&a37*y9y_l1c$Z9hkn#s=yK?d>3P^Wnj6VD7oXYIFL1Q<6vlE;v&^gT
zO{vr8B9Q|_Fl;4coK%&^__R&YQBSp~TN|8sELC7nT3Ps{y3}k4n%5Sn%P2PQVw=mv
z-V$;P^Nd7J3oI?K%zt-W1fEyOtlR~~HS4gaavv*aRQ_Eb*OnaDA^Hkx6_-O8auU}z
zp%r*)AlS<M7ve0%NP!QY6E1%oYj;n+O@$Z!=sWb_u(X*os*))efi=!=5Z%(7@F$D>
zlOrr4{^K0@K4Ve__Xqy=5H^rrdLHIyv(1osI3mk&FHAFdDXWZWiXPAk;(jgI{^_92
zR_SPIrkq=EXDPEHXpYQ~b=+)1twvw)>!ygJee00Nt;x>UdsxEaHCtU#Y=wfY+bL%2
zoMJFtoeDW4=xXZ@K}`8JUVP^md{qaQWmmFZTdE&D9=4ObEMTp$Y~B3h(A7wJTheZL
zkI5ykR&N)}EUNKiPy1TjGJD`I-t(cQy$P>Y)uDHv;Rc8+Eo*un8AlxGxP*nC2lZea
zF;w5iGfg+qx|!xw7!xOlh_%QUN7+fQGjDfRcHVwGr;_W<qH$gH*Z|fer_TyepmX9?
zwUeAS9aw^mq3MF5H62&Nz<8M5U9a;muHHP}n|jlZQu4uKnivZnX?4e{at!yQ?<7w#
z%I{BS`^qI#$M3VtCAU1W!Fa8ht?grh&tQ0gn4d;85vT1^vGndSmJ!U0J_!d9t`>`!
zjIbt$)h0Weg`kz$29Yz7km%p{HTLkd?}$b<`enjbHhu#<oP(~o24B`Us;78F^IQB*
zWfQ>xCC8E63l2=S2&}OL()ziqV=_T`<h?ZGA!*+3`(8XB8dK<ycl=Asj8>OI<`Xnd
z+wy#W;5txaV6i{TT*mh2t{aHpsIqhmoH`-2i#8(-R{mifq+9h&`LcbSzH>A_XN#tO
zOg_5DD0-t-KHjsOR3^Xs6^&zQR&k=rCZs2sg-yk)SxqWhe)J>vGk&IvP0{i9<$FsW
zsW$3hMo#m?vyFp2rdHU}pf=_>8Ae7D+r~Xk>7f#{4i@1_Jd6yPXpV<EWl}>N+K6%L
zb|P@53pOwkgA&J2Aus5*9xySe?|))>o3|GOXzkJnW5t|L2YM$ZEb`fst63~=d-uI?
z4Ti3cju8=6%0{$8$E9Y`-uk$I+Fi-R?&Zve)bLb%@2@sI5;!FL14-*znqqfN<_NRk
zMvhIzceM6bGDWFV&CA-=_d(W}l_#M6(k;dWb@>L(aqS7LZPQzOvW|n(>*+Q3NBg0d
z(=+<Uwb2&C5(^#-baZ@&FFWRVd&dPM2G*>z#XnW!PUhFE%IP7XMh+`xKzQRzET;#K
zjpk%5=U6#C3<ER%WnjV$@&)VSox=XCGPMp31EyUK{O4`L$EaVNgy2k0fbym^GRld-
zf3biu7DyJ|l=0NSBg++h7FZ4s!5C2~xgbI;;QHkv-#-HW3Exm58fYGql<>@eE?erC
z-UUH`wz^mM-l2tc{})|Xh!@!0d_v%U(&W?eAwoR5m(H&9<WA5%^oX?tbK2RQTf}LH
zQDpZJchbFG)h!obRJ+DYhy`&}Jxo8xF<+(P(uJn+{lKq*1OBzo_NT=``~Jd*h~*}N
zE4J-vc!K`*WlSHKgp9DrZ2~5B`|NwZYv0=UAUyQvY2Y^=_05|qYQ|Is;&6fHpu4}F
zwId^z4;sAKox!PrzoZNR-{fwWrOk5VKGUB)L^R)Gl&>DaSNJk!)a$Qw6TJEp*Z*UF
ztN%K`e#z|vJ%LVM9%Kj{6X}5)PrIxtWFz|bdZadUze)cqvVh)m1HFH9HV>i7RV};L
z)x#)9x|S)-H+d}kv`PO*CuDGI9j?D|5Rwwglwz<v{1x%3@c@g5tWpar_*b97)A(xO
zs!K{jjDMBeEle_CU8?ga%4DKN^i@sZNxVQN?qDT%xty#)iH#kRkRIAcyg3ogoWMH&
zHPV@0n5G<{dQ}Q{8~xLk&4wURA+AO-PPF(KoOy`4WGZbdT}j_8%JX?(4^&TDzf{do
zxl)1PFC4U|f(W@HQ!tGNaTy*WgBsz_a%_pQrB8{6h=0wH-#+egw(otR%(JB1N7enQ
zrTy}6v9rCX{Gy5s|ClH!pH|xMOIh<|f%Sz<wKkumzm$GowM6QejwjUemA|xVsR$7)
z498i_R_QfT)mm%}kz6tXhCMSFYbwWA4bD+IJy7!Gt!osSadI=AGrS{PTi2NlRAipd
z6DLR^m-44+)Fb9JFY@va;Yltf16R=PDGx70FT_$DZL^&>wJd5}CSGKI$8PEHW~huH
z6JCBA<xD3i!Kx2`-@#cd{d{irDHwt=SnLYT+WUMPsy$X_2!ygOmDY2OI<QpF>I>^m
zjY-&77l)a0+3r)i(75fIX_f3_zC7iq2bHkcrjt3%RRdu~7g#Yzs_SH&<4XR?3`g2i
zm*}kdtGv|9CY~V#)bscbruM^c3WtZrHQArXKYkgSZ;dcK3#1D{28XwoIY_T>n(evN
z2&$h)o-XoC8EM*B?`^bO^R!LN%%e!y49ToyoGsGcdsyq$?vz5PDfVVKU6E3DwDCz2
z4zO<2USpbagDBgA4!6hjL`$F$Y3S6@=JP0|@N`!IDWPLoBHL~1fo3%vJ<r*@0hmTz
zIruro?b|CCK{2M^69;*BzE{4&3ye__H8`FzCP)%>uD>I);Fk2%J-f&7Pqo#ahUZ)t
zdsvedrXflx_DQKeJJ&J8&(k$tcgxq}OkjI;R<qR!F@4UP_L9WE*OZp-mTVixOLm{W
zyp2f`pYf6!;+1DyV=vk6T8$sp`=WNjT8dL@Y(l6%^5}S580Pjv7lkk8o_-Y+gqz2?
zvhDm7M4O6Y{H5ZH0`<9UD#RLK(eq`6N&9wK!0_)h!Y>Uxx1HUQkO+nLaGG4iyx;y=
z|2BKXqvo<)UpI%9heI%^$j0@k)N<wZ)dQV6qdIDbQ}z9}l(7AgC61iJLV1M4K-SQw
zbK8oGE6-`~fWTXRp;(K%HSHwAVy_*U-qtL09<J3e@^>a87)K%BPKieXMLM74xd)J2
zXEA4CN7;F2Et%5zl&3#vy0iW}Y9oMtL-n0~)s2YA$NW`>svO2%14Vk=J({PaD%+aP
z&DJxu<=R4<iIya@Uk>*VdI@yCU*>ub*`IH(w2t=6?IJEshVy!fCC2I;&D<A+RNsJ=
zC~%ggK>YMd(LK}A+a=L&4egf{<A+<KR#PJ}zr6S>3D(u(s$~8wXP0;S{caYvv<cM_
zl|ycJBEx6$W{z;L#)?2ppl1bQeu8YEYzCu0`b&KdK1<VSfE)KUq`C_Ysho271rbdB
zVwbgEizFH5qo!Km0*-r|$IQ;yMhW`j91&s{zIUjdVjCwXys#x_zc~H%`J;UQtY^n>
z-8+R%G@nC@U-)7gZLz4-MXv*nVpfpz`nGTu{OK9qpH-LsGkwb(JCb969U9#cD4L?+
zB|&kh14yj~lVQU!d#52p?yFmanigRTejvxH9uq$K+)KCk*JVw|kuj=b`pDgJRq}ZU
zsctfyqZz4;InU0381ATr`3KAt%A%@^Ycl=d0&x`@Z;gBLfrNw|&olL~rPoDfEMhhX
z4i+sf`qiO~P!|xRh3d4OoV~Ha%y1}$W&Du`3!7+#yXgQv3TeR_eidYdn`Mfs23!?L
zPM^Sr(V!k-6%)A(6Kwx_s0Fg8+jR1hfYjD>vw7Z|*JhLPtS4V$Rs*bbI_Q?v{LN!B
z|4Pwe#WX=-Rz;+<O*zG6Y^Bn)bI3G6^);o-;@*A}pR8ho%l5_RAxu9!q909;R30H=
z+jdOSYb=+f%$ge1yWOO&qA#XP1&|etVl0&7{M_>*C$Pk&j44v4ZjX0#tveMeo2gFF
z#q!oAd^R<uy^o2Lt2Vj~c<viS%&1N8d;{XI`kY#`OO1`ZfOxaax9nS&-E!%};&^wh
zU?F>y+gJ?(xCFnrhnffsDhF3H&W-X$wBUE(-hez4NkI~3w#hrEP&7um3-}2m14ew>
zXzUjZSP!f(A`j45q<|g+FOc$;bsjpKl>-ddisvAXMrHzxKnJ8kdbQB*Wd+tw_RD8|
zH}L$EyD~ojeubrZc@jI?y{&*$BjxBgLt~_o$XnRbcR2+$(cG!bmq1sHu!ZSRoAD<T
z`cV>R`W9rhz9~Yxmy|<|2fHPjLMBg?acE#Y!{H=N<_!V)gQ52McyhGs0M-L8ls?&D
zC@aO!cnKAXT5Ah{=QE-84CfS^J<r$N73Rt7oF=pLfS&inp2)dc5-QNU|Jwj+@BK^3
zU$Bevd|x`f>j?B_*tH=nOp(SQLSUN*p$&O0Seuk^>34pKgG|J6Qst3wkU~8sz)4NO
zZhh~%B023YlKrd~=MI&?i=9Sy@7^BxL{MAP&_qBw$rNnj?Csy<t%I*+f{|qlc?Hi(
zGWxc|z|qF<Be7{4B~x5OtPVD5(qAtd!pdfhGZC2W%C*NAW2w@w?-0hn>8#%nu9hAK
zPen$@cVn4*bt)#aAA1QD#<xKZ-Rx0OuJ8~0Km^fnw&!{@dNK&P2nIKnK7|=_{z#)Z
zvan1zHbai$3}2_LYSeE__q&t41@=}Va;Qw@)O!c8Rmy82L-tFKArV%a`H3}o!i5<!
zONnhNNWP}T$Co}Pt)n@OO<jQ~&jdiMV2=Nq%D4>VFo?K+*TZ#>U6u`aZ{U;|d{>OY
z@H!8nO;=Mcc|Lqz&}3uKz*hqVebY{o-n2~p>I_>7-q0ZXDqf3rXR>=98S+z8t8aqG
zSBNZ0rc~&PU0enEZq}f=BI>at+lmq47F-M?2_ELJpe<HTikj4XIlgb1uCip_?J9st
zW46u$28=C?ExVQ5CICa1k*%7kO`hZpG%pLjF)_uIB*ixMp^Yp9Zq;Xj&jfo~)oT@~
zezWd-Fv%d`0*jWAz*DJVB<V0Ip$DCO8D7Bwv=z+%q0B9)J$kk4<8}?Z!JTS)!sb@y
zWcwl4u_bJO7`dvYGW;O1ubSygR!}`B2E;h7(l@YeSl`CJWn0PWTZ6{Zerecj&!d~?
z>@%uGVM}XC-}zp5WG9}e20W-nRg%4RTe5X7nbc$DD`aHZLW)??1yi1Q)2+fzVPC3@
zF_C!vG*l8FTUXSb9b|og7sgYShIklVBID8!l>T!ePq3qQ#89*JtSd#-hrONLW2SF;
zAB%_ea09b(I3+9Yj|&MIV2yHqQyh`9&BaxI8$-&Ds6E8YNkm93xrRL;wp%|N)b`JT
zfV?0qMV>5tBB&kWCyJ+~gpqYsf4IEDP&~iSxATI9ckM|OJv17K395I8V-G(TF10>8
zgszv$dx$uDH-dw%<{@e=W)_=#b7h7R<f9<M=+jMH8-Ba_er=Iy79l1va=6M<7<YMJ
zk?-SPHg?MFQ)RegD}F!$fmoi~Jd)Ea3m&Nb)!X#m&4!O-LcN!6WqrDp`PRgJbOdn#
za1cvD6O1J}c<0~!oLL0KlSLlxNz`ayFbTkv$(Fnw8iZ(712Cn{%^iatJn8~4Wi7UG
z_uo&u<yS-wz|`i7sRP=*CLBOmTFTOdGJyVWRvQI?RlBKC2`v=!vj)0Sag-y3hBZa6
z0AMXjNa#enH?kDyN=^D9y6LM8L>*d3`@F(v_g0|n<*}H#U&uvRVCfgk28wTF<z1nV
z`tbbP!)ac}<oFL@elBb*{Qm77(9Z=-GEJ~k2G{;n{g0qgR}yzyJvYx+Xz4CrU&Blz
zyg-+=dKS%bo#k{Q21hyybqL1@WcZQ9t^bH%Kzf;$c!4r3fuZXx`*XiX)ytC-F6jEk
zqYaTizLpFIk1hCsk6_a(Ls&N>rl5)g<?42Ga0~dCrDvIvLrKYe*OnXGAzgKF?fI|I
z!{S8j(&t}%&8HL!NvvFdsQtr_B{zusFm=GiFKg)M4Ew#nB+~&GOvjDcn5Vb@H7oNX
z)Z)r}WR@Z1g-seAw)B;Y2)4BQIHLk12WM6f!`vez>x$*yACj9&2fYdQw93G(WP}gT
zgL=eYEJtohk3lCcGM#4cF~CcRAGo`21pr8@&P%0gc>|=DKY^6(&$PAar-SZA5@K~K
zB#Lr$d4hX;OFV_AN7oUnvHXat=i*Y~)7X00{!jA|hs7j_jD|jWk4LobUV35};o%#X
z?Q3Qt<YBKjzw(Fg|9O-$(l#E^sd(8#ZpEKq-YYpZxw`JKAP{gfWxk4;i+F(_>=~d9
z0u%&R^JMB7HC6TMIo^FW!*|#~i><z#<$_Fu9)qvh1-*3pwQ8j=O^8Cu)B-6m)iJU>
zC%h^G``5niEn-_^ON$mNA)&F~+F~Z$h>W&WB~-a-4|ASWUAqy}@+P=Z!!RXxg-obp
zl-J$&{KZ>_weS1G{K{%sy>AcwhFaTT0X%?pvTO}KoRl1ivJfLu!<!EcKItYehLCE2
zYl*K17(T}-H3)`r<HB3XJq+X;285r>Xqo$wP<jd=3if&P2e5|YI~u%q6x5`U!(q|9
z0%UCe)B?05GYj9_kf@q3!DF4ac@CS7kc<fEYaKN-IOegx$(1jw0waMVbDx`GkwAH?
z(E<;rDZ+?k6<DW6#%#_Q>egOop2AuX>Ah*)?4-%L(TMPd=vVr(J_&ks59ji?6K#OO
zuL+~kxWA6uTzU&fxn6mVf-0jhlQ$`8l}ci~3V|rTlQ*4Nv=#T4_06`bATQ{^WMF6b
z{dfi`M5pu^c;a+ED1dQE{Z1AE9?J%wc=N!4<dms1HiNR4j@=ui6(?b`UVFd70j!qo
ztQxwhX?|@{_Li|JfX(0zsV3OJPsqujMgSK;Z2jo!rK6t{3}*aKunst$^&mxtzAK~C
zCC$1lK9HKu<HR}S@w%qdNKM2m8dwZYFt^7<NQ*HJ-cy#mLGEmSgG)GdKUlhpes}1j
zXaXU(+~F>?UDC+DG^O`Z$Pt^Zkb~gO3|8a*2ZVEfwsmH33@3Ro#G->i#MC>eGm2zW
z%4?Z}Je~+|D6z)&N4l5$?0#v+w``C}mKIC@t1U+Ta!rReq)fw!L-|58(#u%(AT(o3
zq2-fto@#mp84f}c^wf59I-xP;5%jXPzdUJ!7P)Pm1<x2gE)JZ$*>e+EC^fdl)H5uy
zrqdd&En(9n7;4ynStH3-DEH!$ktX5zCwgdQ17P^AC|AB_$>#)2mzU`JZMY>nB14AG
z&xv0u(*#q8@k-}Vy#jZL=O^|GlLDx?kWEPZ4-^An=Z-?ktu8_ew6_0yt}95yH0lgt
z(4-}{FhAsQ`5%k;tfORs22EQlaS4>6U3<nbmjy*>MXX?w`+}AwGwuf$i%&Z@CSi50
z5!%Vm$jc#9sgCunI5%SVFAyM-{Ok2CW<RV>-kH%iX-!<+m7V3RFdrS$sd2{m94?hv
zik;0^@hYZs05iLEJS%ap*m*mcXF=~qwbYOm)M6T$NJLGx2U9zwb<`82(8a>0pDo90
zGd$e24cp)VWpiL{Hg9rxYd>rD_@ln!n@Io2NAYm0v!y+mav9^PMS<3wsi{7z>FxIQ
zT=M^2Et_BMJvkCT#F{$XX=Hmd-f&tYoV*z1mF;M~XS$K++0uR|NUGJ^A!OA|*Krsb
z=Mga^akCXyP!fLdu}Y2|e0A~lb_2uaaQq9Q;F11Ga)}(@K$b-S0uPPp*CvtpP1W+;
zzkA6j%PFbzyl%iQ-miH~)PM!-PR_b}XLXeQ390QdJ8l)0o<jPnh?v7NmhrrDsWmcg
zko9HqDjl)ZD|iWKbj#=BpTPr042tsp3-d<26R;~>Mn5N%d`yLWKOltNKa>R7G&Vje
zf`FFOJfX)htoau>CiYb7(Jx~dM-WC|YLGCuXvS~yt7H*ORo~=|7ebmn42gPf_!-1;
zqtaWJWTY>$ENF5m@o}Kxd%7u-!IVuuIxHU!s$O9&!t136Ct-J_+o2Gg#mW(UJZPv}
zMh##<RjP#QUnafib3Tvg=jA_UjS`xS&GsEwdr<FvHa#hQlP4b-LkR$BnU=rOb+1?7
z<5p1O2S%#;4259L$A#9+`G*=(`tk32e>CuWE0ek!EFJw)isW#BQMAhUPiVCE)Wng!
z)S|LTyp^(^ee4^vA&#4A$;Af{GU||9{bW`q=XIl}yI%kOQ(IgOv6Q(>0{0#IPCi0;
z+VA&*<hi-np}&zd>-+`5VN`xmsh|giJdv~&9x{etA`T>1sS=bt@HOS`6e*9jswQ6n
z!@u=w_(^}68P}5k%IFJhe}w@l@w$%K)Pya~#Kp>Qnu!-%sv%=RMVvh0w)S1;`Hy9A
z?Yw9`KL3#%!d(~6a*0gmA$z)~`$eh${i&$((it+eU+i!=GrO+V_Uoc%;wk5i?o$f|
zw*sNQ(vXYodYrFDXqt1zD1SnU%{uorro3%==d?Au@NuIKF~Q9Um;%|Dmsi<N!tvbR
z0?+8UH`+@yz_G@y_djW2#-;j09KPqiQbpcG^aZwl$y}f!Pm3fPG<2N=^s0%SLIj!w
z)I!PHQ7+CKYw2&z3i1RL_IKqCB6NiffOWxCuBj2)y(Zj%!fs*{L(`{f)hLDCP^I)!
z3Eq5w-*=S47Rr@HQ^`dr>%uZ2J_uc5HvwHa&O1a)1As??m_TcLh?fWL-U<qUH|An#
z(VUQiSO2N7U;WQj*d5dV;_Vj*%NVb>Eze~RWoiujE0oReu-1FP;c+kbp17?RdzleZ
znZz*JQDIx@`exWi>3<<E_Wjz1j$oeN`G|U5lfj}={1`YULoufmMpT^1(FqAtR4ZfI
zXxWIz2X{DL7<ZL^X({)?&C*~sK<U<~OX)Xs91b1M3|r#X-fH!>x1)4l1cf#>2n3e-
z1`^v}&R!NIoQ}S8({<Ksj?N5k=+kUhf)HgNWM3UFf+Gg`!)?AV!f%Ud)%zCvs<n?K
zcsqYNaU2(xkB~v+J^A$HP<+WICY)l*tZ{z8aWOn^dDck=3?J(s)>kU`zvvmUGqDR6
z>7^|=9LL+c(H=l7^53AY%Md-bbmRR$nReCp?X0$*a?{2Ystw}bHpF<%A)Res`;-WA
zW|fs&>ig&H9Pz&6%4)qB^Wn=G3I3??wlR_mR@@q<Zyr4`VgEL|h)DsM0b||jHxAIy
zRDP0Xbh+h1bqiqX0d`l-f2*OXG{A{4-o$8oL;HnI78{?MHCnxXDK+qqeL<!Ygvo%5
z3J)|X+GTq4l=ufD?w{KVzFYC>kMLQhpUAHfQpOkrCIuJf7*7Y&rspo4-1w%x!~pe4
zV$=Lo%!<i*z60k!W?$t@<u_rz=6Grif01MqG>;%{O+S8SV?aF0MA%%-l$^AkhK$6N
z93Lcc{)xsg%vM2zsp328&y0ha_;m>6Te|hZ>sxw7m|s>P`eoE_-lHOwZzTVrmPwQ~
z!4uKD3U!zZx^KhB!@<$gB00V|&=cXqw5wBvQyAF4MtNE_mz*%midy4T8vEU@&b@hq
z!ZgTzKGXuTgrFkO9G{^2T`q>ZOSAY}4Gx6+J?|(#kE@c(MC(RK;>Qn^Te*geul7K9
z-+g54(P2!>!fh%`qYZhbJukBDA*r`%G9BwXjhDfA;N1H#OtC<U7^rEC<FNvEIgn)s
zM5vmNzQ?{p)TrGVg%$j1lyG~{osF0h-@stM^%4g!yqLn;A7o5<s<ynX-xIQBs_{<o
z0$GJaSr(&YoD@U1hm-Wy7{$ox_?#NeZFSl<6k9$$f$sKwG=Q?z_zvI~tY6z4JPxA(
z!k&YoBj=XJ8{7lDB~5VE5$66|2i>w;OAiMgeNz~ko?`7Uudcqk^fM-nK*`=$8aHN!
zA2I&2fPBA|9+Sbn`WySJ;2Fxx)pN>2_kmvlZB-7bAAg1U;JW~*jeN`IGerZnA)qZM
zZb=la$x;o#$loc_*lwQvvnn|fz)gly>NPajRC^CVu0ZX&(gQTOt^(RDR-O=`HBkZ*
zyx_BpSr;0D=K!cK$I<SN)-;j{yyIQ2r<%`yTEM7J0HH|Ym2e-L3zPXfYMNf|XLrPY
zl%}M-EFOWHMNPh!`Ea-g&&5XL92{U{D`5;m>pQHrzOcNQS6;5OU)Z)l^KEZodZW<$
zzf7cF+^YK50S0Et@2y`E8;Cp&#G9Sb;YlUE$*d0cx5GepNC4BB47;TkqqkqQpbWZd
z4OL<2hk!heU<p8-8fy#nwYb+t*K`H3(W5fCD_JT)<??g@mPUsA56cpbLn`cK)9XD%
z#dje`Evb+05lus)-Q{mWQDm+42`ocSxapGXOqHBq{GYxsmu5PC;OUzp|K&zvqmniX
za~{VECdXX4eT6|Yubte@X01!|O53cpRi0zfHquS`pSImwln#4-Op*jG>7XAEDmnl2
z?Ab;=jkK)}6Yu`c7zqIzNXv*CDg(jFz9tYRmylJhP=-9n&S<@+ikKSBu+dSrM;h_;
z>O`=42T0rPR^ZNiS3SxFn*()j8d-)iIKp{-_Dtb5;@OVbOEu*-ms`eDR}$hXjog}g
zu(M5U<-==>-s}VY1DqiJBa(>E)jJ+Nh;n7es#0B^^jt5R0U^{hf{#(2D}N}-#&l_&
z+skuUAhIfVG>qZMv8Hv8j1a*%9p5u;E3to+&%i%hlS4tahxwe_@=#~0O$q5ZYNth7
zYZN+_%jQ%uk2qW>#$f|_;pTAijN0W6#!L(>Kk-iAKBk8FEhwbw2iZEM+bEGi0yE~g
zM);icpgVa7UIDQdTpq8p%M$Epv$n`JCVsHrtjhw?|Hf(d!i^>;+;fDs`m&X)I)s<u
z;5M1EnkbDQkXwWYw7qcW{<s<Z<SP8F*Bg3yxI6>@#$8TJFL_J3{SA+gb6SkG#8;8h
zGukg}iH{t}7+XojvbLz|ZEIc@ZE3fmya&H2QWSD?YBmN2O7NF*XO;P?ZQH;XTYPAb
zwmjE`8IvNAT@`>FE^RN2Sh3m-8C-dh!u`ps?<pg_AlU<tMO$`pNo086aJyXc#7D;Y
z8c7Cujor#Xkwn|^ptd2`_cjRoj7SbK`qqeI-yf}}^+mBx+sfw*o1bC{Cf5$g<g`#z
za)bwDD2T|2e)F`wOd-f)!UOE4wYs@5c(vnYW1{Pc)clHTHQy{H*^oGZ?0W@s3CgBD
zJ+Vs6$``|oH6Gb%c@YCo6y32IoZ|F%XBr-L>4PVT-G;Z7V8yqyARs3Rn4JF(>rLt0
z83ho?{>nC<V4AqMg2Q5EeDb{YD&K}}gvd+KQa0Q5T-cpY1wK{=s>wcla-Fg1zsIVs
z`OeY<BC<h-1GP3Z+T;+|b5wGejx7WX9#|zpU#>M;a6>4K>M6nH%z*o78%LxLN=J^O
zl1u)`t)ZBNkP`3i=KKF-6zP0)$MbOms2!mWF_g0|(=i)04D*~CHIt`{cP^dS3^B6$
zS%TY7GT}aC=IVGD<J*sFremYMh&4pZPngQo{h}B@D-HQXuRR6AwJLI$uB|m3(CpQv
z1iCz=yW9q$XT<IhUCpeOV2;D#oai>vMV;VF)r=cp%q0QFAlnJ+Y)km?IQK$EMH&Y*
z@B(v&VdTYrC{XT*Gm;MAW8c_}6WL$n47(R=)_XX&{RD|K-OL}leYoLFEda`&Q>0s<
zL-}(6%EKtveggZANv-w?1?BZWl&H{fn;!+`BTrCioqw}(C^0@5U^az@+c`u4lz(ay
zMr#@=0J;^%B|3}_<zYY@r9dBA<yGc$K%ZMWEhODIQGfH41&~J^DzLwYhU5b5Knn5`
zet#93@Rmc>emxI!{HJR`Ckxd5vhi_7F$~dq0#eh(gr01c_xeu@0Dl4=*A_)a9$4JS
zlbbgOe#FtM9g^V)DB}foy|m7j{>483-}90{|4Kk>Xk)A<g&NSR2_-VL(K7;GH<)Z0
zNcH|pEtYb?{Cpr!DMSxtN`R3nf0r78&fNcHQkT^Vqug!JNT=DmsYIu;jncJ0T`X5I
zfs5Dc^oP+}8+zUq6j=@wAmM0>j*O0W^0ZSgrG2R|?KYXMcP1q=V53A|3kImvIz9zg
z?BFNa+x=V?=ikCD&_bhIn1$F~FThHPkDtBiOMO6XK6Lz<W|;8TdtzW|0O6jw6JY04
zc<*;9-kr|m(y3R1B{zfTywCd`27G^8Ss=SMwn_1jc|znzjQe+9^h&U4+It88;bG%|
zOWxi{-CzQ(XQSct$)32>5{?bUQCbdEE>--*fyTAByP9hyIKuvB9H&%(<@^kz{3HR{
zx!RkuvL~CMh)U}Fd>_uh%-%lcddNarP=zTOF`h8+9Q%3sfs!VnKahCkS{RDYaSt?R
z>dj}Ab3$doM+(5L<b>zP5^^8zh`(aif19pX`OPCq%nqT{;1-?w_5!{ft!UOMc5<bc
z4s|f4Uugc`RkuIvxf7>CBhoow=cCzoHFw`)9?>KXp}Hr&UL2tMv3{v0Mb|qI2ENz`
z6EZ#R*zH<XPFYE7zQ`RVS8rc}aOf@hx4ru08EKIq50aO>-}KemW85&H*xOd&$5AnM
zo@<fRT$2h(F(=n>945q`n5ObUBFr*zakPJYjb<^w4KJu2V!Z(oKXe{y-z&8n5+j_K
z75CJ%HuVU4eCLKnGf^+q4)sj5o~)4Z_U@nM^=fflDKvZ0x$yp8oYks68<6U)KgoCP
zy1>Ra?Q67J{z9k9T9qNV#4CI~bIp<;CYqajE77x6N%))ZRfVIzes@2u_gkGTw}~GM
zzn^uM3UyH+1}e2bXCfmg2x0b;#&`AjlIbHAK>TbG(O=y(ERb_!eXi*oN&HObHJwwo
zxAD^QIqzvM+SMO*$2y${#|<PZ<2G;MDFXT-x-q2<H)wjymApK6>PPC0siVg07t9H2
zOTUzIUtb`raA<w+u)ZLxnBSLX+TBjq{jhsCri|LDzzaH%<#05^u^jm|B3fw9IyRry
zkX~6?Ilx$~ewVp>w;7&$OAW&AGE;7aA<T{^e!iO#1;4%sSIT&*^TFFwuGo0+fM^f%
zi-3xG36rkr)90XLm74I^iud#be7zr4sT%THaDc2Kyw;sCo6k1#ZUxU84GnpBJm(ml
zdUD?EagZb9{26(+E*aUvtvy-ftsBj6;A)>ktsJ{0w-OeaLO#o!pDL<k+i<D!!1Y)s
zfaC6`=cx=r^A0Jg;+tB+yQy>vf7cT2?;jN76=$X!ug}y~HvULq(G3omZ~9T<v_6of
z9hEudv^k=F{C!l>w)yC}9mWDB3;)=KEeS*M?|zTwl1^rWiCyuOcc4KvoE8M`5YgqC
zssN3~f}l3}ed^~-q=d*uy%+SYLB+m-NWn0jyJZrqC@9p5K~*T`_>6xZ_uf<8iDgUZ
zi432%<KCWvC$P}@NZ)(1{^u7P1u7xi*iMRcZk7zE>|X^&G$P-=ea%_h5nJ{%J+XFF
zjD9t-Ui3wI+>k?6>@rl(^-{UQZSZKw=lU`g{<y9UH>^5Ykle8|1Iz{(bj#|h;`);E
z#?DMjgHLi5CZv!j)woBF52m6I9<9=7lmzsAhJYvV5Eo6!fjB6jw?QG4&Nb7fES)Z!
zS?HPf>!W+8T~`iU%J?f)e0{NTsu%S?DyhizI1NSIeD!$N*meH=(e?r;J6fX$>W-o-
zfyzX-!Y@m}N{PQjG}<k&`(F{2?OnTukx*LM*vY&xyoWKr{dllplm6s$v70{Rffw`?
zFF5k0RND`xT@Pxm-!u*La)d0t&_sKkw+XuE3GgSKmc)d{F^@Skir@bYg@qucOu&xC
zlO-eC91b5V(J>B#nf0d+<tkD<5cjHe{N3l}fvoWUgdN#b!E{1f_yf-I`C7R*`aJnR
z_?!ct>03<HTEz6!d({*)FJy`bSWE=9cc1i8b8b&nACMCk(P`%tV1o4n?u+k-O3vq*
zflx3)Sz}Tqnfb);v{b03xiphyaBo?FomvU^(?%j2eFU;nEVU$p;>b#2?32j|Ii!*M
zlDx#t$K#zfUtrt8tcU4Si7UR83~`8|ku6_&tA(!5{1fEpZ<^Qip4~OHd(Ql&uJ#S-
zl{bsJf)t>hDAR9;K*DMgf5Mig%bU^TZ|3w<K#7ErxQDh_3aH{GOs)E#|C8ATP<xT}
zvm|tG&jo@*)?BWisn?$@q-F|mr*=)I61wux0K(K*jRXXm1SsGIB3yP|wLCO72eSbj
zt5B#okEQ{%k^nx9<76F1mmaaeGjd0A?a;WmND1KLF7nt7bTU)`o}sZhbQ6*M&Bxlz
zz+0K(cRBr{aYEKy;2CVr8|eCporJaCSB>V!&!pbpH&-(axR%jQE7j_20)KGc7vtdy
zX9%M87Nqt7Q^wFwZ8*obAheZP0j-1o)2q1rD#!^#D7fQ~w#K`Y1*}T!PrgrT);n!5
zeEmqk?P7~AXl`LXz>h8URcn>f*H5E%?BSVXd!$>VG*+rBOSBM|jb2T?LdL3#QT}#8
z@`0F#(~s}bH3U0}AJ7LZ@)fYtTKsWIOjdi6KKn7-(9Q7NMO!CeP&HVY993OF@t1*n
z;j?t_H*q};9)6DyD<4Jzb<*xfa1@Jg-1d|E#|MRDlwa!E-JjwLa$`gChZ(}`y98VX
zGS(Fhhfnov=G&L<RLc*kxIW%)aL{3T&|b9$q>V-BM$L%(AGL9``8lGVt)Iz^ANWKv
zJ^EO*^^0OI5?J~*oas{zaZ)65hV*Nj`K5R`5cQZg(NgW?a>?Lghc?Z=^5COIKpYm(
zp!n{1+b8nQ1FtHj`fs9jZ$2OKdd_(zx$H3tFPz$SG9~myd+uD;p$cn*qW9kuAT1Y2
zGIwgXSK~7_x=Ubk|8M2buocl!u1(jrDmGr@vABwpInS;c4ztcaXXkxn#$04bo>I(*
z(f)2!QRE5jtmzlwCDXtBZg=D<r<m@Hj(0RECUl<Dd4bNy#=Ds)3|Sjow#JICC7Sl~
z?$Dj-Pc~Xq&bXg5SXf$C9G~sfJMVwOrRd=BdHK*RRZxQ~UGURmfq5?juZ@*=ql(<u
zDpT-X(D{guJQu<|+sk&`w)z0CAS>wuDWQ4_S@j+0KeYhsG&^n#1sS`Z6f;Nn>YnBS
zN2W}IA9|b!=3Ezqu^pS+(jPo-rF1ahSJfoSY~S7N7bF<&KN7f89j<3%wKGM9$PwwC
z+uLr^fEg0+GM*1=4<wBlUh71Uo87&%GzN+c2Y$yS(*;wXY`+F%G5Oh<m}~bBqWQS|
zbRDLT1W&bKNv^pC#+zGn8FQ1-vHeX(dDL&g*OKq(eDV!_#;>QgY*|SOHJSB6G$OX#
zYpSV_jN3!w?aeYwMR#*ZA`-+-CZw2E)40B>JTb^qNoSQ(eJZ0Oz9D_qHh#O4ZtOxG
zA$%xO(an_+*G}sVh9O+CdYU#Vle`upa%E3uO<Fdt+0I8!;u?G$6cw)tBx+04M6FNX
zzQ0%=qguf?T;KTaI25b69Nuu%KzLBu?5+~e)zF;l`?h!O$HR!2>ar$gf;qVKoL8l~
z3KcYd<m58@Vw?tE{rQDShX(#>^pP6_scN6s{8mstx6U|;#I%j}-tu&U+nG^ST87}*
zz=4u{9mj@ha&7Xl(z;$uTNZ^Q{W)9jeT(s-Y656EOOoP?bFuC88Zv*qLe?WYHKgn<
zzgm>)H15C35<UEZr&G81O!)A}r(DgozKWHlh?S_7lTOIJr&<W{b+tN=9WqY&x_Zj;
zrEq<GM^`e!_u<r!fLh{u(aU1lT;uj|jrm>h*~OX*=ONW~F!H~u5qHnh`MOE5OhLev
z5EpS>^wu;JdVairK7aN6-g#U3K61+^TD#d>$z{qy);Oam16}qhQt4*grt$D^ygbgp
z=PAx!`t}tu2-L2ueoDPMhBtQ`c<#`nR9m<hl6CU+$G%3%A}tW3Jf3o>{<afhK$^|l
z;Kk(@ZV7iMUYNj0XLX!p`+l8tyA-jVu4tZP3}cr^DDnx+^Hl$yO}RIsP8zq7Hf7^l
z>Lkd@@WXeKc?4|8&_W5w15T-B8sP^jn(5OEan_ecp3b?Prv-3eIj-tI{NGh#4Jm%J
z=Yr10K-PP>@A}^b>Z8#G2P0>Bn2RfG5HjyZAR3Zy--ahpKqMZ*xe!u$Dj95>HHEur
z!mm_L`vT+r#Wy8rRY&Z!Vx4wobe=kIvU(nGGQsCPj2Hea?w^C6li7x8Ky4?77&os+
z6Y2vx1v1XP_cE1IoysqkGOiz0L9lyAIw`uMWU1#q=tgHLGO6`pGI(#vh%Vr9-tpR&
zJda>;9z4lAKUiAL>a60B4{tY9OqU{-f`;Z;B{B*_j02b(^J;4Rr>Zgz5Z*O)i5Ew8
z{yVNQ)fN%JxB#SkIhJFHMffK!KofFER~oNvitA;SB!|vW$)PzI)YE-`Pj=b&{XLGE
zu^c>KK#>~OhIJhNQL%;BGX6UaTUeM~r=zL_SH@`zONj`}rj)+D8vJP?2jQTN0`!~)
zv^DPYa$O3#U3u*bj72@>-UtcD^7Z#d$KtC`;&$~{uiQ5`%$Do7?4nykU<p^}yDTvA
z+jlPNFV50jrH|_NK80n&<fO6v?Zl}Bty%S$&RX9SboTF_%VY(rL1a&h#QkzQ^V1nW
zF!JUqNDhbFC}0gAlSPM4N1M*)8=m1Y8#>sAa5Anw5?wqvW~!7Aj;%3}(Ea?)L;R~L
zQ3b7qfvfnz=DAH<D3F&ZMTOfYmk9-QQ0v@Op4D^g=HCz%%`+aulET}ee5NZT&0H7X
zKVU<;$M4a8;{=U-ouKpj@od4*$~j~hINBGDjc*r=?<4x`c*=@E_-tf2_uBgskM6*d
zU3A2e0P3;JM4^I^{@`PlsK>u28WepjBg7Rse|5}M=XKl|?|)TvhHo-=fgRwoIT^H@
z>hY@E@%G-;ytQ?#)IEt;$LITqfMP<J_)<T(#QQ4X%WvP*F&2^|>UsC|zFO+IZ8v_A
znvtb*Z9GIus@C~zs7`wr@_Gkhc?DS>+FEvOKSq4C`6MlOIX-51k(lmQ*H<Yf8^s?r
zHvO?JnGu((=It<CvV#&i)*ru&Ts1wA*9GTH+Q9_+j4r(#+1eybR9V<Shc!&d>Su63
z6Z|EJDykppC<;`|@UME)OSz?S_)CMhawT{?IqNWP);9lSYp6l+)X-;%A<4Nl^-DkP
zOP7elnWm3$-`bP46X3i;zCttiE{70jW8T{%qkm2lAa>CX6WBZgF<+QB_87i}E|7%6
z8oz54PFt|(Ty@JzGaUgkJ?7y(2_@U+r5#D7&3J~RLM2E~I*WwiG5*;a(x)roq%eVv
zLiv%XS(YKEI(9UB?1*;Y$=vl{Q)~0rSFlv)V>kDuu;&l>kX2ve9yn8t;5WMu3DX_T
zv@9!f#pP$XzYxE2tMuBFxRPSlfBfut{RrEDUHcJX^U9ZF`xFl&GX*WLOX<$&?H6H>
z!~;5yHss_bTHD7V>zpi6+EoF1@W&gtxx1<Bwf%Eie*}>7dVJ6GAFmSfl80Y81fMKS
z(e0hp<Bjoq_L`bgjgv*#Y+F0tomJ)H7~ZM~_HpJB0FEm}fpzc$se2pN)%FjCsE#Gx
zW~SOB<%BIJ2EOF8(eRm=cWWnQvnbpaV2Vu8rQau(9crn~6I2XP79{X2BISwA?#I)8
z^+o2EpCBRNAO@x9V=k7*sgl|@c{p#sIy+tBtk@NY;?uEAL*cU;ec{8F+92*uIoid*
zW+@sU7Q~B_=efNi1Y3~J`};qh7FI!@HR6CGQ7)rk_#xW2<A9Zc>V=UOUOss=DO~}W
zmK|+T251t#02h$@$uHk9qh*M|f<Txs`DExOclx)27oZ2^KS_5FBbvnQKv}9(vL5IW
z1~VY}ERB+q7}1=}NuVnxOLE+3@^!=?=&|x6z8Ey)5kv)a#hQ8p`<JQamkbP2L6GU2
zXtaAx9;&Hhw=A}Xm|h}}Dp1S)yXWzDHvM|1sD-Z|%^pglKL|9yfO5FmX*V}FmlKV{
z_qgW&8wW5_36*FKz^CY1AN=&*ETIbeww)iXdzl|lDY(SPuiy2g3iG)Y{y!x7$e+MF
z;gUB)c0Jrzaz79s&eV51glX;vJqF8TeF&p$P;Pde6K!TRPI{`nWF}_7hI|D1uJf0y
zRdRJPN6o4DP<vR}$L({s`K+ykoHSa`a=|QPv-0%%u)=<$wNJ=9X`1E@C2J}^z$qGc
zV1k%lRyr^puTbV=NjvHMj-kn`)`yivY8;o{ufPTZq&wuxZgAF5y}fEWM&1WwY);*a
zbu8hx`U<$#k#wkvm2520^uXfXPu!R6k{vwG;d6!~s$QZ3&!?_FogM;t2+_lr+RgNi
z{H^I3oXU(*zMKyRd~7{FPL43A7s#|PU288TPqi!sA%vKq2;)ua`BdxOf%7>Tf*`SA
z;i@viHNq6uy3q6Wt2{xZ_<)TUgwJbiF9#wd?*OxCu0M_|{)>lcF>A}zb9OyIJsG+g
zOdm2{jEFcKSLiUPD$TOUP&5Cr3;1~>UKm8GAE3DIq6@BMxHVWJ3VlcK7!+ot&QH?l
zo)SPrJ(OVL?hjTpGZPuPfbX49McC|0HX!lERu$ZoJMBdm;ADdIds9>EokeVeN|f)}
zFlv}41YI@tJaotF5dLHFe>J4)$w(%j)fp)@801weOheYEPJ`*kX%!o;hZ^U+nhEyL
zs3HphT8hOKFa+}XE}9y2hB&$y3s1S_iFY<7g1<Upw^r!@E+D6<LLL2vh=?DsnA{w)
zo2SzR3mx>+aO4%FVyqw{hLU+Kc?j26!!P~YGI#w4%DpZ>GQZE-eKk#NH?7iFUog~e
zFUA*{)4|q0wRJvcvf5CTFfuGq7Adys*tsKgUyR-toDM|$Mg$`5cJo2x%G{3^LoDiv
z)qoQT5q4V=2H?cSP$M}?tLU?YCHg(l=C|zhH45yYMYt;KH1M%6oD%T@2d<W|r4O67
zT#5%?9_=ly$?Q$F4Tn%pUr53#{8Ozc``^$wV6!aiiNUI5!Z)0gPO9PVDF)3jD5;0(
z=jwS@5c`6V2oFOf0V<IkeWm{~^4OvbXI)0pTta?sLDd19L0(ke=&g-9?YF*m{0TCd
zTv9@L61riL9*c81%h;nQHU8s5vWD+yqH&nnNF{@P8FzQi@gB@yc$I%-TyfX+)cqW}
z+LcxYQmjwkyQ;;Ex}Lw34g?FM>SbA54YQAdvn~C?iL?fSO;W&D8c0XG(DzFfgqc{G
ziNxoyvb8@q4PC~xASO0kj9+#$CoYC-@;T3v8!N)}*ER^iEOqm<M_iufB^LM*k<w)o
zCNpt_Z>s0={O8P!Dyx%DgUi=v&qYg{?6_J_KQ_|p1w8NAjaY7udjdFIMKS<L;9$do
z1OEy4uf#l$W4VAMNk108Hd&c?P>3yS2I^%P#J1)?K0`(@uQntTlHJa8K^X6SVGuVs
z6a&7l2o6aRdON$5$-*^weJ)PSXCq0%#16C1_HXC^u$`EmxG8UR;U;&TCp{i(5^!jm
zA}d-xyu?St*J`4;qlAzj>#4F>I`24f1xb!~^6#F`d`h(0ve0FLT;!?l@gC8=nqZvF
z=aQP&8~Xl<KjRCjPuP_BUT86a&6QQ!Ey9j4unZYtox0)!Ia<5(PGcoDcj3|x*!zhS
z%RG6Ma}1_w9<*bK8>Xt@y7L}bZ*Ks!Nm56ObV*g%da6y+iE#p__Q15nRF}aKTf@Hl
z9P%a>So?n-=Z4c0l$HO)7d1)%%!g`!78CwsA+Z4*64%|8gT_CsDC)A%+d$746`@Ke
zx=c+q&_F*H;F@fH*dhA4J#D}p(^{$EWkaJl1t3GFP6_e2slED{aLQx{_Dhk2P7)~^
zC*=ZE$Qs7cgr0$l1Kv}+u0#p#B){Jfz+JIzaRz9#SAcTIiu7JEqgh;F3#?!+kk)N4
zv`P_Qunq3vY;n6FiS78v$O!3|Z$*-leff9MdV!<$0Xzr+jqtO9*p17B&=08pA5WY8
zA3h72S@ItoY&C<n4?@zY(9?px;5L*%)!I{oKv>$T9YbC5y5l)xoVUi*rQLGP|H()K
zvki7fss2ZLwQA2JXlX<na<<=#<k6!KSPnVhi}Aevf|Vrf_~vb<{Pb;CB`LJ|CzRt<
z6Tp@(n>)hx2P#nB8u{0FB9pXvcQ>&sPUERGmfkoUnfK^~$x4i}J+>a1uwixqY5?D}
z6!#HW&`oi<eIvblK=_{Re=+ygQBl3`+bAGNNr`|;iU>$5-5{b!gOuc`bPOrY5Ee*E
zcL>rY&5#1p-7&yO!ywHNL!AwNV*LJMoj=~Q&ijvxwVgfl>}T(N$8}%#b^kIalBQ8t
zgt^LlP9yE-l`A&qlRj26TV&xH<SVU=>l{5jjWq-zUKH=DLEiV?FEbc*%#yrl1jHo3
z>xy5#Z_%gDQGReeC;3)FcpwwLtU0XTIU};?@io-RBqK9KQTrNLQ>rQ;p3mbeXQF|e
zm+<`k<rfyCAA!nlsyjAYh0ozJ93Hj3oXApC2vO>#IW>smTMTc?&1NS}5VVbEUpC~F
z)GN`bSo@Yl<ML~O=M2}#q-MP$!j;FysuIY8%XMd&AWu*GVg;U<c2_^&pYc$M^H}7V
zfEFqno)1ww3`ANCenYuU0C4-Sne-Y(A+y?RLR%OUWfrB~b*S4=msK9O^LHf1aFjcA
zVUEyb%w}4*<s?gRCUW*}1ABrXI9k*e#01otMkU||mC9axvsiA6BvuPSLr*(fhD@<<
z)g2CYIdo){E@Z@bv#i5hK0^=<OjIB~HHk{AO2otwzYw{e!z+27yUDH&RD->HHkE6%
zTZc83mK-qAy?U1cq>H=3Cr5M8on8LAV{7*|9eQ4bp30=bMs;wHyr2^W&$iH<k>4+h
zlwvD!gNK>+2kS#CuJ=bJKDlU^$Bqhnag+qM74)fXHkY?~7KPqEacYkQBxRmmV2r&f
zLON&1W(vlDqQHVT$nD8Rx)Qx`_#4hbyl4x71zL(acbi|7s|v!m`<-*=`zzEi?FWHs
zM6$=PI}usRF|Sx?xYb!yBEPUCF<umfJm=TmEs$89vBGIkv=b&VeVs-mk__6Q8r3C3
zr(nhUt+tEieV)0!^GFEdxN}+(nsIN*k6vGkl}^C3>XDbjTJX*X?!7nrIRUw%8>r2<
z&3_?UlI<)18=OS}offL&#3_*{NSA4gE`!c=IJc0hI7lCVD<?dHN|31YY|8(X4rv*y
zi9K_oPKW}F!RiT}c<y!7V=;n*qRRH~%vdZ(v;eAg&E;C)BhgQQ=1i&s4)6rte6Y2)
zv+Obxc7Y*DoE;jiO8)!|_|yKdcZ=m?hA~;*$m}=2#?=tVw5%!TQ-wS2JIA^dq+ixG
z+6pVS7efjBS+pe>fjU~m83>RBy(m0Ju}4$I^XGd#^4k9CpmTIsM4)|jveK5j;e6e8
z;hQZDdr`w#R+A?HShZ=1vLV!wyZb5duvK-Iu6|n*3k##Q-PFgSpDW>Kj*X8fXmRQH
zgBj8<il8U!w%##y`%{mVh23IlJb+G^X5u7vml$%lM+}=d@7D~BwHa+Z+Cbh^V`W5x
zOfH2@&E+EiVuhrSzxJ^<ViV{eb;Q4)82%$Wbl%<cyGb^caK&kI=1qc$gl%?=ZQ*-R
zk?>4b5(xN5k$}mz{?!I8V3R5?Hfd$ZrJ)Hd1preMO#~ar7Vb)>HVEP%CYV~VLU-aq
zOJTCr_7wp*OT?j^pMsQIvLScN$VpV=KS3&7`aR8~nYi@D_nSfE%%&9S0VBg^%e_e%
z>RBNrW<`b$#|46v@l~i_)0LpvQPz>=XilZHGY}+4uS9<rx=BUS`9qGXOY-cfPufGX
zUopw^3ys^4+457%oUI8zO45q=y?eyf_tgl%W(uCeeFhyxA~p)I=R02Q)veNbfTrB9
zWiIr)D16!&AH|WGYF&t760R&zduBhY>oTOESlI`gOwd=780eEW1ZAF5mB6L<V~f7!
zZh;)%19T0O>wrlP+uIa5oNR*|X!r5ZxNfBa?~~QLkjU27$^~c^eT)jA*HFL;M4jfM
zBffcHPoHdWr<O<45*dY3GL`p{>n=X|pz~LExBxAdvn#r<LkgwDkUt2HBt<u^gN`!S
ziU3I3>uF)l8M999iu-EAxz`+mw^}|OHFY@fRLvBj05Ic@tjE87v5NxWPzff<hE1vu
zjM4_Qvw03U(u8=hnut62ncUmOt4B6|_-<yS(Xk(yH08)&k8wSlPjo)3km283&Zzxx
zf6w5!pPl%N2m2dki-RXCbo=Y~>r$9JQe*3sG1Z_A&7Wv|#V)Y9b`-ao?7;yDfR1#I
zC)XUhz>*enAw{u{Q5-K^)AbMM@k_=GJ=y^<jO+AZP5bcKs4M2IWu@);yM=co5}(ad
z^zVyqjB83C2cfiqPKDLF7=59m>$lF5UZu?i{Rb8mTLf@OmU=*{=2^)}hrKyj<zg<R
zp+`NfPlXq@(oF!wMz4xs7QuUV?FV8R#44siM?qS6l+Av(k3T>9!&oo7*bm5_eValN
z_g>_2%o(4GN6d@s1hLm~;RVbs%trNR>Gx$edHia53w!Y`s0Ld{V%B51!+I0|Uc&c}
zg|?na(uF)#qeIar@fD@3mRjxAAImykuR|QS*S%xB+a+AqTRx9@G=c8$U9fU>u>l93
zO{Pg!>~-p{Q)(LQgzx@uaxNMp2Wjdj@p3J!J=xh@#Dz<$XX=+A$v*;3>_cXTTwNR9
zsdnt@=coG-7V0b=W)i2XS~&0Xrt2gdRJanwG*J*Y5Yz%_3H6dj1%;pDOWx+*rP2o-
zVyCln*JvP|C*`8gcfy*oo|IdSDTfH1eA6QF%7Yab#)_+W)&HW}=|i4Ja&M}0t8>M_
zaCLrseshes)e}Squ{N1y`{A+a{c>F$@_a<cEHp-N#ys+2x(fTv99XL1VNXQwQT8%3
zfM4c_opzV*Y_}yW2A*%z^Q^wbFOe<c-Wtq#i3tY_x%1GgytM8xe-pC0AK-f3%+gH0
ze(%SS#>;UVTX}~fH$FjaP=!&of-$*>Y(z$0D3e?^C(t8ms?h&9fI-|;y~#?i@30!R
z(H43T)>eMdbFW8YFa?gk-fUt5bD=n45AFvH4-rnMu2k8qSeL+?<TKOeGhE_GUS<0G
zEJW10hkO}EAFoCI1(Y_GxIG}nx`X9bTfi9l@WYG2Ojln(Xy^WG)+Z?~RzpB9>t$nM
zYhLvK214;9^H1MVO}vcv34%A1w&zT{C)}>LH&4chd=#r~-6>o80RT@e09WhAa@z!2
z%sw1>0rGGPMxY1dLO}35cOrydGLFAcy~tTKEkQf?1`80!C(@gtv&+<h_?*9dN|6!`
zAesa4rhwgfYqSv1QXWVZGNThZ&|~{VU@7)qi5F69e-*l=lrGq1!w$SUXy*oy17UJ+
z=<j;}?=&U*KCt3=T^r^L>fzt#+G9PTBF(+>hkSNw1vYA9#3%v3@<Ljh;FX=`ojc1z
zms&f2v+LL%r>?M*TE^cXjVd0OL5JM_uh$@{K<lscoBE&F=aDKvRr-I|Ac-`*_(+Z8
zbVSY?heID;7&J66JC6d9XQ8!<dGimQ@g^Jxbtw*!N5(ReVFv>K!%AsBcpzzX`njrv
zul|3CkmMIi?I8?6E5|^K<@JtCaqa;IzNe{*SU@xVwCPuXd%j6)kVI7;=)Eak?0?mw
z?f#M&g^j-~*$`V-j=;Mz0TcY{AMYaFH+1&lltq=-cPrn3^3{u%W2};c-br!dmC5}r
zR^sv}DZQi;=)ESS_7NTpk(%`OgfV{UU>xm_QWDiNKVP(w#Vjsx%^9oGIE~4LJ8X93
zw>IBpmqR^Db-hqw`k(vm@u39%W9NGx_4!QV`SQIC1#BjnY7SPo$a`;bUm+HgIy*aX
zF*y-l?#QzOMexdcYcnfBzxEebW04tX#yYKPK%KT}cX~y=!vO6oMwo3wU3Y`?mp6zh
zxlBVowR-0*pXiG1-6aEIg~Ena%A+;-88a2=jqf$F!&I$x0oxgl7z1H#FZaH>!5kx&
zTc~y0&Ivg6T|foT*1~1$5h&^c1);5+=GZLMW08!v^R3<S<9BGaxVt!K!K?e4)5~oY
z)3*St(AyLFTSV-(k~fv4*Wz6-4g|XhT|+0?lL9YFTQe*2a*|Knbm^QGuHM@(_Uzwe
zW!pw%<<LXCnac;~gFIS}1(0j;9)m)A{Ch_ehB0!Zx=1n}+=NfuPhn?@uWcqbE5yI{
ziLb^Vjf(CJiqBasvr8zgB^vjH*K&C_P<gKPZF*sovKB~95dQZP0_08<r2l()`oGB<
z(xE(`sIV@|q*v)3Bd>|C4mTA?sE9nOcbj@C>@{vTQLZQGwik0iP3Rw%mCS)l&nKlU
zI<I)tkaC_VcJi}CYki6P1?xqvlj_X%?FCUWv!_b2SMuPTA|Nu`HO_;DmAL(HF2KJ;
z#4lCQ`NDIqAE;lp$q^Y{8@8Xy%M?^L%b9;F6oNZK3S#@oDTlzy^-VG=OJK<OWJ?6&
zsfV7YPSSjUINuD@!^~m=ox3T11<wLl?BvE~_9uDo1>ZRy<j2*sH=5+GhkpFkXKqti
zM^6vqHyg9+i}{r>w-rnQH$u&Hyl(L8Z5!p<JJCI!?)4-yC;T7e&q99Ie8_o)B-{za
zjp^!a^VW351=V$(UzDb={#8yi9x0-a2$ej0fg%z5+7GVvaRtQDIztR<It@W54zuIx
zp+%o*U4F57c;}>)0p9%Vpk+A-5R%x0pRL2cs=!ZmCtHjpfB<MASdg0V6red@*46>B
z52a|hx2=MAp9HkzK{QHarT^~2dgVDsE}V$o=JPv}<EIMw;Nm+sOWkqiHq8;A-f|Bd
zh+hd4h{Km7eoX#QUHWEtw+U?xdz?~9jdaAllu*vFH+7<gETI)hl4-#&yZb%&%JBA)
zMuAxxOQ@PXi&p$3^>F_CE-4mEwAECP4{ojlG&t%@ZM9#2X{&_;J$se(N=Xvx!|PIT
zQOB~xtt2wePnGf;BVeV=+@UXx@s6RC42i}XiG15Re7_DcwD05eFE6r(#4-ErSI6bv
zohI94Yhl@zkuQ(^nzpm+P!m8V@Znq=Bu9VPYbx5Wz)$#|8B~ZZ#5bWFQRP>=X3ln9
zUrsJwXfSbJ0VtXztUUtjg=s53H)m(qt1G0su|01=;BQ`#<|R$1D%ewc!yX}LF$hJC
z>IwGc`q=42zJ{AlXPxPm_pt08D6XvK#(Nj>3Sv*nrz#QP@#|>*t=WSCsF}gNaNAKx
z`c9w%Z7AfFa*A8VG;<-n#EXwhCzib!oA**R7|6e`5{t;sSX<X)eX)5Zf<~ac85pu+
z*`cnI|2dc*%%LBq3c5iGMuun4*xzTU@S4*YeIjcvZNcUfpfo7mMjTgqzrNok*uZg@
zmhfReC{Bk;(>+LMKSdKWtO8F#594EgpzZmG`iH4hPMJ{VBU-JxhK{&fSVyFn$;#ht
z&9tk3Whur3!GsHy4G=l56!D^a+aby9RpxVUCHv)Li_tKz=Yv>`hHw5WrLx$^U-C*Z
z>WFH=Od<NY)WUqZnv)vSQJdhZB<joh<A{NN=lZYQN?4IgG()0!U*r-jYFCm*K1=8u
z!NN;`b{sjH`f|JV22w}u^Fkq{5f`}=hk_&M(UNHLf)nZM6}^MQ6DO7gB`qA8_RY_H
zbeac&iTHOulmDRtci!!iM;_;x*#22!zoN_g=-Di$F|xLa%#VH)@yG(%@l^6~7P_<3
z)euAPd9Dah2}V@}*jgz3T~iRFIXW?Y(f1T$D1LJ-sced$+sE5@JWsjlG&(WA7%X_(
zq<dwEp!jK}*inYLuT+%}w{IYvm^7ZFDm=(lnjAvElf$R>oTBArfGC|+xX01sxd%OR
zD*5^k<0O!6ltuOK+s1-&CB~wCG1&29`e$<CEv}MxyfTd^NBnG4-pAe$)gGe@-aPMz
z6j8?#+=azQy@n$kA5a*z)Jhl>5yD=eHZw^>x8UJrG8n$97nl77b40i1l!S)WEK%aQ
z@@)Z)3w}??Egp@(sjybTZ;u#N`LXI>7g#dKJ1`!8eb2saQQ_2KSyzI{`f=?Ikg;L{
zfh6X$4C|foP8ONz{XN8FIS|t88N(r{&fyO7jANUcD2ErQrx?E1aICd$d1%sds~N+(
z+Z;Y_z&J+P10{C8JiUR(kP5_}<G6pvgcs2vDTfp$nc|Z_0LfIJmn3N1N*}3<GT{S?
zKe&26SZ~GAU{DOKMqq`F8tCOm3;<c&|2F~!{=x?O4Y1V*{^&sf7IfwR#DXqLq5sIX
zHkePlP{xVBFn$Jf1?m2AEdb%^2I+KGU~L7L=WFD&OfogqOftIW5yQ`mj;6F}=tjq|
z6D8E_efw0~li?8p<Op9Ei4-AP=uL`8l^y?IR9h)i(FN>gu{71Bf~fmXy5FHD&3Z?d
zndI$p(*7#AHoe&1Z0@l5B;|HdZMC9V0Tf)#=zMPH-8g;fYdYawTf}kPL&N{Xui{7p
zCI;bKj4iSXatPYweL&0Yq_49N3M?Ax=kFO5exo>fC-q-dIybf}E>t=XGmnndTmm_C
z%bfx;SQ+MgZjjcd?r^B~8kY>8r$*(TKS#o}j?)sYX0#ly-KwNn(+znjy%hgdDaVLQ
z^E?9~_{ku7axN@uBzyV=TcOX*2^Hi0Vn#oGmXeL;CEScPXHuw1RC{}k9{1NgpZ*AM
z*tx8v;HltkPOm4@=W!@+b$FpON|Sg*EBI04^BV49K3)<f=6P+ly*#`-ZNtL#E=K8x
z^QW@QGDhRA709Aci{tY{q3wD_N5>w)`l}Vrs27OD!;{HQxdRd%Z71b+_lZ&N+d~z-
z^-kQTC;fGcx9`S#wClo9pGGAoUED=sYm?=nijepDEJZ^F+J-~*$_B@59r1Bq+Hqd8
zhz7~Ib9y-Lmxjv06VWDNJV42&(8v5H%V4FR<My|G12UwALLT)K#Im($OFqym>^l|+
zw1_EI7{fKIvW*Ih=i0^x@eZ-20XFD$I`{4<DHN*zoGge1?2cu|_COKe=GmMjb=yeF
zOwsDOQ{dqVtn+^I4+NY=+*DpyF?zesf(Kv6Mcw+#{PAdGMQ`D*^c?;~Lm?wieU|l8
zxv}m85rPTwJ8O$<czLT%h>~ZeruFc!dbnocF68{F9gXkni{+|Ta*K;(Lj6@ih%XjM
zvZ4V_CHre|PM|4|uwt3U`pLV^fTuTNfbRTO&GpB}9Hv+7Y>)&$;86j6JPY)W5dq29
z{Fq?wl3yV2&(gCS*33Mp`lB99UjO+Si$jjbOn%t9rbt7%-uU6VJ9KGDuPc8k{)uG$
zi+Kr)>ka+lKLeXJ-@g~B^4k5dKO4wvNV=+hzQ@j}<MDAnW`RFUGsObp)YpHiQFq??
zu(aZ`3G!9Tr3{~lF%%FGIdOd`g*gxns}*P?K5CoRFkb1X$T`GY6+H_z7?hAc?yL6c
zcL`W++{zEfQ!g>J%wnCj>rsc3f5Fj;f7_+uGx2(N{S%X%&dSYdZS!r~+X~MxbvpTn
z2-BW#O2XDgVt%Y8gOMUVh;n+76sDq__8)tqc>?D+#-ka3YC)+kaxp04yrZMiW{|JT
zSd~n!VyRn~RbiE$feN0^+Xmj@E8e*m=zgwqkNM8|p=p$i@v9_&E~q6JE(C)0L*oD?
zsoRH3@y@o;*CXBuUvD*2RjvwZg*ygJgw`r2;7Hd67FVp(>V<t?IIs*C?{4^vXMCxB
z_m8HZ7c(3z{RO|FD1|k=|4hRJ);xTsGl1m_K3BVT<Tr>6O%#z_ptFTZnhuD<?rfST
z%zWu$EPit@KSP;u?<i*IK6uVbZ})TEjqpSiP#CXLI<4Bbnrsr{qZ>POx);<E4>dFb
zL(ir670exGMvI2{j@i~XlRl^29e(FcPS&n_Q4U6qWt>ZTxX_u&YA!=gsG^w!uE)F8
zO<~CXy#76v`6Wgp(_0_wR~}5U-*K)-dVQ~Y7*ZkMF5NU3#((`&Pe{Ropw8D<-V%!W
z;N4`x!{*<|!y}8uoSZH0xZ>+&xNMp$oHMLrxvp0!aY{06U<OI4p7pfVoKE)6YESoe
zB=<};SV+4o6Ef9eFj~It0zT9v(eWmTkgz;$v;-(nb;*&gdJKVGa8%}9gttcHxuU^l
z+LI{9)6l-rN{d}um-Or9vjmeB2EllU)r3#k_3z+BmFkIZ@l%jd_6<%@CNe<xozN++
ziBiH6)7rAG)tD)_B}aXc+Nl^pXtPsDiyQ5>h`|B#Co2QbvB3i|-YCMN0=fsyk6M@E
zoM-3$Qqfo$_@p|@)%jpDhR$k-AZlMHEQw7CqY+)KLc4WGn7-8~zH@7ROvd$Vhb{~S
z49J8>J{SYn@?PG2Y=^uf^lLZh3Au{jmpiJ$n5RikPHCGvfq7|7*#1i(PxzPxCG|PS
zq`8;c(-%0HSTYn^al&Yz&*v}<Ovby<;?em@1X$SqZ23HnXv7|dyTGYWKl7nCR8U~!
zk!rp$SwiaolzIxB8pL3M2I%;*;gK@re(UT;mu?9HPQCSL@Uji<FMq8`${?ljDk|>o
zKL8TY34l+^!1MO&Ei@09%OK^G-NeR=uH3?Nok7YNTaFjascSq+<-?rIWRamf(Kl|f
zJSefQ$!P!J7f1sQtl_waR$G_)4gx;;8dmxwdE+2u{C$B8-BEzIn>^YU`S|EveB{U2
zdV~c%r^EawMk+W<TA@~UQDch@hCI5j_i2#o!uHP#B@?z!Yln~dm-XF~I!wWeMB7Q=
z_wHf+&}J_1Sb79mcOQWD$z2<x@GqWcZqJQkKhgFL$6H`{02%$&u2s}vX|Yt7Q@>*_
zxa(_46yK`f3jJ!&_PV}8B49=GlS*kwmq1LJk+PoTCtfF@D4K|saqU74;EaFm`@w|a
zLZSL7L~`wFSYAv+9VxcILvm!02(>SxV7tkb>y6cjo`9txc`_?)8G4<yNc(OJqFkZn
zGSgw%)Lg6#LQ-Cq0Dafk_Ifz^syBH0-QfBrDby6&-c3CUdaCV%S9oJZ``Yk9qxK=&
z+rEdIEK|udAvr{_7foO-q_N4&Hnyi=J1Qz*OA|ZAC^uw{cIoAU`|%^%I-7nFB{)|?
zY4>3{JwJ&4ogD}@wP%DnNz>xB5g!_#D>GuF4(iJa{XUVE-ywfG!%rC#XGQafUTrzu
ziz9HCTZ~dKp~4Mj$Rf}s<j5aYo^-r@#-GNAg;y3YwTks4pvXT6ZfW4^ilDgguc3vM
zadrbA73RqqGzwn6qpwG{Q(&hda4_#6D4Dg7GmFP3t;@;7kBnJ<k~1`!G$kBm6E)Ni
z5ZYEZrMr~V&*;m7t4pkTZH^1KVV>5FjTHj*NPVL~fVE3I*ZojVN8RUIidm-iQ=v$x
zempX9AHsRq%Pl7iAM<uTmmdI><svmx-(X5l*S|Tqzb5@2^_)a0FVvOD#$u4FiACyt
z5%IX!C~TjIDpLe;U_bd28c<UI<D=~qs>Tn+sz}W`_K~w=smX<$e5BGM0!(<r0!28f
z#M76p8uepB;7kZ|V<04t1d`-Ac27A$ZH?kUOul5a-tiM}bpGUCl1jKB)yGW`k2?^e
zo8DkG@KN=5_wT2VC%(dhPdY20SV^DbAfe5LN7~~$scobvkx-odnQZ3p=?9XO3Il3Z
zZR!dPGP+7Hlg4FQQ@s}f?y^&q-@^|Nt$%u+G?|rzKAvKjgUR;WsLlvV9oe`m6-{RE
zw(~7*0n<O~O(lHqtqLb;`}mhSXYO)Zisx-}vz7ucL4wr%D>9^v`#E)|g7j(3aZFON
z65<_B$6<X@fqY;)oVQdC`o7spxmNGe55i2<hk_C~;ZT@Bna+_h1%qOW=VE-`X67`-
zoOMcV)K`+Rs&vCE_K31cVKCu4xlt~;q^ff+H9DZc@)&qw88<*_bmtOb6j>8g9Ti`+
z`IRbfen^q?cgGV2bh$D~n|MhJwqLWmQ_5kzw-}<Tou^0IfDd0#CRoD-!1E5^!abK1
zC8PamyVhH>!=iN(zFh(-LTzcC2ueADGc`x~!H}+paz3nG!b!$N`pZ>)BSHzG>uk>l
z&XWh|vGDj}q%5#5L<4p=Z@BH*+I%M|3)Fw}zCEnw2O;Srb3Ds9i4XS?>S23I^=lI!
zv-i^rAH+_+Aymckt&|*KwtiK!c(*r;ay3DGOf;tPrapCe75Jm%L@Uy!OyyWDVLW>q
zH=*+7{Bq5!UN)(fQ@`fVp^t^G#Y^jLd1%wiwUIAU@>328n-X-|k9Aihs}+6W=v#eB
zT)(?-K&}qm(tij2A$)Ko2owo&IaT8^)YeUO&n=&gaK?J`V_SdudK+sbA%oq2(k71W
zomL`gq_IS;X?V68&~+CM81wLK3RT&253*d*vl1uFl{XLbu~0P`vo1A$PA}gW#!BVk
z;K3b50)xFN!8a=U-vFJu8B`2XkzV+5=&4x?VA}&qGg;7VyF9m)59{f5o_|Xhn1JdZ
zgVYT(B^5N=9%<-<p@zC=jOHltfKmuhlZgLI)A*9p#9D`enYO3Uj`jnjtjfTtiTnUT
z@Smlqx&xkVHRdxunjKe71WpyQa+m(QCIJ}NJ;1XKa^E5Ur$HY$CIp;nKe~6>i~Rc=
zrB-p|$r)_irHvc=o@nJeC)oa9?04*Nn$BfXjo0uMQ~31?8!T6^lJlO{Be7${xV~3A
zN?dLT5K4Ap0LtSCP-)1^l=UYYA|}%Zr8cBc_ahh|wtv1d`Q-g{pUDTg+~P7ar-ea|
zM%~*uc%<7s*_Uc^q@1eN7!MuO0N?xR*Rgom+1RK!>+~6Mm{oLOckQcFxoWH*<M!mn
zBb^j!XL<F*2MG2P$9~H#k2-5riCkLkIy+FKt0y8(*&L$W82i?3)yOFrW;}meugV(|
z!d%G*e%cd8bu5Aj#~_PTcWQd|_|%$!Hq(8!zL{EEPaLxD*-8<lO`pEjsbD8&sqgNQ
z30*@ro1&(`$+Pyd<>X^c0?{wID%hX*EL`V5*rG{mT@x{T>x?W{sZKr-y$E(RbN~bX
zx<y;2)wY~VObi)tp*16`9jI7k-fXgmPm0PEV0*UmrKy69q;g)b?}lz#)BBkQPN~?|
z>l6&u^U5MD@H3?F_|lqgjNOBr9YT@X?Lk3<Od@R!bAJK`wFEBM$L^7*c2mm&d3JD=
z>4bB48Cftw)Pmk#Uva*-i;?Z+2N3<N&kBK7{l1(*TJNhN=)zi@sdDBR?s@OU9nz${
zFzuDx(~!<;(!X_f-|5BgwE(NjR3)9U_EWhIX{I(S-PGe&PN=8e-b&O@a2|^aOa;M(
zCk)Ny+U9h#*cz&ueH-_POTo=cHEsc=I(rsF<+G*bvp|uA!o7+5@ari{0oAe?=b*cg
zzT&b`V)2jr)Mh<%`Q#=5>(5u~auI=F{P0e{tZqr0&@$}l#cF^gv~Rs7DwGgN0dC0N
zS-8!Q(rcu%4`Y{ZBsZ+G5nwVNdz*S*dG7`DyZz))fDZOikG@<5xa02LZq_sqShqv-
zEkn5og?=+t350x*P09}u@C#}#Dwy!HW3mbVhLBa{DSIsC#qTdsu$uU&CbG%=QujEv
zm5?DbyTuT0V^^BH>_Gr6)IT)j^yjsKSkJo8+9!mxt@iQDg7UPum&qCCYLDYvMB$lv
zS7ytfi4<<N+6!U5zmHe7l)TU>cbg?e$z6-u9yT>kvn!5Udb@J1)*9*kI2N$)3@@*<
zD*5;y$7HuPs2I0c?0;|p%P1v)Vd6)*ZA{3yGK&PwLE(wkq>*Af(TbmBEGya0p2;LR
zlag05d!pA5I@_0NXE>6no>fn{fa8(E*Iay_RnPJVi*D=^)b~jp&RkzAsT5b4_uvSG
zwh@tL?#>9nb5A{*JTFL=27r5$K6P3>atRPa2_9g1{hi<3tHB_%_IlToyLoj?tMA}N
zB9X(e=!u+7-3~sZZ{fP|bx6ppn+%eyQVB?VJVTDL{a>b2Sf|d}xTYf}CWk}g1W=7Z
zd$1(^%DEM4E4a%}v(ZB^<Gl4#@NVGk7>kfuP5z#~@<z_QKnZU+w5FGHtiXNNZb^h>
z`kW;V8`zcp>WfsSpa$EvuiNQZh2mOxH(4c<Wy^^Dbae#sS-=MO+V)T~h_$!#)9yWX
zxyeTuzHERa_-J3Qq<z);ae#Z32rDQG<{Dl_G|!`5Xf-5S=l1BvG{|r_b(#n#;DsI*
zwizApJER~V3^I7oZ8W!_p#|9Xi43zjv|~R2$MZul{VH(A-xfcL0?0F*SL4v<Z=zeQ
zzwEdPV8o&f+?hlEaTGpMo`AXc<hA_gtAHj09pI2jO!6nR68!(^r9H>R8^QQfxrWns
zThz9)@xAOdVq#*{gYoD7Dv(aJW%&R!@aGqu;!J=RXYnm`bkG90E(@F-bOo6YKr%-0
zALBlBf$P$Jgh0D2)jPnU4}a>>0Mc(5VOpP2|L!iH#xvk9{Ks^TufUdnrTB_IJA?vA
z*);xRCWr+N0THRVxH!*)2MiDhq}6`RlHbD0D#E=k+1X|oZK4P;)(3}xkd#fVtg^Ce
zI7dB6ePw+;>g>!*`n`Gp+O5U|#)7=?S=rc#4hbRNoM_?PoPL0VMpC|*oAL@Xt+Z6V
zy1Kd+_jYBiOY;r1R1L%T2UZjwsZpDfIYxmll#x<n(7jmXD5a^Qe$PlJ=zgF;cz2jc
zGy6rhMs(HgR8t}8-E-ty2h>4tz<mOybrvOYetr7T8$+ELx!_)lQLY>lu86N{7XgWH
zCa?i~9S(<A{W(4=__RwGdxDv!Ni!$jGi!Ff&aa2CtanwO)^;6T^{<*|tx=dddJe?3
zq!-z08RlGEg9Q67W#T<{y3@MavsP+gC>u<Ec}zJ%&SUc)cf(0Q;(obpJ1E&*S9$#~
zvD@HV_MNmsDeQ#hmSv7eE04kmD$t3Fu*K4L$!cao=b%E3$?%F=iQNp%(T_;E$0kU3
z1+EuBRogB2WK4m(BW_nY29l{5!r`)^L%1;2Le-8dSrwu0+4y>*qz+Q&U@4}iP1&0$
zD9g28uU`S%zv3`k*%#%F%Hq7+mGiJ}yHyu@7{1xrQ@Pja-GIvdCGhGkhsf@=3HQ8$
zd^4Y!O;8F%8Nn;bVg-M}K6d`o(hcqbze}a>`RQaKQ_naeSTO7^v8aaf@s73d%D3}-
zDw3x`Q*N-H;Ntr*6<UY)!xeC4uThWm^INhVugLvN2lzf*)uy&|n047kveToAQwx4p
zc}3lodfqV971xQq2x-j%v_b_mnWwad`%ps256C#jNc9KsZ|PtT=C&;w#d$#kCwt_r
zWRIzx=6&f@qs#j>jFmw|I%G=2-PUs$M6;K3y4VLfzatAU7iJFX4?4vgPU1Wrdp(Z^
zRBXa=993c@3v};ER&9JF!uqk@rWDhhMaMW~n%FPoJQZZLkbRdpCOvD6ntH3o+g@*>
z6|#ii))CnevG6rQCCc0DTwte5)ctN(&tdmK$xw)B=g9}Nu05lW=nuQgt~mav;vo~i
z$^Bq=+4G{ii-}KmgE8mA6>1jeHa)eMQnm|PGtYkXo!L$}HMv4({l;8z@c5l6=tgTR
zo_e{iQvkG2e(0V@j3Czg5^7<Gp^uBd)I}EPubh9*D?0UkbGBx&1C3CQ>?*9%rA+Y-
zOB~$RIYMaH$D(Au`kvtEC#+@n)LD_=F1N2VD8{2Fv|UQKi3%XNDPcrpyRw@f@upYp
zOSADy>V~3p6`0)E@C^q2M;zz8DRh^ZO9>?_*hiI=oepx*|ELT-s6RFtNjWx74;BcQ
zlsFTOE9=Wz_&^1UTx@{K&Uo%BO*jtLQ)B!4Z8Ye$TGvB=oy>*`gowMs4R}numv$OM
z6(h;+K5b7)c4cyyFGPg&>KOjb1prq}n3i-MPWyGP241hNIsabQ5KcxN{8?PGzNq#<
zd^6f(vwDbKD%-vt&tll4uLjO}FkR;*eu`-H!lh;I6WbkY6{{S79drOCEBn%lJR#)n
zoFH88DpR4K$Zj}q^b;)P%XSN)5q{3BIHfn!&@)<M*LaI(w=}DLgWM&8-q0hXTgWS#
z!~2j7x()YcrJpoObb;TXk-$7Pu!l6?BF3-ie@Sqsz9F=9KtSAO);&uUL5oa7{3yPb
zf^Xj%J32tg+>F^ofsxkwni{@UhqZF4r3naS4_?J{Iv!{$tugLg2<@U$UjJ+qB5u#h
z1l*VEf>n}G@u@=t((8MAVQ+DBoBOWB(!HpN3M3#^IrDOxA7lF*H1$T^ZEgTwNX2j!
z7uTfCz<HWsJo{muQKmae$T{wtU+o!cE!fSbcDr?ES*E`gX!J7~&JHUX8ZX{?XH{fA
zOfor4tqzvlufa7rsLO1(vKnott(;-SrE`z0J*e9ZJKqh2)g5R2+#<N)gd?3|LYXkf
zL_N-zu)B42a^KO8!_$djs-f@kiq4CpkCJeVus2@zHV3z7v~lV#y$ur?D~HsN(;DK!
zoq3jxdsnU$b=)PH9*aFF^iaG#8KiQy;Jb6O%gs0Q1XSZ(@Jrm}oJauShKqMWmBsp6
z$b?;~wZ8XddZD0l<~ju++DLdYuIOEGHP)9x{a?ig5|5FJUzn?~wtp6FhI>ysC~P80
zCTn&|6c!u(yx8G2zvNe;D4q$&(CJ0;V|tD}?el_JRIf|DW1WDR_bO<i7j%-lo!9|6
zIDb04uAk*SZ#8rJ+zxohNNv66BKt%a3V*&Pkhf1PCDzly^%trXTZORj-<;9L`+aqX
z1UD!dO3oC98=nHHPISk7Xi?-Ymp)I~Eo~Ad(1ERFxSM1Bol9k;-BbFd+YD&}hX|;j
zLF+n)SvQCY0lmr}{j%A+hXNh}nsIWOzq4WI6YC^xPyzRXJrzgle{`>Jyunak`X-J;
zr#gS2!hL3LoLo5^e_oQ~+-v%vV6CX~U<xr(vWe-}xj{c&U{5i35?Ft?tGehjZ~e%9
z(aqX)8kZ(BlfG#d`9A&_!DM!|J{fEfLW|i+fgH3*>R+0}3;qVN(Uf=a2;OWJ)bG{e
zUR@H)jya(4-O@4g7;WaK9Er9n1^tMx9%Vte3LA<CU3Tn9Q31C#TUpcp=FOX*>+2=v
z*@pl2?luPZk;+vB1PHeeS4hTf>u@tbtD7<0=Uroq9W3XpptHH0l9vO}54d>9Z`*?=
zF&%~E5{y)y$21o3*Mvt%Te{ChUZ;8`EwK+BM&ovG_mRE7^25!*tYcz1nMHJ?>hb(g
z!f+IhI*=q;BzezXKeE_d5B5uxtX{*`d0?wNABO|eK6K8HP&rDQg7nn|=aC}r{3@;K
zjhKOXjaG?U_D#FQlv4IaxiqX9?10XZ;lKDz8lDcptm`!AF#%aId|+GbrYl~%KW$o`
zM!hu3wlziuyKdF3KKhx>Kw3t@Zv)A%5NN*BWJZ%IG7F7sP1Tbbv4<ekgr3O=Bi64<
zs3G-Vaaq>wo#~U<B#goiBC0yKJ6}a!234<orLV|P9O@x$IkF!NoF6oFy^^K9TU0y9
zjbQ6Eq=%&wD0I@0vC4d>*dn+kb2X`~Q;a7y6(4X}sTUFKEpBir5aZLR4Fw)kK{cuA
zXV#5&mJ+N?5(+A#`%)ZAXxt8mgBHz+eJu&gnp$fpmQ>eEKTlk|h+bIOc#<sgXh?~V
zk3T7c5YeR}|LdRcdOjGlN>3hLxX8az8wM#mV)R(lrxF9RDIwr3T961}_&;g>Jp=g5
z78C2eAjKcSnGZ&z@ZUlE<+(G!ifq{k(2;oz%(ssJ{P4vW)&dtjqwz-&hlz!~{BIBs
z{N+j*$tJb8x7YstyU!jHd5h&m-pJR20wn~pS`h1xC45)8NVGoq?e9Csi8$ptn%33T
z4Z`6n{&w<eXg}-gdXe-@PfrgH49tqxR4vv~XELD0p%j!rs<`s&S7c!!*Jeh5-b~Fa
z^s7*P1w_`}E%c%`Z}WAbX=)1R5~jSxfiP63gW{9k`vO=LwK$o5@tk9z@;7xm^$qG#
zdnIbfTHL_}9I&H;QGchYQvKI!m%7TS7{FH%EHDbf>M<Ex-Vl&Hv1pTrluEf?p+2!j
z)%BD_2{r@&vjH9LG_~hsz03mo-LayGNN0(ltIIzR)Xs^NaZdwe4qXt-*}$X=7X*7Y
zHCIfT;jmcK>A12{g2DsSI`J5zwL0U@hj&vj$dJSyLgv{i?}~l~JRRO_Vk=C2ZPomy
z`^H-hIO-v?)C<`nKnZtO1HV5WAkv3Cjf-#nHE$478m@ME8_NPPFz39r1}Pa7sZC)8
zk2Be?&i?!f`)Dh!?oqF;;JM~^MRV)z)_Rtvp;V6;iJnxy;B?~w>f`vE;}G_n*mQ+N
zW#H0Zlh6EYdjfdRIF{BOt<?1;Q@&HtdGMxq1YOSKN-f7>qh=T`nJnarO?LFJX(UdO
zD0Deg(q{5p%Ye`|3Eqq?%w3tcU5`=T?dx@dg@f<XxLlzb^(SZ8t9~-9AZnWei_qU!
zd&Hg_q5|siX6BK;j0m*=WHMj>)wS#H?f&k5;<cZMQ)tu@EZ_{J8?Z`4N=(LBS)uOO
zB{Krrg8kR`VV?R4<6o&)zr9-x@L3Z`OHHy9RzI%jd6W1v?9B{{Q(w)I828K9UEXP~
zj7dkNUWH@i_T?5us$XK+aHp;NDa#aiL#scju|M)k$rwP2r{iUO%zLT44KbU{$k#mb
zBEol}_gMA0IA(${8QJU(-!r7}^tiP?WV>8%E?y+F)B-Xl+kgb~*yhk+9h)U`v-Fx8
zfF$&mLl5d&I$3@mN~Dm{S!o)InZ#yU@FFIEQn?YThqD9Ip`^Y2B$N{*ke=di?T?~E
zONk3fH9zi#J^XzeKVE>{b6R&^zkCVM6i`7xZ=KTQ<m6YwB9DU4R`Z(#q_awp{+u<P
zk9ME&aD(hbQ8g#-DQb`IB1Z4R&B#5Ms5eqDW}R}06u#tR$+$+)Dz-ZFOCt-s<7_ko
zP#zR&>&Lac^m`Uoylf9-MjSto)+J?2&AZ<e%k>(jagt5RlWcZK8@PY*&Piop%TqAu
zzB188st4#g85Y>}YQ7>a*!gCk*PTwVOmkV)%;f;!VppV}M>?(kk$-%}re=WM^lY+v
zqrx*6CDwid>P@ZK$K=Vkui;-<H3nSZts>6mL+7IB5s)(II+?`%F)0WD#~q|H(A6Y#
zHGx8HE_>H+J@?;MvK=VihFxJ(LNjFjxd6JXWuUW!-Y!cF9HUXSKyP@}0y60`L?;h7
zn!$Ad3a1M`@)2nEwJaCFuQj!!-O#M}=XV&GjJO){X!&ibCSWZKs!O{68a8tIn9y8o
zpS!!e@n5&{#y_`m`TG;}AJMp|ilQ0E7IzPijE063(%Hx~bbGsv4ItvxH8mOO>CGO_
z_FW!=is=4=jRPn^3`|ViH!v`mQK0zG96Yt@VizdAe^ud^SS|*1>sFL!(JR1gCsA=q
zu^)NJVkNAcjYR>|$QQAXe5wI*D@!<%A|je>Eus$;?W<Z0jORZ6?TtP^1-AWZpQ_+m
zaFwmkGtsF0wj^h<VHK8_leJ65IX&q;Z%RY8VS-XWtTey=;<8^>aJ$?POFRt`DQxPc
zt(wEeLBAr#Y==UiqPd#uGm~N|Yb#mn7HWBS1+KxJ8*C?8F*M2lacc^^n76%Sv7v*y
zigzmi<gW^;GRU1?Vx4`_j#fRTQRuC6Iszw;(#fPzlUuAWdk3XMrYUh#eRyg<+IEBY
z^T6euE6bHyyz;)j(HWcy5!g^mIQhANPhUFib%Vn4?U@1Q6J*T7D07N4vI3v9=d|x_
zU*=5tD}M0z=7h~HW=YG4LNBu#TGrl&dfuqwui$vZ(aFpW2G7>lx+E|W{sW!%mCNT*
zS1ol1v+00M%5@tec<x@uffc|>!-P+yHt&dYWoRUfBjwn<g-UP0aS%Q`db|(OmJl;c
zA^KJj!Y&mnFyl6|o1`+;Ps&fCjq$*MXrM?d^5|AXS|0>;sm$N5?St_}{8v6a?Z!91
zD<A7=)U>gis8338@KW6JcxIuyCo=Wi!%PJ=0tJn&VpA2Xly^0I%f29?lVrqLvuEJb
zNtE(!u>b<n#>2VZzBe_IHen03sej2tT3pmx=FSXoQ+5hnCQHXp%mzMgMg;=R4euX+
z?t46i?O(>-@@q{NjDSc#c@X}!Qt-%TrJ1(^yaEQJ_G8{i=;-_6`LU?~9PB!Z>^RH+
z^5pkxHFe?6-A?XVYWsW>Cr>q3>SJ1IYr<^O>e~<cpdt=8yQ!G<!4?vea9oxyLxu&^
z55cARtu(-Bw<=9G1Z4t;z`DI4yuyAmd37s?N>K4I+66~+Y@4x{1@$}VVITzp0@W-3
z+DrC-LlDQP^cns!TO%F_f%;)Yw1zC|%3xt|)#{_QElv%!O8gJapVoA)smFe5vNu@8
zL&!k4PTuXlVXu`+gay29{9RQH-TV2|y;48LQwvZwz_}gNe8aM-@5B2mY8v8W1<LMQ
zc%dB>sn#3z5@dN>5rM>)kQf`MYA%M_ew5`1%o8x1CX(=6Auqkp_akHhyQ#PobSXaY
z9e`bDZKJ9e>}<=@>8=YJXl^C_vg_+`NsP?<D8+7FtM`g{L<kmpfjFuf09Mm!EIAGh
zL?i{`MY4n-0yJBt0X!jU)8%GMXvcm~0<bM}Iu=?CHF5#lx~#_uqa7;-%vW(oHd>G<
z<pdlWG4L=&hi$Eaby)MTp~a;Cr<eAOmO<mnpRxw!*sYtj(^tvq9tsHwtu((>xFdnQ
zkH((Cz*;1I2Emb5ioj3{X)*mB?f>3_|JQKo{~t&$D<693+-C51=<GfTRYRMxiiyob
zd6DpK_0P<3sb?uWDSxS~)J7d2<C7`hCqTay`4<puO^u$2h)As&)qk4*3kdcDj(=~j
z@+tzcLuWp<Gee~Q2b=dgp$4N=5Ut=B%rd|~yik=}Ye6viHMs?eh6*^wiYVz~1F>^m
z<G@;xE`m?}ze8sOG|TZ0z8Y41S{N|p5F)sITo<^ceA<($4vBZhe=QG~Zu5+6JX~!p
z^bfXnH7U87w`qBa&vJAw^0$gj0<MGOn#FHzUr_*`@i#j|<#+4ZMd!Qj9qgc}ZQJ)@
zVD==Cs1oyfT@29G$?h;YR)5Fa4PhZ%KJUom(wO!!7AUk?zo$wmRV`eHDjNdwU5j7i
z+PX3mY}gdI*Q3?aWjmVO92dydnTeuC);OUri}jrs`FB9vbxdZxq6YhMJi;YYksb85
zo^!)a@CNzOLId{y7DJsdj!^oDNcI@T5_Z|f*=Z!%03-*#y{NFZwH-d*$D!&9wXM~8
z8ccI<NCFb+xk{MT{*)SQEPmy!uwnhL>pCTG;`Yu@H%rXVZk3F+?SHGVSW_V(^@i*V
z=k%Q<=0l7M^v~brEuO-xlcsOUDM0bZ1)OJ%GW&m8-bEOAo_6}35qtM*+35pqO$^!a
z)kQ^<w>uK^Lv7}_6WAiY!ngGI>{lHJsV2tS%%+&tAriCoSLTJRsLH7LS;nBo4(;nd
zvR+-f<!&5#YKF`nA;XY_?OVbt>c?Fv$7hd2;+^wrHzAu*9$rVhM@xxEJLxG?OoU6x
zT;96n@?Lh+L;#vNADY1Bry?!`oc+cASJkbyb~RZVE?JeLu2DVkJ(u&jiuRWecHhqf
z0Gph{U`JM`WP>;L(IRbK*dmuig90Fy*Y}jP>NkdZyRSVgL7-LeIFk6NGe$yE!==?M
zBs$4?N^OZ-OfQq(v5X^8QZ|}vEjlpTQ@i(2E2|bcs^>5Yg-6?Zo#q99H##N|IBru;
zVfLfhyPwl1reg`SWszK~8<@;2Xh>D!2mJxvmUpYj-|m+EUJebJobnS)&J^&xB3q^J
zs!rpSr=jtE>z38<Q(-pq@g?Kipvb^Jef?yK5DDrx;;v76bj}TUgG5t!lYz#3AbH)n
zegVZY{3jH9d$ap|dmG;I6(VtuyY?`R<Ge>4Kn!d<lOy)08KlJCoKN$Z?)I20lX#ce
z|7twm2!CiK5JTc+oECKRq4e3_kGo-wQX??y(jMcO?HZD(Au5(}bIFtMb;0|?V`sSZ
zTo>?tcJ*D^kVt&;1Djf_^E^>oTEx7shxfg^0=MsYczJ@{Ha%uI4`!UQetCSqv-8U_
zkJ^Zuh9)vp>Fld@<vQ*{FU)42fRsHN&YdnBY}su;A1oLxDYpNuTuINnv37Vo*?abh
zu*a-t-2Up_T@h{zL0o_qX#*L$IWs&d0F}UGTy32;+odtfmuq`9X;&k#QU9ftuWu`y
zW&1(!fXlSCQJ_cnQdIM*((iB=hage_7#$o+nLK?Dq4kA3aq><ZjmMnoGt~qSC%uTt
z2YE#dOe>X)I3yZ=o9koV0+6CfK5=r=6GLQyz&gSz2H&H7t*D`XrsOI$D)l6y0W>32
zh}GS$BpAg)cUllcEvYu+YE-b&2I#qPhMsO<7GaR_%K|hvqedak^Yo{|kx8u~QS|yA
zPkgi33^FKK5d<=W!5-m6rJTQ*X#F^)-j99Xvx9D$ir)0@FI2&kyKWpnOsck9+{3>P
zRf1f;Ew3*MX7=ZW@A6I#KY4U~|8BL@{`i3Zhx4@2psG*oNynANqh*kJ?R?S38r-Av
z>~Wj5?;V<JgV=bd<S7!x=Zz)qNce3d$g(ILIzxa9$z~@;>@#0PJQP+brzBy^T17P%
zy-Jf-onDVC87Gv<VKiXyWC#w}&}|}P=jY>ws7(Xsj6How+%IU`MoV(>Ui1qejO~3E
z<s*F@|6OADa3#pFH0pge6NG}6!Be8V%UOb1q9f;$T&n61I0?qJ1{qrG&Z7F)abmzw
zFyYOndynrt66b?VH=I6O>N)x-hTP+I=sEC?wetCfLo~8|L<NzJb^;B!M!#B4a*3Q*
zKFt3GJ(gL8F713_zlDaXB8{>HTMNeslYLdeiK;2D#D%Rfn?^I&V`nl6_>bxAvVWZo
zOji-8wRiC)C<C!*{bv2K&3gmtqq0{F9ZMpvg5oEtm8-XiQ`iaBz?op~Dbqv69fK>d
z@sgV^0%k%5m+tPyJ)jn;O8)$gG=xVD1WK{@`X{l{BicA=DY~6f_%&HuXv^nx)I${&
zb>?-n)8J{4?70)Vv&fyyMo5_?ntw?pbRKgX^nmr<uH;#V9&b2|HbHkbT<WY?r7ns$
zC2uB7O4i<ow&TDhWG5@f)9k57=XSXw6Kqz&o&-aCeKgZm1`0hB`zC~>6$0S4CUCN6
zC)MJH$HpR?j9Ss~HI#kbycK|Dn!Tg5W*qTu_EvagJ60A}0d7xkU591%0z=rtz1~T9
z61}PXW-x9bNoU3-_bwf5T|X~SU^VO(-gsY`{4$Qg!M|~vfgoNzr+RjiJ<<|-lLIRZ
zpfd|3TK9-m%)a?@DX{Ll0Hk*d&T+$vw;A5LtG)9-rmEzP!wY6medTL9{Z(+Sip?|k
zffMiyr``j~)SSgZidcUGjX)LkHE^s&Xb4?|k@Jp}kNGDP<LhYg<c+&Py5AayuIXrw
z4@89u9CssrN931iUg}NY*u&mGBq9}noL=|!t+)$v!{32s3vevJK9lNqw(vWNk_Php
z>s{?kXh0|{kZ`I6@z(uw9zc({4qR^Zi>J(&<fz}@C-o3G_B!zoNylhXR!yIk)zvUx
zU(D6DHQu>@O5rot34fsfh&i(_@RCx{O~PO%h~XUNhM5_|)y+*78KDf;zt;<_TuKc1
znE%Fx&Fad^R<gl=hEcu*gaA17#@Sh3TRZ09`G2XDXMe-MWL%mHr4@XnRiHnRo#9Pi
z8uyAlxh;0r+;QAT_v`#>sc9Edo72En;BSC3J}Jk4dwDioHle3pE9f^o=?Prw4J)nI
zU`INm-t?XuUD6|}82wisxxPb`zCzv~>RxdRmJD^?H7|`D`&fLL0|WS12_|FhD*q|X
zi3FmdF?>y%379br%E7B7r>PuKcN*62S5Xx>gbY6%TFpM7uT)a^=IU~&=j#-=R9Aga
z$4h^4ny-xAlgCl`=Un*|HY|7#)sTB72-o2#a&_;_;`gv&7_uNewAmTSY|h<fkGo4$
z6w_5VWyYC)NjhK+yaXvbDH-;HfdrKquJlIe+BjmO6SYqzK^9T5dfP0{c8#qo5TGQb
zH@yYyvEYRJOMjFE9?ooVDIKLJ;)CGN3Rq}3O`tl<gDvRuA&&VF4@1?<f<A_C*#-Pc
z(Ch5fSazqEQEEl|x~Je0%C#9TdulE6aA$=Zkt;t*9)ViLNh`!!NjMXtwn|}04IMAX
zR2g&;`ZjKJU~gc7--_TRR+p?0&J<tTQSf%||0{Ru0P-Pr?VIo3Tcy(xlh2yq!5xe(
z`!u*$P2tWWOyD6+?iF6k-VPNN%S^I%cB%Jm#y}iekJEnf2~oTok7_dYLOi9Vg%V@m
zM%zA<7h!>|zp5~@=p{$|Mz2V<|3oLHe?XD#<rb9&9nS{62hS9>P3Dq=BKx!$0G~#2
zv*~UqVCe^YDhm2aK)(J2d=*>a>v4~*e!p7d7wP;CN@2K=sBSZJazy#twL%9qZT>Wy
zEQj*PK0h;TVehL24&?-X)&qkR+eSG0uFFj4E_ftp3@3UP`i~=y425SEfAd6A%`aXH
zoOJ0Qe}Vi-mgVtf<>hj9h6g2Yz&{KyrJceT)MNJ=aYzK#z&V>pcBWaQ#_d#ExSpTq
zl9lBUzq0zX9bG(vMaItyXOI*kuLm!NM(~DA#d4FqGGu7`P(wj!SOH*~3WghkOmT^d
zm3N_qtyNQw!k^4<Tv{mK&r&&9G9y~twG%~?Cvmm_vvzZbq*97E6kG*fxy+SPtAY1{
z+3=VNQ@TN(G&vrCA(@$9nRBxC=O^r$(rObXV<}!DkihtIZ2xf1o6Tq{Auol1d)u6&
zf<Dk9QV}pYB{)V^{~9a2YgrhWuZ56*44?=HI9Ku&FRxLd+0xk?3{uy!B>tGU!2=k?
z4$7ceG^p}HBCwR%;Vks|81l@3eVusw@N$UuUtjrA-3Q}gB5Ds^O{4=b*Z1@ud_+?T
z`ECaQsUOu-(8qVM#$D{3ic09UYuBCut}+a&l_#gCmoU7B4Cll_--Fbni)Ti|)!f!L
zCPzI>MAPFR405}=V*76{!2fr6B#o}}m@(aa=LLB9)%mh-<5>`pYQ_tPBiKWohln-k
zwGEBB)2GEI6|LkhV=+u@ptn|rcv-sCCU^IyHXV5B8&j0^U>Saokz>4Uf)2OtUng`=
zM(kg@lU#Py)eBx9Qt2B?;*bFJWJ@>`@g7Dv`DrM{P%D_F_l07XW4wTpBMB}Z)|1^6
zqd97ZJ$8!OJUodu4O(r`EIX!e_zXyud4;#*g+@(<0CGMPI?+nT-zU~q08%1YGSQ1z
z5<b3(f8pb#*a<Zxq*f9fVW#5;FTM?gRDZbd**%hJVJ#=PUU6n%G_X8R@T}nE?fs!C
z{RDUZ7`t0APRUH8Od{`oFV`Wu@<x}a9?L`&^OPA)g%`4?&LZSVNR8q$v(e?V%UXE>
zX<8WNN002=R9ldP^Oh$Mk1JL!+kjwFDEW!Enzm-=X}EdPz_Hks+0sV>b%ZvPK5K6a
z_am^Q?Y4@iH;f3yD==PF2aq8XWhw78^0CB#))EW4u`ixGK*9tYZ~c|osX)?8vS!T3
zpsB3_IW=m>I?v%&NzanQvI%QU#?D+t?zdXBd3{T~Y{u^e`>I3xL=Ouw$oBUwhWM$*
z)}Iyj|3B@0XINC*mMuA|pa`f4A}B~!Kyp%&fFwyG(L)YJ&QK&tN)pK#1OY*U<cxr1
z2?|IkpvVYF28&FuDmb3Hx6kdbzxTa<uV3(oKNe6`yY^mljXCESV@{D7dKCOH{HoX|
zHF<eKy+B<!_O#M3W={wXN+dl&WNyatbL7PI3=wITqDAN1hV}O`rSfn$p_4vs4lCHv
ze&Zu3ye_=to)a!XfA;;`P)5-YtM-F8W%MNR2~>)T_jrb`wws=U2Q_364R4TGAtEhz
zKN=*w=vek?=bYafn~F@TMp1H3{R6SGh}mBZSQ7R}ToJd#c10FQ*|Uvl5WiA#l-^d%
z*sIZw1+e|N1>wjgfxnKrm9yK^c)ws?fa)sBNK=dj`JwMPkkjGe;bj&U_EzHk#-4&h
zOy<pb@K(e9*^G5YHe9MzTGh|4?ZX49$Cf@c>b^1~t!4?8iuy!L`<_dYdGZT%O0>K_
zd~0#|FYb=BlkLdJ?Kk(=Lva%)a*lm@ww;=(9EbRJFfNr{911@e`*nFcc3U<SQZGWG
ze3aOl40|cjd>WekkZp$CQn%Vfy?2Ag1ykLgB`=4uBuYY~H%{@=YtS~Pv!3!>0csUx
z5+D3=-Wk1Cg-7CL6y&Dg<=slc@+1|pvrzpKCFF)8q<DD~Ell;Xf-q&QN!W^xv<Q*$
z=jp8gbj4Z;0CNdOx3A!%0leFwr4pqdafJ?Tt(y+u%9v>V>u8}hN(_WsU&%j$(AKyC
zT6n9e?rVz%`~C|);Quc<?)>*EIX<5fYK@UjB+QmByN)V3KF9-IsezHmT*|2a250rh
z%Cu&pW=rp<_FXdL)Ia3PEW8!yu<!mB(uMO{I`Lx>6KX;;sT?Sf2j{sGEqom5&FG%L
zXmCr0*UZ&Qs$@cmA>QDPK({B)9DlaZC_vA~di1Tx8O~9f|6`ock5ZtJP$Z-4(etpX
zd_ll<qva$j(wK%L(W?4AYh9_9R4C1D;)U)A#mDj7s_KOmv%W2MBhf?cUUl1VlK9sg
zMoc<qcRKTRYSinYjV+rqRMs)d^wJ%GA$MDEzlo{%s}$Aw=tR!FnNY=y>eT~{4wj>%
z&BEmDu3S+>M+akf6j!f+v+0L&GM2cuxi0ny;IScd0zY97o=?5$4z(ot7}{v!VP5}t
zwMCuzt)!2E6VVr5`0?6g_36WY;A-$StxYe3afb#Ev;fb4(~bW~_R-zI9G(mcA@l25
zA8~h}tu!=|`~02#JQH_nio!)06JK<2^dzZj_77g^udW)^Xwyk?qbewymqcNfyB_}q
zlux7O{PH(Q(x;(!oNJRUr_tsu{>539xm0*V=;3DA#7-xh&UZFSw!MO+jeG^y<@}1-
z5B3dg@WXu#s++fmxAi<cV}F(nr4$>vyVH+p1Hzbj$j%g8n66@bf`Uctx*#;+x?Nv(
zrpT7zdq_j_;Rl4&>DQ>hEcC$@5_-5k%3>HuZQkr0@Xg*BtDw8VjDFP~w~5!ruWOM?
zO^Yhat}$!CF*w><?Au2jM@xfnF5Mg0{jCD43Ad9~hFhG!l-sv0Bz+9!Euq9ak4n%!
zqd1*hIvYO>><*}%JL?eR@KY<Jwl*)u$X|O=wd>Qt#fQ9z_C)J?CU=EV=NA|oeMin+
zaoxPJ$)bl}TR-Bj)yTDmjA)DOM!e+w<1@itKUug09)X&5NjFcVPV1V8s)7a_;VnKp
zvY^g8`p?Bc8uPU&{8h;IyLtw%O)=NwJxYnPJf5E_zXb27dq4en=y_GxT-AVv%DVRB
z;nc^#79PCRjXER+bV1KWxkr~zFAKWgKFml?o}eP;h0uUw1n^Fk%U3b^?H-G)1aS5|
zo$>R@afaytbw@M_yoe$@Jf|vg{znP$|18Nb<TD7XnZOB{KdgA6jQm2L|HaUh7{9RX
zuObL$Dkxqbb;&~#G-V)JgBri-nTVrh(ZqTUNJ0wb6<*J`fOGlGbraD=1<e!VblWy{
z{pn0{ZcusVNg{NIJW8X%eHnB~dzZR)K2<=*%J1!lD26(taWf~?`suLh6Q5yyuEtfY
zR^}NTRHW}GCxf4N?u%i%9CJ?$$9}U8w?I-i<}tEaapxVfs<sMuw28hUYRhr;ii<pr
z>yLW8Llo1}WqEBW&;1yYQhd^P57sJp{oEUzAm}eqi4?86RU*G?f3rfSgY)ChE|UxR
z=G`Va-e-3`I;oqeq>JDY8*ZKCsz<s_(s=x+*sSX+h)T)hhy<gq>Y^BVU+97+BC_z;
zQpeUsk^9Z>JpA>gGAEg({qHXmB59s^SS7zQm@lCzzqj%1H2+plE5eA_(R+LR`53=z
zY0xV&uka~DxM=;8o*J8uzE(k(0{w|3>vk1IQTic|lfWuG0^uu3USFLJH4)^?!r194
zfqdyA^qaZ<!2L6$!RxW7T|e7<Y(L1k`Wcm*rf}>F(c_}kR2ny5LFMPaYbk?fxQ+w7
z`@?cMMQV4pwVr@ylEBox9H+MhoH!cirgeR6a0#?(G(SkIvx_t~JJ(j#DVbhDqR&rE
z$PypDGAQxwD<MmK`oCe87QWX4hv%RRhNf_#%_QbQJ|eAj-!S8!Nsh2o%cwSTf;xG}
z<$-^$+O^1raxD@0?SIbc^;+b1{WUUZC)*|y`Vp@}XavJ@t0?ql&#r>VT(BKN7-2`=
zw8zOTjj82LFfl%8^2aC!Oe9$v&W8_KtQgr9;Z3s+l22SnJ3>0&e}Uc4Uaz$@C`LA%
z;}jne!m}=4U~KHoA|)FP3{PJ4*dTOJUJ2~|Sh?_Uph_)FgC+yXA$g{l)`#)c&12D|
zv~A*`y(2Z5i7QJnav?>FO(i_(`|h3Z7KJ|*;CyUg_D&H&Wz%TUxmOCP&I4&X(1=7_
zH2h|~T7?*TYsIqPrJ~pYV#Dp46#-p}o>Y36=Onhc2J72VCt<^62cZFR44+-BsXUzS
zZOZ(a-heaJ&oIb;lWw9xFWN~qG4J)Px9HqEfbRJ4(TZ|n|0hrueFiWe-v5M7Eh12r
z(?9HiLGDgnd;$K6oGZUPt&+-#e(_2dd<Kv<`Gll%Pc5a;xk~?g#617G?lh9$`d6lJ
zJNA3WWG7SYoIWmRoCyP;CM-W9l9iPePRAwHh0FhfZq$NgSpRFf5$PjVq$cQ$jOo+*
zcbXtMJfs~1w-_jOKKFP1QPE}8al0#XA)$*5`^iP0Vx(Nw-LxIaIf|Xi6DhWYRS3iF
zsvajuoqpb&ATc>S0(jZh`D^tn$`^c$DG98Lwnl9h1`E2JEB75kgJ(|fTj?7yGwjcQ
zhl+mWzMwgm@^mkgRlwxq2ain>B$(<#@}5n466rxpqTOxzNA<I>vcWytxlH<_+RF_j
z^&}_kq{Mn^LDdOU2Q@ir1WUP|Z(GR+HdZo%^4JE2665Zp^809H<8+?=>8+t7Sh!*1
zSpVFg_~9z;1-@MZFy1VCE=<e%4RR|pI(q0bgq#!|9yr1&3&d3S1_~#}pcBbMyz8><
zPAyG{xHYx#oW4sq6dG|sS_N)-y&-3NTmgX6KQ<Xjq83uU9?(>uSZQvJUW+e=KZwAb
zHi#5u;;7p${#n}}W_M`YKUXA965(8H;E=(JNmoPmGA2Rq6ECQQUiIKTnJSv9nHm~=
zgLg@VN@NRitY+YM`t5P2BEP-L4KiTC_Pz54jr-FHHw&eK-X*#5SDE-Pw5%J%=f4Q6
z9IuHUf90!hp)fF<I^>$2#3lj4EBIb}klp3=5hZEJbh9`S{<)*dMOp9s(8)M!Z-ORS
zrCxHEx1DqCkNeMVRPFDRGWAb|3ceRKw)Xf$m(o#^j#(@Rp08OVwOY64S#=ba+NEe+
zS9g&v=474*OQI`v;;|BC(AGIWGZkx#UWdU(#!8&@PnYp5A;SeuyI)dEP^AkHQl|;e
z!~y$Uq~XWM_x3vED<trOfV@MQMsp*_L9be(e8QZCe>*6{=qFI|ti;^tvT|35(a?jc
z(RfbkUga|0a<Pk&O7p`i(0Vg{y>~huw;vDwixse<h=#OfD?QGkL?l3cMv5e7jO3Eu
zJJZ^A{BAH<;kxb3Y0Pfv3CO2FoywBF*}h?Y>QE3uBm9i!U>ti{M^mX+=8K*~n9w#X
zaITwos54M>`)0hmTlP;rC;Y0t?268-Ta=xj!&ezJoV+TSDEuDKzOL|IiG2BXV$nHT
zV<vQeAafG2)KH%qkcp2!WPjO5Wq?g>KVMaOZj&eLtVH%q6Pzv)w`XbG*XS9&oU*>e
ziR5oA%7T-H0ht<9{pwt0tx0FYA-%$Y3D-&uFmrJ@Eh>r`As=t#!D4qT36E$H+KH;&
zo7XCa70eh-9r72i;EO1Yv=~l<tVygvHeIjo&Q{VD!P7iH|Bliq#@AQDjY((+hN%-M
zE|e6K&Y<{gr?DvQB`74wmtHxCK8DK}Xid2fi0+91B!Frsf&UV~N%vJExKZh^CDQ+H
zFG%a?t#tk$M-dNRy3(-aMD^I^^W@}Y8p#Vb|J{LXbh93UC~?{ya)SHvSQ7jciKkrd
zv$Bo)|6EDvf9@0kx9C5kRz)I~{(gFFZ0v7CLnhaq^VK8E%X!`pEt@S!ojrJ`H>&+9
zfSl<~;_mJ>kCO!k`ThSzSM4K`ob)fdYM3~eh{28)5EOium)GT<_V2i_$it`#<U-c5
zU2o)KWRQZJzSgkBzTGuo1q8&8ZgYZQr0!O418pSZ3R^?%^2s@BIcCdc4zt7oaoW&N
z+nObF`*|^0W^c`wm+XmqRgSKEyo+zh56|*{u74W34DWz<NXHK-n!y+4R7SFb5aZD7
zQtOZYA=mCR-!IE=7zpjhz`BR)+ijf}K+s=XoMasXY0(yWbxPaoyNt|&8(Td(aD(TH
zSqdXg+!k;1+fOVO_eOPulCG~1v&Y<kyOe}n<Cg_#)SbO=lnN2aBBe05A4|F7eF`r3
zw+)sKcqg8+Q0i^!RPDv+?yYI)MUOK)el2N|a#PE?EE-7dOpGRcOAK2w8e)gwF5=~I
zE3L)DQ8UhE`|N86Dv*TMDr7Aol*Qar@q@<`isX`~>LPpiBc>UlMni-*BDg@20#ZJa
z%cQ`J_q7%a_}0{l-|%#v*m1wFrIK9PhQ$v}s)zU$-t~hKjNa3UUypzBo&-A9h;Vb4
zneVSPxk!)N+d0)@i`bvPkcCAuMKX5CFs3q}93DevW1Y7<zZs3&eFYlUtMH|$iU~Kl
z9svYwv%AnsO(DVc(5-^?ealcGsb3+*4^cfkvkL9Q<h9O2uKL?B$N?t*M#+hmQ}SJ1
ztKF&loRHQHyRneo_6Mn>ddFjk8+HSw26NCg_rkHQu2ju~t*a&jhyURrT)4mY<&YXH
z3sk__+7=MGazpvzjm84zTQrV>%6z4_%-|+JMT{)Bg1Oj*3HH9v_(`E+QQB2p*&DRT
zV|e6@n$s0@k$zTDQHTzpi6EhaF>}}T`WizU8zm8*y~t4cljMr=BtEg9&VA1}zi@d)
zBL$h|!+(6iv#6T>+BW-3a5c((twvA%s7i4_%@3*FwD1y{2}wvz=#}HBV-;L0&A9G0
z=D`26Pkfeo?aFw_0;PdD9VTpEcr{;CW|YYKGlbiA6hVk7V&u^_0|U*)$(S4lw}`u!
zQQ?!r=Npjpu_*1zHh~kKs^Yrv-oad`!O}>;*9_?{g9dk6Tkm0`CK@onx3CL&_VY}*
z%<R|{0`44=rlZ2(rCo1h9(djU=gZKUDOg(ZwT1i&_)Yuy6s8lzjT6)D46N>^J(KoE
ze45F!AD45pygd)(Y4xi)Nv~Jn1{eLY8<T8v!z~fCH9R9NTcJGr<=yVXES=09m2Z7j
zcfaSDr=)+mhUz%5B11r>*HEL{gj3B|k%Jp_z4^M%xDUshN{6D3GRu#gHcKX`$nb+E
zi9Ww*sFyo7>tY+yf^U!^-uU<o%|-;SS{!-~2{X9j24&8uh8Aj;WZ9O@{1WtJ7p>d*
zC54(9`|#5((ghtTkVqWJNEOIeFH&UXm=HWpT;of0hh>Rcd3OL4Ad6OVLfzBqdN(`3
zxXAGvFs#pKESQfIT%=2`L1ar@h84n$U3rD|%p{^Vg&|i<su18OGdi)XIt*L$9^y`;
zw$l8+{2~KV1b6=~-&XQ2+A*QZhIlR!wb8TCM6b%la??zUpkWf;gT2<>0GUsY!B57V
zmuLJg!sW{$WGgVK1lQrE+>b4UOjBu*0~T=#l+~y0%ume7yg5VZw|wM9?x6X%@821A
z+{OiLV0c>4OW!~?Y<Z}Izr*ynU)0`V<~!X^$med+I<=m-1|<eh2i~gUgPIA<hh?tE
z{&KU~broHrc*i$yj63?W#_>uc<+*ks|GsTc$!cEe1@i9>l7gD&cf^MGOG5j3M0cE-
z=Q#wVY4%r|k?Od)<{SI3zX;c<I9;#7&K5+{RzUmBWhb=w*s68~p-Iz!z^&uc*LH1H
zu#)`I;0_^K{nmvF@@*>ebH4nQt!wUGl-a<M40#}SGbovQo0fNQ(V(FM(jeeg6to~|
zhPK8GQrDdAO)iw?0Qq2{@E|Gew5u}eIXguZKC;B5w9Ivfk59P+sNVzXGn^n7-Kf)z
ze!APgfhAcE(a6(gIBJbH1@u!=DBq#wR5_)fRq?H>cNT5!f5Arsr5AH=bOj4(PRys>
z<O-O66Frb5<3q1lGJVb#F+#&kVrkd0-WQ7Hm|ddn{5X87C_Vc|O2MU;`l8!Iq&);n
zL~J}NXw7okd~o%^I1%kib6$h1e;C}YinjKMMa=sV%Oi9wz<dkbn7%)_)X;9$H_)^G
zM)U-Y@9aYaI_k`&!;jHt^p#@y;{~Op&|E!}yjEKL$w5#Q<VE+^Kn{QN$Nh`N)5Em=
z>zAyTm*~wVCdsph0rhRXA_utL!P!|(S~?K%b2<iL73X_;&Yz(#ByRarOoJWz&q_mY
zu|EJ(`a^)3PKn*;jIlGW-<JiiF<#K>t<YBWQg(!_yj$$L4`&TO2<xxVjxoppARGBG
zYJ<*dENR<CQ;-4U2I<#M*^<#doAon1Eye&=BE<WOpw&ZcD6n!0Jy{YJ{kSQk>Cp3s
z=HBcLq`p5!htWd<=@L;s;>My0q}$py8@D$j6RjfTc_t*n_<kz!uXL3dMauJBH8%jt
zc3u&-rRp_3wNZbgNdiAy4=lfWGmV{Q4c37TAXB6|Nb610RnoO)S#nm+i#GAL@xKJS
zBH#9S=KQ>RCbfy^>GpFaDmC=xo1{@2BE!I-#*mSCpgKuE`#w80M$oEGCdJ*VENNiF
zHU92#^XA$RRFC~=VlEWpqyFk5r`>GUW;g$q(Jv<I&1ep&=N&O^w9<RZuhLMlbSxmH
ztQ{F@7UR1jL9Md0Q~wwq*cFczZc$P=v{g6P_T4zaKslYIv)M2yS|^>6A{kXLS5-*6
zjs3Ze!Rv{x+oI8kYc}=V?o3wK^FSK9HJ7#@t<$Ss>r<QC{k?#o31>Sa%Eln9OUe$H
zdb9$uJ~xw$u^6;k>Q+Vi5LT3XTYL8v3S^ES!gxLd<YPjX>g-)qX1%qMZ$hL{kC|82
z`^*^GC8F&M!D74kr{*8Bo2!*zRd;kDo(lnnEu8F1&p2yY-jkx}5f#560*2h3ovnox
z6n~b@1A(2L?ok*A&NCU>HH>ulXvUbO2D^hs|BLbG?)`&dAFw5gY)MAX<L9!r8r2+i
z8B)^3>J~)zsLX@OH{k6Le;<^d*(56r)^$5ELf}x}goC39uzum`80q!MVMt@{@FUPj
z5RFZpaC4`ZKoO8%9+AWh=AAHv3pu3LZY8g2Tl+Wls&Sue-g}61h`V`?v|i)fW@QTy
zv_3cITErf!7kTjLu0Kcr;LVc~?>DDABonDXHw44d5rRMNy3WTpbl%tSQ1o;i8n=V=
zI*MaXgDQQLw7L-Ucr1HFe#NNl1>tGat2N^CRyA{NsASS;T%#R{0F#|3l*0t4N{Sa&
z$=-po(2zT+pfDR7ZJ!5L!2;nnK2#@B^N4zVJzuEYpg_Ke<;Sh@&oJMBwftwczTRwp
znPtR<DqG2BAq2>+ofeIx<`OCU6YMNX0oxm?{%83N5D4T+;ZXi+!*MtE=3t?hT=^9)
zsU89Q6yPcGUCG-8v^Wfp-`dZn!$nxF>#Nj74%10G#`*<~+CB<$Tj>eZEDJ5xt(b(a
zA;zH2{1#K%u85imNpI6RuH>rogq0%CA3@gTsZ>)HFA*)lXeuw@ku9t}`H^aOxh!eF
zvbhav70EfCYq)=lSs2H!S$$x)xRjX6-t9CaP|6fb$9&uV@++uMex_WnYq{guHE@>k
z`lw$70>w^QP7)kW&_g%$esszOB`B=~!M24mZV|Nw&VtoD5R>KPN6}sOT0l*gt^U(v
z6kYHv!n1-kP4jOQr&}6zGuePV!*m1J*bOcC88QLM#*@f$v}4267KFQCj=TM6xjU^K
zSc^$0MORt|gH!dHhfh4xSqdE5sQ)xUj4vL@Jd1v)7k#D;viWJ^FWYEu(f$PFyYCnv
zXxG&@jrEQQ-N?x3{hx5At|c}M{VPzaMG9ws7d5k=SX&ovBM@YCNlz~SE+PN{Y6|!@
z31{aD2L}h2UUn<jwE!k`4ue0E1@&i|`TpM>3#x!=9nt(Jdox13i~FT_12TD}C)V>C
zd~zZsB$r!nxgtefF=$)1!2cnOJ*!YrKenY73R`Cz8VEXf0r{ZnKLte({vtA@#I<7>
zE9?9pG*r^5cS+f2R2Y9{%00Q+TehL22e-R@(<l!04dN1^gp*Kcb74J6eUrvTkFfUw
zQ@?zjni}br7Am3A-RYmU0t*tJesYeywxi&3mo3#`Y1}^b?rUjpo3ceN&-)rjOEP^~
zE4ea#1$ilp%;J+&<-rNzy5AkD7iTuinoYFjJ<Pedk>``obBY`fZ>3`qDi7GaD6_Z3
zc+)H_;94Y;p9FRP!rd<mWaGRM-iqEukWbKXNl2C>UVp$CqeCShv@K`!YghG>zqlly
zlH|DEWha}R=jP20f{|-(O9qOZ0Y%Xk=lM`_G9_W3PJ9Ar##;5mv{agUDi0NEjYsWo
zb$1j@jIU2rO23q-vna5BE#J$zYxOCkNnG_n5<f_&mAvh<>h}dixqRI+bBNi5=I++3
z({wWn1M{K#ux5iK6CZUGrnsoQ2XLyx^PyGR-OlTb+b@_m`|=?J$Ac$kKcDph)s%O7
zMe^+U#`>@a&6RS974(Hz(c-W8SmsDWZD4;Asq+LICe*y}kcI@dC5u8nrst8IUu0^M
z?eUG}LZh+hGRAWvs`9{MSN)p%x<RgAnw&_y`t*{V(`PJW<X2#$MUYqWA|f}L%vo*c
zS86n!Lt7SPUlb}*7|0f<xF%(nqM8a|oD_Ijq2o(sEMmhn0qSzp<g~tdS0qKS8>L%g
z*8DX-2Swr#z!-+MR~>gJyfpX-_a9Zi>~-7vFuFBf2}`kW7Zl5c;x#${%-Ug{PI^az
zx_@>^b^0BJ-xQ@Btv{7z)%Lh=C+ZY8W#n?{h50H|!u#-zt0g-TWNDRHQ`+;L6zd~4
zc!>)bOdhaT_3<I2wD{>wj34}7NDi#1xVbA6Q#xveu6(CDiZiovyGs=Ka{bEo`ix5N
zKtt~!!O*DRizqX;#}-$}?^rHtj!<4ALqX<Yu{2do-yP(A3Q+mvG-$}zCV9rQybQw3
zohON4s#)3qz?n}tZoEMK$!SyTR`>4!0u+${*ZOV$BRgH8;Ws}sB*+xa`x{Ulku==j
z?DU?&<-a#-`%H#($oQ8=Z8=5A_-A60?cnI>%Axi*>~#>oEjQZ25^3|)3rxSrp47Kw
zbvXP%aAs_37IN)!_d_w~-apP;LJYrpQrIhelbSH-%{Wrm3BI)~O%0|JgWdSne<&H_
zYg6ztf0=$pWE(@LJ;7zN2-ZU_+x`Uq;ANby3=)mRf|-JQ_SZo`G<EWk#SdD?6I@!*
z$9&<u^CDGkB*y@3)RWft*_}%o7q?TPFy%SmuYA1O<>gV1kskKGaD9+)Xbs{xO+yT1
z&;`IZqd03L;K0d0TR)}TZU18>d%Xtj;~6FBGBn|Fl(eee6uf1p{~)}kpqziv1UfNu
z0VYv5J)MH@Bc}>0uxCHf5E4c{a4n$CdA#71x*h<dVApPY%X6qqwZFb1RXz!JdWS;@
zhVqx-oOt(p5YxwrTB-15s+@I%ZCE_d8{5$$T$26(xXBmrtHgNqo+6D*%osRR9geI*
zp27~duX?FlOh4QD&;}92f0Km&+-qpBE&oOLVIjQ%Xv%VfoS+vYoxTQ3V%J<!iB~~*
zXz*gciwhoIcUOAZ62r(?oK@YUZ|Vbh-M5m|4s0iO6pP<Gbu(Fc6S&XTRXO8g!tmf_
zd*MX9<r-0tZk@z~OsjG?cB-M#>iPa>C)IbUz>TQ}_A#Wi123P~$TN9N?+R6ZsGuC+
z9kj;{ve8mrvB7;i%3*!<Jw&XjtfK@ssL0p_n`V`McVxkdVrah0De<M5c2*S*l_cEF
zwl!;%Tj%!OIx1>i#{O&X2q`rSlUK%w4o2r8M79O@UkR+*1q%dD<7i+>l${70{UV?(
zsz*L}V-3rbDidWgL+?G{BNdR*nd@?HWlhdWwWQDVXnW=#!GB6ab}bWahia<#H*RV0
zS+3MP^j(`D<Z0y#E0E9XVwQho0~Gu{E_%JJJ@~2m^EICJR<67F(3<&~8AYVKeH!bT
z<a~*hXVE+z%DW<SP_lDT`{g8&gr=@tOGtm2GGgS%zE$TNt0Lr2VTkc__-n=oR-YhF
zx%qq=v`vtaB}RUV6s@Ex<GED<O8Ke5ij&Ds-`=g8t~fz=4Eonzx$dBZGOrtunB(nV
z)fUd*Jy-X|cq?2Yo|Ommwxa$_ISU6J3I%yLvz!JhU4lj}-m|E+oAgsmxGYlfLrbn5
zLu1;SZazHWUtxPv;M|d6Wo8ShlyAc(OVy_+dl{O0W1AfDbf8w=e(<2(P6u-2KQ!i~
zmE2n?pBi9j$F&!@utuft(GxFwG}CMdCU#yzf~M%F7a5R;j4CiR+U#ulv?6Du$<zu~
zG(mb@{3a7@RB+Z0V;PZL^a~u8Q@{n=5EI}zVpcj8G`y5{2dpW7+eXt{ixGn@@=X6?
zJi4e{61?iGH(583uX>hdKNABO4=cF+@?T4&cVq$0Gm87nM*;;9fxZGKh~lY4)}L?@
zARaMgu=X}{5!ht^`NuvK00ozRqT>V~^!Ho50@jb0Z_A7Rg*6FEy+QQBrHEicKRu$r
z+8wif^vMjk|76aw{rlEceA>K={w4`>|KQG{QuO!oYf_}c(Z7~o1NRMJg^-+_{B3Y>
zu1@veH87Y_J}St-+xNp3B>t@_YVnhm$IwRccQtQ_k$v(PSG57eT=<|`mzH!~S2BI~
za=U?tPhxlOW2xpMRtFTK0Du`M2#a!<_Z%rLk#-ctD)Zue_2a~uOnYv&8f$kWPV*_1
zr1vO<eJ)b$9kzsv_>CR=BK9d3yvAt1^+CV1(43P1m|a<V=Rrt^2~9Z*O|!%5S4a=w
zw-tH%KlG{?FXs=-C0lLVvA+w^ILTtc++UNoFAcrPM_~o$uF$WQq^i0u?`d8uQogU2
zmBT;p;r2}knFffx1i8m(zC^k6@yvDNz*m!pLH$w#Y>%_j00`J%x!aZw!}9CJ6C4go
zurm3^JDt_-Sb1JpXqaa<S6j7V$|eI0Ptn=hg1{NME3snDn;FmfS;yOTH=0-~TbL%)
znC06ENt&J3kuy(YX<;Fx*$PCuLX7lQ<C@LJ!N5250xB1@yeI`~zy2Ce+P4hb2{qwU
ztt{}Bz$Joz9O0>zfdvWb!CyyzzSDDk+K*9dSkARmnHu>JrqO{H7566KnQL@Svu@ha
z3U6v7Bqev9i_%Y!)bV*#%zt6&M@Rt+wX)C6Znnn->(ezp;Zy=1;xWBy!TJ}blt@K{
zAtWs@D}UxjvmR1Zp)3G7Sp&%$TW4CU-jUWLf#W9<k~Z5=^c!W0ap4odyIuLXD|rT$
z(`gl`Y@5a2l$Q{Z?!Se#LYOHXzwPSYo4$=IM<_wgV5DP`R>Yez&&wiZZ%U`Mq<6>}
zN!1QY3tN8%pCh#`xF7+k9$W*YD}o9B@cqg`;7(#qRi92Ds{AJH5_y(3COF$dy{J%*
z6R*{g&%C^<f6$q1uBYZtVB*M;xW4izODlTXlSrkniUk8_uIVV@_=4YJWFi5nZkNvc
zhXvhfi{HtI0{Fy2w)zSe$5(0jD)&RGB^j5d4C`({J!P<Di_F3k3N30isp4Dpm)q`J
z3G2s=z8@eCIGv)4@)dLG{YR&>*MJUAN2z`dtrnSfA3Rj~RRv#&&;o@vNUo}izTG)Z
zK2f0|A0SQBZbu_^v_LTnSm^Ek(PvB(R7f$E2f@ywfTaX2kEW#rYwRDmU!5hh$Vb@%
zB(%@$b>hj<-l7TwMZ4$kP?ofR20)<O`I@lY`QfjCMcOV25=df}P;`EM0@$<PwKa^<
z^JsRkrv23HRR4r}J)iHF|6gLNvx<#v`?dR~27h?ELbF+}1xBb;f{_oET~E+dtH_}S
zpcG~4Uf$k+bWE056x~j*x51%^?i)qgt_Lc)_okPBb(DrvRBcE^1h0`PYp@IqO->(T
z{`iLpz=yaA3}V{QkoK2klE?K@nNW7jCNDxJRA@atp2Tdi<S)|JbDE8Fkt|sZ1y6V?
z(Dk5Z&TuakKC5cVUC>%hhqK4tj%AHZv0&%0y8naF=Q`4KuI|AylEq#ltp?AowdP+7
zBfgUp&cC=D`JF}I&EZsAA(n;Je2I2oMfS+zd$++q%?Q|{>cN<z;^x#je@&cL+9&6{
zRg!$6wI<w-U*W!5ztIh^+zypfQVJ%CPZMarg6TRm48>~*iG4jSM4H2aphSTtJLguw
zj<h8)>EC)AD{JcbJpGRf$`^&N#C1Z~>B)wug7V}O?fc-sC?gich$_HJcMV+|E1_tw
z3g&oC;%UQJwd>o0Bv)rlRB%*2_4JtO<}{zZ6aVW3R#P#2Czmg5rXi+p-TM<Ufv)c(
z-_X$VhZeY)n0a_KwGwn`k3tx5E?4DXDt~%|<?F3}KFCETMEQ@0moF2T(E+4!hv?Fa
zPGVA~SjtB(7XJ5565jVeH<>RL@4Wg8mR)?1%5}1rbTeLW;mhhwxY>M&88bV3d7QZ{
zkq+%r6W^iRx`O0-*b8}`dPqhqaZjMA)2@QIUSuJO*VwvFMCH+KYAyGD5`^W<%#H9+
zne^1c>!>2QcMVoD4ef=Vm`-a`LXx%~(D9DBa9@^uCzieiH)xO8yli7x{#or0$0O)=
zPW^D-8<8(9z^B3UCoaL3u8fRE{3vCX{NT^{-U>p}a!2E_%4dlf8>>s?*91yOiLrPN
zlDVJPT2XO7Ds$}O-gvo@o2Qd@fBAdfab4N7-BBT(Y6ls)*usIsDvsq5lN2Y!xeP87
z97`;T`e6MNEMcp7#Q}HQ8GmfQJ?DC8{LmI|FgJ9Ls)T+<a>sJ{%4&0bq`%Z@APTzp
zV;kdn497~s_e*qN!d*>AJwE3(WHJp~XnS7~S$dGn@2=i(SgA$Hp{u&H{xu)-t?|!h
z0nbCfUnfO!w{PFh&AFbHXkD!=c&!}RWq~W1L|%!lKAdLfhi$Tkc?lfq?v#^L`DhRk
zrVd{|FzxNZ3-#1bI_4kAN&U5|${yP<Oy6qyiS1~x2*Sn4kM$C(06!?RhPr%;&OE8|
zoeVXh81;EV)(BZ4H6~PGw$V=O$M)MG2nd=K?|+_GiJ`2n`z~wV_{eqFyFzo3TKpNd
zgl5Y)n1gQ4r5($zQ#(3&i2)|SrKFuN?|t`xNBCCg9Kv}P5fk{}i(T%U0-c?<^i)T8
z*LMktCu-|;R^!!+>xBo`MY~OVK_Z25arOQZ$ClZ$FRYF2WMdiF1am2TyTs7Iuu|`P
zK!~_86iB>4h{_fTXkXv5QN!}PK__+o@I>&&=KX7wv{E6ikFph0H&!|0Ot1q&KbV~-
zMGS_h8O$&pm3tLdJFiU`|Iqg?%ICuVJUEIIG?^_v@^fg+_HI|<7wRC-qkVG(0(L*w
zI7xx0e9Y&rTwFj{tsb^Db=rzny-b41gmhXrXIf4$BJ40)<S|vn0F(JO%UA(_j&+!Q
zqczM#I>!9=&PC^aTWQ~uB-DAQN%o@@<LiX=TlO_Z>LjvmGn#~n^+Bn+kCSTDf}Rgk
zp~prR-cNN->c8ioe0En)D|L9ClCYVSo5x%iZg?KprdKx((mPBw;qJ+WPn*N2Xf5}-
zdWECLb#wj8<hb`bUQXEJRcxjD+->7C+RXfr?7Zzxj<czg!=O`{tuq?QUElj!bzzB%
zw7lz`rFe%LAKUPmjs6M+_+ZcLb*jrB2skiTwH?=G?n`G%cfGafO%^TG<meuZp!YKS
z9^7B%(y{p+`N*<qeU#NIhah4&)il)1%*N?<7RPJky@T>#hvVvOAM#b^UN`PL96hs6
z%DIR7poxgi>-n09h}GOm73)F|l{&Xy+cB1PWlPkMeWzdq(_=EmkfD%86*X1Ws1RAn
zM&es+d4#%O4jLGRV@cIabV=B;J2fbiUgy}54F!4$X>6**eK~HL8D(|ftRQxmq;?*N
z!}WTDg*qHw6Z$9+lg9Viq{-BKHTlS-;b!AL-JIFp?z@gcz?c9c6nwgMKzXzmAiHn;
zbDak#h~@6hbGGuJXkM_mI5&yfpPazcwf)nrujrDw0`RBW@q}llXQ&K|78^i>bB`~v
zp+SjBU;^3{9iN6O1fHRg|L!mMT0krga~CZ&!|-Xkbcci5W(1RR&aNuyytp>e$B~q4
zXlWm5dw|%IAnE*FLeh~q%W5<q#<S)$49zG_Ner11C0Jhg$9^)h)oqDBy8#nqutcWC
r{HkbgblROR7DmH)xVK0tX^*iDn!{D!_+-7q0RLnp6(kBC>ihm1Rf%y#

literal 0
HcmV?d00001

diff --git a/fast/extras/00-cicd-github/main.tf b/fast/extras/00-cicd-github/main.tf
index 338acc6965..140230d06d 100644
--- a/fast/extras/00-cicd-github/main.tf
+++ b/fast/extras/00-cicd-github/main.tf
@@ -16,65 +16,69 @@
 
 locals {
   _modules_repository = [
-    for k, v in var.repositories : k if v.modules_source
+    for k, v in var.repositories : local.repositories[k] if v.has_modules
   ]
-  _populate_md = flatten([
+  _repository_files = flatten([
     for k, v in var.repositories : [
-      for f in fileset(path.module, "${v.populate_with}/*.md") : {
+      for f in concat(
+        [for f in fileset(path.module, "${v.populate_from}/*.md") : f],
+        [for f in fileset(path.module, "${v.populate_from}/*.tf") : f]
+        ) : {
         repository = k
         file       = f
-        name       = replace(f, "${v.populate_with}/", "")
+        name       = replace(f, "${v.populate_from}/", "")
       }
-    ] if v.populate_with != null
-  ])
-  _populate_tf = flatten([
-    for k, v in var.repositories : [
-      for f in fileset(path.module, "${v.populate_with}/*.tf") : {
-        repository = k
-        file       = f
-        name       = replace(f, "${v.populate_with}/", "")
-      }
-    ] if v.populate_with != null
+    ] if v.populate_from != null
   ])
   modules_repository = (
-    length(local._modules_repository) > 0 ? local._modules_repository.0 : null
+    length(local._modules_repository) > 0
+    ? local._modules_repository.0
+    : null
   )
+  repositories = {
+    for k, v in var.repositories :
+    k => v.create_options == null ? k : github_repository.default[k].name
+  }
   repository_files = {
-    for k in concat(
-      local._populate_md,
-      [
-        for f in local._populate_tf :
-        f if !startswith(f.name, "0") && f.name != "globals.tf"
-      ]
-    ) : "${k.repository}/${k.name}" => k
+    for k in local._repository_files :
+    "${k.repository}/${k.name}" => k
+    if !endswith(k.name, ".tf") || (
+      !startswith(k.name, "0") && k.name != "globals.tf"
+    )
   }
 }
 
 resource "github_repository" "default" {
-  for_each = var.repositories
-  name     = each.key
+  for_each = {
+    for k, v in var.repositories : k => v if v.create_options != null
+  }
+  name = each.key
   description = (
-    each.value.description != null
-    ? each.value.description
+    each.value.create_options.description != null
+    ? each.value.create_options.description
     : "FAST stage ${each.key}."
   )
-  visibility         = each.value.visibility
-  auto_init          = each.value.auto_init
-  allow_auto_merge   = try(each.value.allow.auto_merge, null)
-  allow_merge_commit = try(each.value.allow.merge_commit, null)
-  allow_rebase_merge = try(each.value.allow.rebase_merge, null)
-  allow_squash_merge = try(each.value.allow.squash_merge, null)
-  has_issues         = try(each.value.features.issues, null)
-  has_projects       = try(each.value.features.projects, null)
-  has_wiki           = try(each.value.features.wiki, null)
-  gitignore_template = try(each.value.templates.gitignore, null)
-  license_template   = try(each.value.templates.license, null)
+  visibility         = each.value.create_options.visibility
+  auto_init          = each.value.create_options.auto_init
+  allow_auto_merge   = try(each.value.create_options.allow.auto_merge, null)
+  allow_merge_commit = try(each.value.create_options.allow.merge_commit, null)
+  allow_rebase_merge = try(each.value.create_options.allow.rebase_merge, null)
+  allow_squash_merge = try(each.value.create_options.allow.squash_merge, null)
+  has_issues         = try(each.value.create_options.features.issues, null)
+  has_projects       = try(each.value.create_options.features.projects, null)
+  has_wiki           = try(each.value.create_options.features.wiki, null)
+  gitignore_template = try(each.value.create_options.templates.gitignore, null)
+  license_template   = try(each.value.create_options.templates.license, null)
 
   dynamic "template" {
-    for_each = try(each.value.templates.repository, null) != null ? [""] : []
+    for_each = (
+      try(each.value.create_options.templates.repository, null) != null
+      ? [""]
+      : []
+    )
     content {
-      owner      = each.value.templates.repository.owner
-      repository = each.value.templates.repository.name
+      owner      = each.value.create_options.templates.repository.owner
+      repository = each.value.create_options.templates.repository.name
     }
   }
 }
@@ -85,15 +89,23 @@ resource "tls_private_key" "default" {
 }
 
 resource "github_actions_secret" "default" {
-  count           = local.modules_repository != null ? 1 : 0
-  repository      = github_repository.default[local.modules_repository].name
+  for_each = local.modules_repository == null ? {} : {
+    for k, v in local.repositories :
+    k => v if(
+      k != local.modules_repository &&
+      var.repositories[k].populate_from != null
+    )
+  }
+  repository      = local.repositories[local.modules_repository]
   secret_name     = "CICD_MODULES_KEY"
   plaintext_value = tls_private_key.default.0.private_key_openssh
 }
 
 resource "github_repository_file" "default" {
-  for_each   = local.repository_files
-  repository = github_repository.default[each.value.repository].name
+  for_each = (
+    local.modules_repository == null ? {} : local.repository_files
+  )
+  repository = local.repositories[each.value.repository]
   branch     = "main"
   file       = each.value.name
   content = (
diff --git a/fast/extras/00-cicd-github/variables.tf b/fast/extras/00-cicd-github/variables.tf
index 21f2833466..29b79225e8 100644
--- a/fast/extras/00-cicd-github/variables.tf
+++ b/fast/extras/00-cicd-github/variables.tf
@@ -33,30 +33,32 @@ variable "organization" {
 variable "repositories" {
   description = "Repositories to create."
   type = map(object({
-    allow = optional(object({
-      auto_merge   = optional(bool)
-      merge_commit = optional(bool)
-      rebase_merge = optional(bool)
-      squash_merge = optional(bool)
-    }))
-    auto_init   = optional(bool)
-    description = optional(string)
-    features = optional(object({
-      issues   = optional(bool)
-      projects = optional(bool)
-      wiki     = optional(bool)
-    }))
-    modules_source = optional(bool, false)
-    templates = optional(object({
-      gitignore = optional(string, "Terraform")
-      license   = optional(string)
-      repository = optional(object({
-        name  = string
-        owner = string
+    create_options = optional(object({
+      allow = optional(object({
+        auto_merge   = optional(bool)
+        merge_commit = optional(bool)
+        rebase_merge = optional(bool)
+        squash_merge = optional(bool)
       }))
-    }), {})
-    populate_with = optional(string)
-    visibility    = optional(string, "private")
+      auto_init   = optional(bool)
+      description = optional(string)
+      features = optional(object({
+        issues   = optional(bool)
+        projects = optional(bool)
+        wiki     = optional(bool)
+      }))
+      templates = optional(object({
+        gitignore = optional(string, "Terraform")
+        license   = optional(string)
+        repository = optional(object({
+          name  = string
+          owner = string
+        }))
+      }), {})
+      visibility = optional(string, "private")
+    }))
+    has_modules   = optional(bool, false)
+    populate_from = optional(string)
   }))
   default  = {}
   nullable = true
diff --git a/fast/extras/README.md b/fast/extras/README.md
new file mode 100644
index 0000000000..121fa4b049
--- /dev/null
+++ b/fast/extras/README.md
@@ -0,0 +1,5 @@
+# FAST extra stages
+
+This folder contains additional helper stages for FAST, which can be used to simplify specific operational tasks:
+
+- [GitHub repository management](./00-cicd-github/)

From a7c47c0e369845d44e2253497a204bf005012705 Mon Sep 17 00:00:00 2001
From: Ludovico Magnocavallo <ludomagno@google.com>
Date: Sun, 23 Oct 2022 17:54:20 +0200
Subject: [PATCH 6/8] tfdoc

---
 fast/extras/00-cicd-github/README.md        | 22 +++++++++++++++++++++
 fast/extras/00-cicd-github/cicd-versions.tf |  2 ++
 fast/extras/00-cicd-github/providers.tf     |  2 ++
 3 files changed, 26 insertions(+)

diff --git a/fast/extras/00-cicd-github/README.md b/fast/extras/00-cicd-github/README.md
index ee06d73b44..ee8cf51fef 100644
--- a/fast/extras/00-cicd-github/README.md
+++ b/fast/extras/00-cicd-github/README.md
@@ -68,3 +68,25 @@ Finally, a `commit_config` variable is optional: it can be used to configure aut
 ## Modules secret
 
 When initial population is configured for a repository, this stage also adds a secret with the private key used to authenticate against the modules repository. This matches the configuration of the GitHub workflow files created for each FAST stage when CI/CD is enabled.
+
+<!-- TFDOC OPTS files:1 -->
+<!-- BEGIN TFDOC -->
+
+## Files
+
+| name | description | resources |
+|---|---|---|
+| [cicd-versions.tf](./cicd-versions.tf) | provider version |  |
+| [main.tf](./main.tf) | Module-level locals and resources. | <code>github_actions_secret</code> · <code>github_repository</code> · <code>github_repository_file</code> · <code>tls_private_key</code> |
+| [providers.tf](./providers.tf) | provider configuration |  |
+| [variables.tf](./variables.tf) | Module variables. |  |
+
+## Variables
+
+| name | description | type | required | default |
+|---|---|:---:|:---:|:---:|
+| [organization](variables.tf#L28) | GitHub organization. | <code>string</code> | ✓ |  |
+| [commmit_config](variables.tf#L17) | Configure commit metadata. | <code title="object&#40;&#123;&#10;  author  &#61; optional&#40;string, &#34;FAST loader&#34;&#41;&#10;  email   &#61; optional&#40;string, &#34;fast-loader&#64;fast.gcp.tf&#34;&#41;&#10;  message &#61; optional&#40;string, &#34;FAST initial loading&#34;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code>&#123;&#125;</code> |
+| [repositories](variables.tf#L33) | Repositories to create. | <code title="map&#40;object&#40;&#123;&#10;  create_options &#61; optional&#40;object&#40;&#123;&#10;    allow &#61; optional&#40;object&#40;&#123;&#10;      auto_merge   &#61; optional&#40;bool&#41;&#10;      merge_commit &#61; optional&#40;bool&#41;&#10;      rebase_merge &#61; optional&#40;bool&#41;&#10;      squash_merge &#61; optional&#40;bool&#41;&#10;    &#125;&#41;&#41;&#10;    auto_init   &#61; optional&#40;bool&#41;&#10;    description &#61; optional&#40;string&#41;&#10;    features &#61; optional&#40;object&#40;&#123;&#10;      issues   &#61; optional&#40;bool&#41;&#10;      projects &#61; optional&#40;bool&#41;&#10;      wiki     &#61; optional&#40;bool&#41;&#10;    &#125;&#41;&#41;&#10;    templates &#61; optional&#40;object&#40;&#123;&#10;      gitignore &#61; optional&#40;string, &#34;Terraform&#34;&#41;&#10;      license   &#61; optional&#40;string&#41;&#10;      repository &#61; optional&#40;object&#40;&#123;&#10;        name  &#61; string&#10;        owner &#61; string&#10;      &#125;&#41;&#41;&#10;    &#125;&#41;, &#123;&#125;&#41;&#10;    visibility &#61; optional&#40;string, &#34;private&#34;&#41;&#10;  &#125;&#41;&#41;&#10;  has_modules   &#61; optional&#40;bool, false&#41;&#10;  populate_from &#61; optional&#40;string&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> |  | <code>&#123;&#125;</code> |
+
+<!-- END TFDOC -->
diff --git a/fast/extras/00-cicd-github/cicd-versions.tf b/fast/extras/00-cicd-github/cicd-versions.tf
index 3186511c6f..e6528a6de3 100644
--- a/fast/extras/00-cicd-github/cicd-versions.tf
+++ b/fast/extras/00-cicd-github/cicd-versions.tf
@@ -14,6 +14,8 @@
  * limitations under the License.
  */
 
+# tfdoc:file:description provider version
+
 terraform {
   required_version = ">= 1.3.1"
   required_providers {
diff --git a/fast/extras/00-cicd-github/providers.tf b/fast/extras/00-cicd-github/providers.tf
index 63954de899..979c642de0 100644
--- a/fast/extras/00-cicd-github/providers.tf
+++ b/fast/extras/00-cicd-github/providers.tf
@@ -14,6 +14,8 @@
  * limitations under the License.
  */
 
+# tfdoc:file:description provider configuration
+
 provider "github" {
   owner = var.organization
 }

From 95ca32d2b2cbf3fae3a04cccb3586441c8bdec1b Mon Sep 17 00:00:00 2001
From: Ludovico Magnocavallo <ludomagno@google.com>
Date: Sun, 23 Oct 2022 17:55:13 +0200
Subject: [PATCH 7/8] tfdoc

---
 fast/extras/00-cicd-github/README.md        | 4 ++--
 fast/extras/00-cicd-github/cicd-versions.tf | 2 +-
 fast/extras/00-cicd-github/providers.tf     | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/fast/extras/00-cicd-github/README.md b/fast/extras/00-cicd-github/README.md
index ee8cf51fef..3094202ad2 100644
--- a/fast/extras/00-cicd-github/README.md
+++ b/fast/extras/00-cicd-github/README.md
@@ -76,9 +76,9 @@ When initial population is configured for a repository, this stage also adds a s
 
 | name | description | resources |
 |---|---|---|
-| [cicd-versions.tf](./cicd-versions.tf) | provider version |  |
+| [cicd-versions.tf](./cicd-versions.tf) | Provider version. |  |
 | [main.tf](./main.tf) | Module-level locals and resources. | <code>github_actions_secret</code> · <code>github_repository</code> · <code>github_repository_file</code> · <code>tls_private_key</code> |
-| [providers.tf](./providers.tf) | provider configuration |  |
+| [providers.tf](./providers.tf) | Provider configuration. |  |
 | [variables.tf](./variables.tf) | Module variables. |  |
 
 ## Variables
diff --git a/fast/extras/00-cicd-github/cicd-versions.tf b/fast/extras/00-cicd-github/cicd-versions.tf
index e6528a6de3..09f544cba0 100644
--- a/fast/extras/00-cicd-github/cicd-versions.tf
+++ b/fast/extras/00-cicd-github/cicd-versions.tf
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-# tfdoc:file:description provider version
+# tfdoc:file:description Provider version.
 
 terraform {
   required_version = ">= 1.3.1"
diff --git a/fast/extras/00-cicd-github/providers.tf b/fast/extras/00-cicd-github/providers.tf
index 979c642de0..29be30ae98 100644
--- a/fast/extras/00-cicd-github/providers.tf
+++ b/fast/extras/00-cicd-github/providers.tf
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-# tfdoc:file:description provider configuration
+# tfdoc:file:description Provider configuration.
 
 provider "github" {
   owner = var.organization

From 937ce139c6a94e0de7fdccc38a54a1cda8b9fdcb Mon Sep 17 00:00:00 2001
From: Simone Ruffilli <sruffilli@google.com>
Date: Sun, 23 Oct 2022 19:37:01 +0200
Subject: [PATCH 8/8] Update README.md

---
 fast/extras/00-cicd-github/README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fast/extras/00-cicd-github/README.md b/fast/extras/00-cicd-github/README.md
index 3094202ad2..2db9952c51 100644
--- a/fast/extras/00-cicd-github/README.md
+++ b/fast/extras/00-cicd-github/README.md
@@ -11,7 +11,7 @@ Initial file population of repositories is controlled via the `populate_from` at
 - never run this stage gain with the same variables used for population once the repository starts being used,  as **Terraform will manage file state and revert any changes at each apply**, which is probably not what you want.
 - be mindful when enabling initial population of the modules repository, as the number of resulting files to manage is very close to the GitHub hourly limit for their API
 
-The scenario for which this stage has been designed is one-shot creation and/or population of stage repositories, running it multiple times with different variables and Terraform states if incrmental creation is needed for subsequent FAST stages (e.g. GKE, data platform, etc.).
+The scenario for which this stage has been designed is one-shot creation and/or population of stage repositories, running it multiple times with different variables and Terraform states if incremental creation is needed for subsequent FAST stages (e.g. GKE, data platform, etc.).
 
 ## GitHub provider credentials