From 2675df37ebdb74efbda6a9a1e97c6d750b6c17e1 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@renovateapp.com>
Date: Fri, 24 Jan 2025 23:13:28 +0000
Subject: [PATCH 1/3] SKIP UPDATE CHECK Update Ironbank to v17.8.1
---
chart/Chart.yaml | 30 +++++++++++++++---------------
chart/values.yaml | 30 +++++++++++++++---------------
tests/images.txt | 4 ++--
3 files changed, 32 insertions(+), 32 deletions(-)
diff --git a/chart/Chart.yaml b/chart/Chart.yaml
index 2c289c66f..71fef3b9a 100644
--- a/chart/Chart.yaml
+++ b/chart/Chart.yaml
@@ -1,8 +1,8 @@
---
apiVersion: v1
name: gitlab
-version: 8.7.4-bb.1
-appVersion: 17.7.2
+version: 8.8.1-bb.0
+appVersion: 17.8.1
description: GitLab is the most comprehensive AI-powered DevSecOps Platform.
keywords:
- gitlab
@@ -16,7 +16,7 @@ maintainers:
annotations:
bigbang.dev/maintenanceTrack: bb_integrated
bigbang.dev/applicationVersions: |
- - Gitlab: 17.7.2
+ - Gitlab: 17.8.1
bigbang.dev/upstreamReleaseNotesMarkdown: |
The [upstream chart's release notes](https://gitlab.com/gitlab-org/charts/gitlab/-/blob/master/CHANGELOG.md) may help when reviewing this package.
helm.sh/images: |
@@ -27,29 +27,29 @@ annotations:
condition: redis.install
image: registry1.dso.mil/ironbank/bitnami/redis:7.4.2
- name: alpine-certificates
- image: registry1.dso.mil/ironbank/gitlab/gitlab/certificates:17.7.2
+ image: registry1.dso.mil/ironbank/gitlab/gitlab/certificates:17.8.1
- name: cfssl-self-sign
condition: shared-secrets.enabled
image: registry1.dso.mil/ironbank/gitlab/gitlab/cfssl-self-sign:1.6.1
- name: gitaly
- image: registry1.dso.mil/ironbank/gitlab/gitlab/gitaly:17.7.2
+ image: registry1.dso.mil/ironbank/gitlab/gitlab/gitaly:17.8.1
- name: gitlab-container-registry
condition: registry.enabled
- image: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-container-registry:17.7.2
+ image: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-container-registry:17.8.1
- name: gitlab-shell
- image: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-shell:17.7.2
+ image: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-shell:17.8.1
- name: gitlab-sidekiq
- image: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-sidekiq:17.7.2
+ image: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-sidekiq:17.8.1
- name: gitlab-toolbox
- image: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-toolbox:17.7.2
+ image: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-toolbox:17.8.1
- name: gitlab-webservice
- image: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-webservice:17.7.2
+ image: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-webservice:17.8.1
- name: gitlab-workhorse
- image: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-workhorse:17.7.2
+ image: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-workhorse:17.8.1
- name: gitlab-pages
- image: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-pages:17.7.2
+ image: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-pages:17.8.1
- name: kubectl
- image: registry1.dso.mil/ironbank/gitlab/gitlab/kubectl:17.7.2
+ image: registry1.dso.mil/ironbank/gitlab/gitlab/kubectl:17.8.1
- name: mc
image: registry1.dso.mil/ironbank/opensource/minio/mc:RELEASE.2024-10-02T08-27-28Z
- name: minio
@@ -61,10 +61,10 @@ annotations:
condition: upgradeCheck.enabled
image: registry1.dso.mil/ironbank/redhat/ubi/ubi9:9.5
- name: gitlab-base
- image: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-base:17.7.2
+ image: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-base:17.8.1
- name: gitlab-exporter
condition: gitlab.gitlab-exporter.enabled
- image: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-exporter:17.7.2
+ image: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-exporter:17.8.1
- name: bbtests
condition: bbtests.enabled
image: registry1.dso.mil/bigbang-ci/gitlab-tester:0.0.4
diff --git a/chart/values.yaml b/chart/values.yaml
index 6ebcac5ec..ae4e61c25 100644
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -825,7 +825,7 @@ global:
certificates:
image:
repository: registry1.dso.mil/ironbank/gitlab/gitlab/certificates
- tag: 17.7.2
+ tag: 17.8.1
pullSecrets:
- name: private-registry
init:
@@ -874,7 +874,7 @@ global:
kubectl:
image:
repository: registry1.dso.mil/ironbank/gitlab/gitlab/kubectl
- tag: 17.7.2
+ tag: 17.8.1
pullSecrets:
- name: private-registry
securityContext:
@@ -891,7 +891,7 @@ global:
# 1. UBI does not have the newly required /scripts/set-config template generator in its entrypoint.
# a. trying gitlab-base per https://repo1.dso.mil/dsop/gitlab/gitlab/gitlab-base/-/issues/77
repository: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-base
- tag: "17.7.2"
+ tag: "17.8.1"
pullSecrets:
- name: private-registry
@@ -1478,7 +1478,7 @@ registry:
memory: 1024Mi
image:
repository: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-container-registry
- tag: 17.7.2
+ tag: 17.8.1
pullSecrets:
- name: private-registry
ingress:
@@ -1618,7 +1618,7 @@ gitlab:
app: gitaly
image:
repository: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-toolbox
- tag: 17.7.2
+ tag: 17.8.1
pullSecrets:
- name: private-registry
init:
@@ -1695,7 +1695,7 @@ gitlab:
- ALL
image:
repository: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-exporter
- tag: 17.7.2
+ tag: 17.8.1
pullSecrets:
- name: private-registry
metrics:
@@ -1740,7 +1740,7 @@ gitlab:
memory: 1.5G
image:
repository: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-toolbox
- tag: 17.7.2
+ tag: 17.8.1
pullSecrets:
- name: private-registry
securityContext:
@@ -1789,7 +1789,7 @@ gitlab:
memory: 2.5G # = 2 * 1.25G assuming there are 2 workerProcesses configured
image:
repository: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-webservice
- tag: 17.7.2
+ tag: 17.8.1
pullSecrets:
- name: private-registry
workhorse:
@@ -1802,7 +1802,7 @@ gitlab:
cpu: 600m
memory: 2.5G
image: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-workhorse
- tag: 17.7.2
+ tag: 17.8.1
pullSecrets:
- name: private-registry
metrics:
@@ -1826,7 +1826,7 @@ gitlab:
sidekiq:
image:
repository: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-sidekiq
- tag: 17.7.2
+ tag: 17.8.1
pullSecrets:
- name: private-registry
init:
@@ -1863,7 +1863,7 @@ gitlab:
gitaly:
image:
repository: registry1.dso.mil/ironbank/gitlab/gitlab/gitaly
- tag: 17.7.2
+ tag: 17.8.1
pullSecrets:
- name: private-registry
init:
@@ -1904,7 +1904,7 @@ gitlab:
gitlab-shell:
image:
repository: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-shell
- tag: 17.7.2
+ tag: 17.8.1
pullSecrets:
- name: private-registry
init:
@@ -1948,7 +1948,7 @@ gitlab:
mailroom:
image:
repository: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-mailroom
- tag: 17.7.2
+ tag: 17.8.1
pullSecrets:
- name: private-registry
containerSecurityContext:
@@ -1965,7 +1965,7 @@ gitlab:
type: ClusterIP
image:
repository: registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-pages
- tag: 17.7.2
+ tag: 17.8.1
containerSecurityContext:
capabilities:
drop:
@@ -1976,7 +1976,7 @@ gitlab:
praefect:
image:
repository: registry1.dso.mil/ironbank/gitlab/gitlab/gitaly
- tag: 17.7.2
+ tag: 17.8.1
init:
resources:
limits:
diff --git a/tests/images.txt b/tests/images.txt
index 4a0d41c59..a2e288edd 100644
--- a/tests/images.txt
+++ b/tests/images.txt
@@ -1,2 +1,2 @@
-registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-exporter:17.7.2
-registry1.dso.mil/ironbank/gitlab/gitlab/kubectl:17.7.2
+registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-exporter:17.8.1
+registry1.dso.mil/ironbank/gitlab/gitlab/kubectl:17.8.1
--
GitLab
From a57bf0f77e86a3b0ccd4e4e03641096ad9cc0674 Mon Sep 17 00:00:00 2001
From: Matt Vasquez <evasquez@bridgephase.com>
Date: Fri, 24 Jan 2025 17:53:33 -0600
Subject: [PATCH 2/3] update "chart"
(https://gitlab.com/gitlab-org/charts/gitlab) from "v8.7.4"
(6ac93b61b25b1e7db4d7dc0c7549d1f85670887e) to "v8.8.1"
(c9cc7286394007b8b8f1e04649658a089aeee4a0)
---
chart/.gitlab-ci.yml | 14 ++-
chart/.gitlab/ci/checks.yml | 17 +++-
chart/.gitlab/ci/operator.gitlab-ci.yml | 7 +-
chart/.gitlab/ci/review-docs.yml | 1 +
chart/CHANGELOG.md | 38 ++++++--
chart/Kptfile | 4 +-
chart/charts/certmanager-issuer/Chart.yaml | 2 +-
.../templates/issuer-job.yaml | 1 +
chart/charts/certmanager-issuer/values.yaml | 2 +
.../gitlab/charts/geo-logcursor/Chart.yaml | 4 +-
chart/charts/gitlab/charts/gitaly/Chart.yaml | 4 +-
.../gitaly/templates/_statefulset_spec.yaml | 3 +
chart/charts/gitlab/charts/gitaly/values.yaml | 4 +
.../gitlab/charts/gitlab-exporter/Chart.yaml | 4 +-
.../gitlab/charts/gitlab-pages/Chart.yaml | 4 +-
.../gitlab/charts/gitlab-shell/Chart.yaml | 2 +-
chart/charts/gitlab/charts/kas/Chart.yaml | 4 +-
.../gitlab/charts/kas/templates/_helpers.tpl | 3 +-
.../charts/gitlab/charts/mailroom/Chart.yaml | 4 +-
.../gitlab/charts/migrations/Chart.yaml | 4 +-
.../charts/gitlab/charts/praefect/Chart.yaml | 4 +-
chart/charts/gitlab/charts/sidekiq/Chart.yaml | 4 +-
.../charts/gitlab/charts/spamcheck/Chart.yaml | 2 +-
chart/charts/gitlab/charts/toolbox/Chart.yaml | 4 +-
.../gitlab/charts/webservice/Chart.yaml | 4 +-
.../charts/webservice/templates/_helpers.tpl | 1 +
chart/charts/gitlab/templates/_redis.tpl | 13 ++-
chart/charts/registry/Chart.yaml | 2 +-
chart/charts/registry/values.yaml | 2 +-
chart/danger/chart-version/Dangerfile | 9 ++
.../external-omnibus-gitaly.md | 2 +-
chart/doc/advanced/external-redis/index.md | 1 +
chart/doc/charts/certmanager-issuer/index.md | 1 +
chart/doc/charts/gitlab/gitaly/index.md | 1 +
chart/doc/charts/gitlab/migrations/index.md | 1 -
chart/doc/charts/globals.md | 8 +-
chart/doc/charts/registry/index.md | 6 +-
chart/doc/development/ci.md | 4 +-
chart/doc/installation/cloud/index.md | 2 +-
chart/doc/installation/secrets.md | 5 +-
chart/doc/installation/upgrade.md | 4 +-
chart/doc/installation/version_mappings.md | 5 +-
chart/doc/releases/8_0.md | 35 +++++++
chart/requirements.yaml | 2 +-
.../configuration/certmanager_issuer_spec.rb | 96 +++++++++++++++++++
chart/spec/configuration/gitaly_spec.rb | 36 +++++++
.../configuration/gitlab_exporter_spec.rb | 23 ++++-
chart/spec/configuration/kas_spec.rb | 55 +++++++++++
chart/spec/configuration/mailroom_spec.rb | 16 +++-
chart/spec/configuration/redis_spec.rb | 20 ++++
chart/spec/configuration/workhorse_spec.rb | 61 ++++++++++--
chart/spec/gitlab_test_helper.rb | 4 +-
chart/templates/_redis.tpl | 2 +-
chart/values.yaml | 3 +-
54 files changed, 484 insertions(+), 80 deletions(-)
create mode 100644 chart/danger/chart-version/Dangerfile
create mode 100644 chart/spec/configuration/certmanager_issuer_spec.rb
diff --git a/chart/.gitlab-ci.yml b/chart/.gitlab-ci.yml
index e5cc6f01c..b4853e2e1 100644
--- a/chart/.gitlab-ci.yml
+++ b/chart/.gitlab-ci.yml
@@ -50,7 +50,7 @@ variables:
DEBIAN_VERSION: bookworm
RUBY_VERSION: "3.1.5"
CI_TOOLS_VERSION: "4.22.0"
- GITLAB_QA_VERSION: "14.20.0"
+ GITLAB_QA_VERSION: "15.0.0"
# STRICT_VERSIONS is used in RSpecs to ensure exact version match for tools like "helm" and "kubectl"
STRICT_VERSIONS: "true"
KUBE_CRD_SCHEMA_URL: "https://raw.githubusercontent.com/kubernetes/kubernetes/master/api/openapi-spec/v3/apis__apiextensions.k8s.io__v1_openapi.json"
@@ -238,6 +238,8 @@ trigger_review_current:
- job: pin_image_versions
rules:
- !reference [.rule:skip_if_fork]
+ - if: '$PIPELINE_TYPE == "DOCS_PIPELINE"'
+ when: never
- if: '$CI_PIPELINE_SOURCE != "pipeline" && $CI_PIPELINE_SOURCE != "parent_pipeline" && $PIPELINE_TYPE =~ /DEFAULT_BRANCH_PIPELINE$/ '
- if: '$CI_PIPELINE_SOURCE != "pipeline" && $CI_PIPELINE_SOURCE != "parent_pipeline" && $PIPELINE_TYPE =~ /STABLE_BRANCH_PIPELINE$/ '
- if: '$CI_PIPELINE_SOURCE != "pipeline" && $CI_PIPELINE_SOURCE != "parent_pipeline"'
@@ -248,6 +250,8 @@ trigger_review_current:
.trigger_review_current:
rules:
- !reference [.rule:skip_if_fork]
+ - if: '$PIPELINE_TYPE == "DOCS_PIPELINE"'
+ when: never
- if: '$CI_PIPELINE_SOURCE != "pipeline" && $CI_PIPELINE_SOURCE != "parent_pipeline"'
# Triggered from CNG
- if: '$CI_PIPELINE_SOURCE == "pipeline" && $TEST_BRANCH == "true"'
@@ -263,6 +267,8 @@ trigger_review_secondary:
optional: true
- job: pin_image_versions
rules:
+ - if: '$PIPELINE_TYPE == "DOCS_PIPELINE"'
+ when: never
- !reference [.rule:skip_if_fork]
- if: '$CI_PIPELINE_SOURCE != "pipeline" && $CI_PIPELINE_SOURCE != "parent_pipeline"'
when: manual
@@ -271,6 +277,8 @@ trigger_review_secondary:
.trigger_review_secondary:
rules:
+ - if: '$PIPELINE_TYPE == "DOCS_PIPELINE"'
+ when: never
- !reference [.rule:skip_if_fork]
- if: '$CI_PIPELINE_SOURCE != "pipeline" && $CI_PIPELINE_SOURCE != "parent_pipeline"'
- if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
@@ -281,8 +289,10 @@ trigger_review_secondary:
include:
- local: .gitlab-ci.yml
strategy: depend
+ forward:
+ pipeline_variables: true
inherit:
- variables:
+ variables:
- PIPELINE_TYPE
- REVIEW_REF_PREFIX
- LIMIT_TO
diff --git a/chart/.gitlab/ci/checks.yml b/chart/.gitlab/ci/checks.yml
index 983b999b5..9106ece35 100644
--- a/chart/.gitlab/ci/checks.yml
+++ b/chart/.gitlab/ci/checks.yml
@@ -64,6 +64,22 @@ check_docs_links:
- if: '$PIPELINE_TYPE =~ /MR_PIPELINE$/'
- if: '$PIPELINE_TYPE =~ /BRANCH_PIPELINE$/'
+# https://github.com/zegl/kube-score
+# Initially motivated to detect duplicated environment variable definitions
+kube-score:
+ image:
+ name: "zegl/kube-score:v1.19.0@sha256:94137f32ce139dc9fbdbbd380249025e4d378c282ff151a100b981cdeeb923b6"
+ entrypoint: [""]
+ stage: prepare
+ script:
+ - helm dependency build
+ - helm template . --set certmanager-issuer.email=gitlab@example.com > /tmp/test.yaml
+ - /kube-score score --ignore-container-cpu-limit --ignore-container-memory-limit --ignore-test "container-image-pull-policy,container-security-context-user-group-id,container-ephemeral-storage-request-and-limit,container-security-context-readonlyrootfilesystem,pod-probes,pod-networkpolicy,container-resources,deployment-has-poddisruptionbudget,deployment-replicas,deployment-has-host-podantiaffinity" /tmp/test.yaml
+ rules:
+ - if: '$PIPELINE_TYPE == "DOCS_PIPELINE"'
+ - if: '$PIPELINE_TYPE =~ /MR_PIPELINE$/'
+ - if: '$PIPELINE_TYPE =~ /BRANCH_PIPELINE$/'
+
lint_package:
stage: preflight
when: always
@@ -100,4 +116,3 @@ specs_without_cluster:
- if: '$PIPELINE_TYPE == "AUTO_DEPLOY_PIPELINE"'
- if: '$PIPELINE_TYPE == "RELEASE_PIPELINE"'
needs: ['lint_package']
-
diff --git a/chart/.gitlab/ci/operator.gitlab-ci.yml b/chart/.gitlab/ci/operator.gitlab-ci.yml
index 1f538d8a7..b1571eb07 100644
--- a/chart/.gitlab/ci/operator.gitlab-ci.yml
+++ b/chart/.gitlab/ci/operator.gitlab-ci.yml
@@ -6,9 +6,10 @@ trigger_operator_test:
variables:
CHARTS_REF: "${CI_COMMIT_SHA}"
TRIGGER_PROJECT: "${CI_PROJECT_PATH}"
+ PIPELINE_TYPE: "${PIPELINE_TYPE}"
inherit:
variables: false
- when: manual
rules:
- - if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PIPELINE_SOURCE == "merge_request_event"'
-
+ - if: '$PIPELINE_TYPE == "DOCS_PIPELINE"'
+ when: never
+ - when: manual
diff --git a/chart/.gitlab/ci/review-docs.yml b/chart/.gitlab/ci/review-docs.yml
index 1ee9775b8..8f3077adb 100644
--- a/chart/.gitlab/ci/review-docs.yml
+++ b/chart/.gitlab/ci/review-docs.yml
@@ -4,6 +4,7 @@
stage: review
cache: {}
dependencies: []
+ needs: []
before_script:
- gem install gitlab --no-doc
# We need to download the script rather than clone the repo since the
diff --git a/chart/CHANGELOG.md b/chart/CHANGELOG.md
index 32602ce36..6f8780376 100644
--- a/chart/CHANGELOG.md
+++ b/chart/CHANGELOG.md
@@ -2,6 +2,30 @@
documentation](doc/development/changelog.md) for instructions on adding your own
entry.
+## 8.8.1 (2025-01-22)
+
+No changes.
+
+## 8.8.0 (2025-01-15)
+
+### Added (1 change)
+
+- [Support configuring redis database number](https://gitlab.com/gitlab-org/charts/gitlab/-/commit/8338b2142ebb22b256420adb656addd7a7e2be95) by @gpongelli ([merge request](https://gitlab.com/gitlab-org/charts/gitlab/-/merge_requests/3995))
+
+### Fixed (3 changes)
+
+- [Remove duplicate TZ keys in Gitaly StatefulSet](https://gitlab.com/gitlab-org/charts/gitlab/-/commit/344ee5e80a92b8880187f60c4f8833e42e01c9d2) ([merge request](https://gitlab.com/gitlab-org/charts/gitlab/-/merge_requests/4046))
+- [Revert certmanager-issuer time zone change](https://gitlab.com/gitlab-org/charts/gitlab/-/commit/703c18ffc1feab1cda16c02f7acca70f871aac11) ([merge request](https://gitlab.com/gitlab-org/charts/gitlab/-/merge_requests/4043))
+- [Shared Secrets: consume idiomatic returns from yq](https://gitlab.com/gitlab-org/charts/gitlab/-/commit/19e1aa90c41e3559959f27b4a3baf67669905400) ([merge request](https://gitlab.com/gitlab-org/charts/gitlab/-/merge_requests/4039))
+
+### Changed (5 changes)
+
+- [Update dependency gitlab-exporter to v15.1.0](https://gitlab.com/gitlab-org/charts/gitlab/-/commit/13bc443fde1001e18db458f3d123ae05efe7a285) ([merge request](https://gitlab.com/gitlab-org/charts/gitlab/-/merge_requests/4055))
+- [Add ttlSecondsAfterFinished to certmanager_issuer](https://gitlab.com/gitlab-org/charts/gitlab/-/commit/b9b3698b41916d69bb82c467ebbe0d1aa3473bc2) ([merge request](https://gitlab.com/gitlab-org/charts/gitlab/-/merge_requests/4053))
+- [Update dependency container-registry to v4.15.0-gitlab](https://gitlab.com/gitlab-org/charts/gitlab/-/commit/7d9b71c4adc0078424aa1e9ebfb65efd49ae20a9) ([merge request](https://gitlab.com/gitlab-org/charts/gitlab/-/merge_requests/4059))
+- [Update Helm release gitlab-runner to v0.72.0](https://gitlab.com/gitlab-org/charts/gitlab/-/commit/13515980ce6275fff3d8241b73725a48f443d2fb) ([merge request](https://gitlab.com/gitlab-org/charts/gitlab/-/merge_requests/4038))
+- [Update dependency gitlab-qa to v15](https://gitlab.com/gitlab-org/charts/gitlab/-/commit/a1b4854886a67007690053b6f7606636d9703f53) ([merge request](https://gitlab.com/gitlab-org/charts/gitlab/-/merge_requests/4032))
+
## 8.7.4 (2025-01-15)
No changes.
@@ -16,12 +40,6 @@ No changes.
- [Revert certmanager-issuer time zone change](https://gitlab.com/gitlab-org/charts/gitlab/-/commit/99befdf99b7f07639d7b6ceb83ea8b534085bbe3) ([merge request](https://gitlab.com/gitlab-org/charts/gitlab/-/merge_requests/4044))
-## 8.7.1 (2024-12-20)
-
-### Fixed (1 change)
-
-- [Shared Secrets: consume idiomatic returns from yq](https://gitlab.com/gitlab-org/charts/gitlab/-/commit/19e1aa90c41e3559959f27b4a3baf67669905400) ([merge request](https://gitlab.com/gitlab-org/charts/gitlab/-/merge_requests/4039))
-
## 8.7.0 (2024-12-18)
### Added (3 changes)
@@ -40,6 +58,10 @@ No changes.
- [Update dependency container-registry to v4.14.0-gitlab](https://gitlab.com/gitlab-org/charts/gitlab/-/commit/dcc8ce8e48d88f5ff1aee9f0aa67bf4b505de585) ([merge request](https://gitlab.com/gitlab-org/charts/gitlab/-/merge_requests/4017))
- [Update Helm release gitlab-runner to v0.71.0](https://gitlab.com/gitlab-org/charts/gitlab/-/commit/45c82f324306ca23d68384a65103ec889c1b6cee) ([merge request](https://gitlab.com/gitlab-org/charts/gitlab/-/merge_requests/4011))
+## 8.6.3 (2025-01-08)
+
+No changes.
+
## 8.6.2 (2024-12-10)
No changes.
@@ -69,6 +91,10 @@ No changes.
- [Update Helm release gitlab-runner to v0.70.0](https://gitlab.com/gitlab-org/charts/gitlab/-/commit/ea3833fd35e5d201c96e9da5b4892b610df19781) ([merge request](https://gitlab.com/gitlab-org/charts/gitlab/-/merge_requests/3955))
- [Bump nginx-controller from 1.3.1 to 1.11.2](https://gitlab.com/gitlab-org/charts/gitlab/-/commit/c8f6090ec807dde86d4f6fd92803ada8b125868e) ([merge request](https://gitlab.com/gitlab-org/charts/gitlab/-/merge_requests/3901))
+## 8.5.5 (2025-01-08)
+
+No changes.
+
## 8.5.4 (2024-12-10)
No changes.
diff --git a/chart/Kptfile b/chart/Kptfile
index 355dd35ed..322c3cb8f 100644
--- a/chart/Kptfile
+++ b/chart/Kptfile
@@ -5,7 +5,7 @@ metadata:
upstream:
type: git
git:
- commit: 6ac93b61b25b1e7db4d7dc0c7549d1f85670887e
+ commit: c9cc7286394007b8b8f1e04649658a089aeee4a0
repo: https://gitlab.com/gitlab-org/charts/gitlab
directory: /
- ref: v8.7.4
+ ref: v8.8.1
diff --git a/chart/charts/certmanager-issuer/Chart.yaml b/chart/charts/certmanager-issuer/Chart.yaml
index 8c74e2375..c4d1ac1f4 100644
--- a/chart/charts/certmanager-issuer/Chart.yaml
+++ b/chart/charts/certmanager-issuer/Chart.yaml
@@ -1,6 +1,6 @@
apiVersion: v1
name: certmanager-issuer
-version: 0.1.0
+version: 0.2.0
appVersion: 0.2.2
description: Configuration Job to add LetsEncrypt Issuer to cert-manager
keywords:
diff --git a/chart/charts/certmanager-issuer/templates/issuer-job.yaml b/chart/charts/certmanager-issuer/templates/issuer-job.yaml
index 4bb5adce8..6c5dd8fbd 100644
--- a/chart/charts/certmanager-issuer/templates/issuer-job.yaml
+++ b/chart/charts/certmanager-issuer/templates/issuer-job.yaml
@@ -10,6 +10,7 @@ metadata:
{{- include "gitlab.commonLabels" . | nindent 4 }}
spec:
activeDeadlineSeconds: 300
+ ttlSecondsAfterFinished: {{ .Values.ttlSecondsAfterFinished }}
template:
metadata:
labels:
diff --git a/chart/charts/certmanager-issuer/values.yaml b/chart/charts/certmanager-issuer/values.yaml
index 3f13384a6..b5660f2e4 100644
--- a/chart/charts/certmanager-issuer/values.yaml
+++ b/chart/charts/certmanager-issuer/values.yaml
@@ -26,3 +26,5 @@ common:
labels: {}
useNewIngressForCerts: false
+
+ttlSecondsAfterFinished: 1800
diff --git a/chart/charts/gitlab/charts/geo-logcursor/Chart.yaml b/chart/charts/gitlab/charts/geo-logcursor/Chart.yaml
index 2f359384f..73a0aec9d 100644
--- a/chart/charts/gitlab/charts/geo-logcursor/Chart.yaml
+++ b/chart/charts/gitlab/charts/geo-logcursor/Chart.yaml
@@ -1,7 +1,7 @@
apiVersion: v1
name: geo-logcursor
-version: 8.7.4
-appVersion: v17.7.2
+version: 8.8.1
+appVersion: v17.8.1
description: GitLab Geo logcursor
keywords:
- gitlab
diff --git a/chart/charts/gitlab/charts/gitaly/Chart.yaml b/chart/charts/gitlab/charts/gitaly/Chart.yaml
index 9ad46f50b..bf5e20bd3 100644
--- a/chart/charts/gitlab/charts/gitaly/Chart.yaml
+++ b/chart/charts/gitlab/charts/gitaly/Chart.yaml
@@ -1,7 +1,7 @@
apiVersion: v1
name: gitaly
-version: 8.7.4
-appVersion: 17.7.2
+version: 8.8.1
+appVersion: 17.8.1
description: Git RPC service for handling all the git calls made by GitLab
keywords:
- gitlab
diff --git a/chart/charts/gitlab/charts/gitaly/templates/_statefulset_spec.yaml b/chart/charts/gitlab/charts/gitaly/templates/_statefulset_spec.yaml
index 60d26ec1b..0655eed4c 100644
--- a/chart/charts/gitlab/charts/gitaly/templates/_statefulset_spec.yaml
+++ b/chart/charts/gitlab/charts/gitaly/templates/_statefulset_spec.yaml
@@ -49,6 +49,9 @@ spec:
prometheus.io/path: {{ $.Values.metrics.path }}
{{- end }}
spec:
+ {{- if .Values.shareProcessNamespace }}
+ shareProcessNamespace: {{ .Values.shareProcessNamespace }}
+ {{- end }}
{{- if .Values.tolerations }}
tolerations:
{{- toYaml .Values.tolerations | nindent 8 }}
diff --git a/chart/charts/gitlab/charts/gitaly/values.yaml b/chart/charts/gitlab/charts/gitaly/values.yaml
index 8adba3ddf..4051387a1 100644
--- a/chart/charts/gitlab/charts/gitaly/values.yaml
+++ b/chart/charts/gitlab/charts/gitaly/values.yaml
@@ -33,6 +33,10 @@ common:
podLabels: {}
serviceLabels: {}
+# Allows process namespace sharing within the pod
+# This makes processes in a container visible to all other containers in the same pod.
+shareProcessNamespace: false
+
init:
image: {}
# repository:
diff --git a/chart/charts/gitlab/charts/gitlab-exporter/Chart.yaml b/chart/charts/gitlab/charts/gitlab-exporter/Chart.yaml
index 2f96cbed2..0bd52d6f0 100644
--- a/chart/charts/gitlab/charts/gitlab-exporter/Chart.yaml
+++ b/chart/charts/gitlab/charts/gitlab-exporter/Chart.yaml
@@ -1,7 +1,7 @@
apiVersion: v1
name: gitlab-exporter
-version: 8.7.4
-appVersion: 15.0.0
+version: 8.8.1
+appVersion: 15.1.0
description: Exporter for GitLab Prometheus metrics (e.g. CI, pull mirrors)
keywords:
- gitlab
diff --git a/chart/charts/gitlab/charts/gitlab-pages/Chart.yaml b/chart/charts/gitlab/charts/gitlab-pages/Chart.yaml
index 8e5eaa92a..d1b863454 100644
--- a/chart/charts/gitlab/charts/gitlab-pages/Chart.yaml
+++ b/chart/charts/gitlab/charts/gitlab-pages/Chart.yaml
@@ -1,7 +1,7 @@
apiVersion: v1
name: gitlab-pages
-version: 8.7.4
-appVersion: 17.7.2
+version: 8.8.1
+appVersion: 17.8.1
description: Daemon for serving static websites from GitLab projects
keywords:
- gitlab
diff --git a/chart/charts/gitlab/charts/gitlab-shell/Chart.yaml b/chart/charts/gitlab/charts/gitlab-shell/Chart.yaml
index d52df87ad..1d89b64b9 100644
--- a/chart/charts/gitlab/charts/gitlab-shell/Chart.yaml
+++ b/chart/charts/gitlab/charts/gitlab-shell/Chart.yaml
@@ -1,6 +1,6 @@
apiVersion: v1
name: gitlab-shell
-version: 8.7.4
+version: 8.8.1
appVersion: 14.39.0
description: sshd for Gitlab
keywords:
diff --git a/chart/charts/gitlab/charts/kas/Chart.yaml b/chart/charts/gitlab/charts/kas/Chart.yaml
index f6846cc57..ac5ca7d79 100644
--- a/chart/charts/gitlab/charts/kas/Chart.yaml
+++ b/chart/charts/gitlab/charts/kas/Chart.yaml
@@ -1,7 +1,7 @@
apiVersion: v1
name: kas
-version: 8.7.4
-appVersion: 17.7.2
+version: 8.8.1
+appVersion: 17.8.1
description: GitLab Agent Server
keywords:
- agent
diff --git a/chart/charts/gitlab/charts/kas/templates/_helpers.tpl b/chart/charts/gitlab/charts/kas/templates/_helpers.tpl
index 0ce08c57d..72f66b659 100644
--- a/chart/charts/gitlab/charts/kas/templates/_helpers.tpl
+++ b/chart/charts/gitlab/charts/kas/templates/_helpers.tpl
@@ -29,7 +29,8 @@ username: {{ .redisMergedConfig.user }}
{{- end -}}
{{- if .redisMergedConfig.password.enabled }}
password_file: /etc/kas/redis/{{ printf "%s-password" (default "redis" .redisConfigName) }}
-{{- end -}}
+{{- end }}
+database_index: {{ .redisMergedConfig.database }}
{{- if not .redisMergedConfig.sentinels }}
server:
address: {{ template "gitlab.redis.host" . }}:{{ template "gitlab.redis.port" . }}
diff --git a/chart/charts/gitlab/charts/mailroom/Chart.yaml b/chart/charts/gitlab/charts/mailroom/Chart.yaml
index 1eb041c4b..24902cb35 100644
--- a/chart/charts/gitlab/charts/mailroom/Chart.yaml
+++ b/chart/charts/gitlab/charts/mailroom/Chart.yaml
@@ -1,7 +1,7 @@
apiVersion: v1
name: mailroom
-version: 8.7.4
-appVersion: v17.7.2
+version: 8.8.1
+appVersion: v17.8.1
description: Handling incoming emails
keywords:
- gitlab
diff --git a/chart/charts/gitlab/charts/migrations/Chart.yaml b/chart/charts/gitlab/charts/migrations/Chart.yaml
index 8e84db026..1f4f4bd7b 100644
--- a/chart/charts/gitlab/charts/migrations/Chart.yaml
+++ b/chart/charts/gitlab/charts/migrations/Chart.yaml
@@ -1,7 +1,7 @@
apiVersion: v1
name: migrations
-version: 8.7.4
-appVersion: v17.7.2
+version: 8.8.1
+appVersion: v17.8.1
description: Database migrations and other versioning tasks for upgrading Gitlab
keywords:
- gitlab
diff --git a/chart/charts/gitlab/charts/praefect/Chart.yaml b/chart/charts/gitlab/charts/praefect/Chart.yaml
index 7edb2000b..7ee128f08 100644
--- a/chart/charts/gitlab/charts/praefect/Chart.yaml
+++ b/chart/charts/gitlab/charts/praefect/Chart.yaml
@@ -1,7 +1,7 @@
apiVersion: v1
name: praefect
-version: 8.7.4
-appVersion: 17.7.2
+version: 8.8.1
+appVersion: 17.8.1
description: Praefect is a router and transaction manager for Gitaly, and a required
component for running a Gitaly Cluster.
keywords:
diff --git a/chart/charts/gitlab/charts/sidekiq/Chart.yaml b/chart/charts/gitlab/charts/sidekiq/Chart.yaml
index 7c8fd79ca..38f892a76 100644
--- a/chart/charts/gitlab/charts/sidekiq/Chart.yaml
+++ b/chart/charts/gitlab/charts/sidekiq/Chart.yaml
@@ -1,7 +1,7 @@
apiVersion: v1
name: sidekiq
-version: 8.7.4
-appVersion: v17.7.2
+version: 8.8.1
+appVersion: v17.8.1
description: Gitlab Sidekiq for asynchronous task processing in rails
keywords:
- gitlab
diff --git a/chart/charts/gitlab/charts/spamcheck/Chart.yaml b/chart/charts/gitlab/charts/spamcheck/Chart.yaml
index 043c3e0a7..904cf9fb0 100644
--- a/chart/charts/gitlab/charts/spamcheck/Chart.yaml
+++ b/chart/charts/gitlab/charts/spamcheck/Chart.yaml
@@ -1,6 +1,6 @@
apiVersion: v1
name: spamcheck
-version: 8.7.4
+version: 8.8.1
appVersion: 1.2.3
description: GitLab Anti-Spam Engine
keywords:
diff --git a/chart/charts/gitlab/charts/toolbox/Chart.yaml b/chart/charts/gitlab/charts/toolbox/Chart.yaml
index 910d4f891..f9a3ed1dc 100644
--- a/chart/charts/gitlab/charts/toolbox/Chart.yaml
+++ b/chart/charts/gitlab/charts/toolbox/Chart.yaml
@@ -1,7 +1,7 @@
apiVersion: v1
name: toolbox
-version: 8.7.4
-appVersion: v17.7.2
+version: 8.8.1
+appVersion: v17.8.1
description: For manually running rake tasks through kubectl
keywords:
- gitlab
diff --git a/chart/charts/gitlab/charts/webservice/Chart.yaml b/chart/charts/gitlab/charts/webservice/Chart.yaml
index 8092ba7bf..423762d9b 100644
--- a/chart/charts/gitlab/charts/webservice/Chart.yaml
+++ b/chart/charts/gitlab/charts/webservice/Chart.yaml
@@ -1,7 +1,7 @@
apiVersion: v1
name: webservice
-version: 8.7.4
-appVersion: v17.7.2
+version: 8.8.1
+appVersion: v17.8.1
description: HTTP server for Gitlab
keywords:
- gitlab
diff --git a/chart/charts/gitlab/charts/webservice/templates/_helpers.tpl b/chart/charts/gitlab/charts/webservice/templates/_helpers.tpl
index a320e36ee..21fd7be30 100644
--- a/chart/charts/gitlab/charts/webservice/templates/_helpers.tpl
+++ b/chart/charts/gitlab/charts/webservice/templates/_helpers.tpl
@@ -268,6 +268,7 @@ Return the workhorse redis configuration.
{{- end }}
{{- include "gitlab.redis.selectedMergedConfig" . -}}
[redis]
+DB = {{ .redisMergedConfig.database }}
{{- if not .redisMergedConfig.sentinels }}
{{- $userinfo := "" }}
{{- if .redisMergedConfig.user }}
diff --git a/chart/charts/gitlab/templates/_redis.tpl b/chart/charts/gitlab/templates/_redis.tpl
index 8f5841e5f..a026d4984 100644
--- a/chart/charts/gitlab/templates/_redis.tpl
+++ b/chart/charts/gitlab/templates/_redis.tpl
@@ -31,6 +31,16 @@ to 6379 default
{{- default 6379 .redisMergedConfig.port -}}
{{- end -}}
+{{/*
+Return the redis database
+If the redis database is provided, it will use that, otherwise it will fallback
+to 0 default
+*/}}
+{{- define "gitlab.redis.database" -}}
+{{- include "gitlab.redis.configMerge" . -}}
+{{- default 0 .redisMergedConfig.database -}}
+{{- end -}}
+
{{/*
Return the redis scheme, or redis. Allowing people to use rediss clusters
*/}}
@@ -49,7 +59,7 @@ Return the redis scheme, or redis. Allowing people to use rediss clusters
Return the redis url.
*/}}
{{- define "gitlab.redis.url" -}}
-{{ template "gitlab.redis.scheme" . }}://{{ template "gitlab.redis.url.user" . }}{{ template "gitlab.redis.url.password" . }}{{ template "gitlab.redis.host" . }}:{{ template "gitlab.redis.port" . }}
+{{ template "gitlab.redis.scheme" . }}://{{ template "gitlab.redis.url.user" . }}{{ template "gitlab.redis.url.password" . }}{{ template "gitlab.redis.host" . }}:{{ template "gitlab.redis.port" . }}/{{ template "gitlab.redis.database" . }}
{{- end -}}
{{/*
@@ -134,6 +144,7 @@ sentinels:
{{- if not (kindIs "map" (get $.redisMergedConfig "password")) -}}
{{- $_ := set $.redisMergedConfig "password" $.Values.global.redis.auth -}}
{{- end -}}
+{{- $_ := set $.redisMergedConfig "database" (default 0 .Values.global.redis.database) -}}
{{- range $key := keys $.Values.global.redis.auth -}}
{{- if not (hasKey $.redisMergedConfig.password $key) -}}
{{- $_ := set $.redisMergedConfig.password $key (index $.Values.global.redis.auth $key) -}}
diff --git a/chart/charts/registry/Chart.yaml b/chart/charts/registry/Chart.yaml
index b101e6196..417fe95a9 100644
--- a/chart/charts/registry/Chart.yaml
+++ b/chart/charts/registry/Chart.yaml
@@ -1,7 +1,7 @@
apiVersion: v1
name: registry
version: 0.7.0
-appVersion: 'v4.14.0-gitlab'
+appVersion: 'v4.15.0-gitlab'
description: Stateless, highly scalable application that stores and lets you
distribute container images
details: Container Registry component of GitLab
diff --git a/chart/charts/registry/values.yaml b/chart/charts/registry/values.yaml
index ac9fb2fd0..1838859af 100644
--- a/chart/charts/registry/values.yaml
+++ b/chart/charts/registry/values.yaml
@@ -1,6 +1,6 @@
image:
repository: registry.gitlab.com/gitlab-org/build/cng/gitlab-container-registry
- tag: 'v4.14.0-gitlab'
+ tag: 'v4.15.0-gitlab'
# pullPolicy: IfNotPresent
# pullSecrets: []
diff --git a/chart/danger/chart-version/Dangerfile b/chart/danger/chart-version/Dangerfile
new file mode 100644
index 000000000..70bd1f9ef
--- /dev/null
+++ b/chart/danger/chart-version/Dangerfile
@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+if helper.all_changed_files.detect(-> { false }) { |filename| filename == 'charts/certmanager-issuer/templates/issuer-job.yaml' }
+ failure <<~MSG
+ Jobs templates are immutable. Changing it breaks upgrades if there's an existing job with the same name.
+ Please bump the certmanager-issuer chart version, so that it gets a different generated name
+ as per [globals Jobs documentation](https://docs.gitlab.com/charts/charts/globals.html#jobs).
+ MSG
+end
diff --git a/chart/doc/advanced/external-gitaly/external-omnibus-gitaly.md b/chart/doc/advanced/external-gitaly/external-omnibus-gitaly.md
index 09c1c1864..8e9562f6c 100644
--- a/chart/doc/advanced/external-gitaly/external-omnibus-gitaly.md
+++ b/chart/doc/advanced/external-gitaly/external-omnibus-gitaly.md
@@ -56,7 +56,7 @@ gitlab_kas['enable'] = false
prometheus['enable'] = false
alertmanager['enable'] = false
-# If you don't run a seperate monitoring node you can
+# If you don't run a separate monitoring node you can
# Enable Prometheus access & disable these extra services
# This makes Prometheus listen on all interfaces. You must use firewalls to restrict access to this address/port.
# prometheus['listen_address'] = '0.0.0.0:9090'
diff --git a/chart/doc/advanced/external-redis/index.md b/chart/doc/advanced/external-redis/index.md
index c2431d979..18bad8c96 100644
--- a/chart/doc/advanced/external-redis/index.md
+++ b/chart/doc/advanced/external-redis/index.md
@@ -28,6 +28,7 @@ You must set the following parameters:
Items below can be further customized if you are not using the defaults:
- `global.redis.port`: The port the database is available on, defaults to `6379`.
+- `global.redis.database`: The database to connect to on the Redis server, defaults to `0`.
For example, pass these values via Helm's `--set` flag while deploying:
diff --git a/chart/doc/charts/certmanager-issuer/index.md b/chart/doc/charts/certmanager-issuer/index.md
index 457bbecf2..bf11cf550 100644
--- a/chart/doc/charts/certmanager-issuer/index.md
+++ b/chart/doc/charts/certmanager-issuer/index.md
@@ -60,3 +60,4 @@ to the `helm install` command using the `--set` flags:
| `containerSecurityContext.allowPrivilegeEscalation` | `false` | Controls whether a process can gain more privileges than its parent process |
| `containerSecurityContext.runAsNonRoot` | `true` | Controls whether the container runs with a non-root user |
| `containerSecurityContext.capabilities.drop` | `[ "ALL" ]` | Removes [Linux capabilities](https://man7.org/linux/man-pages/man7/capabilities.7.html) for the container |
+| `ttlSecondsAfterFinished` | `1800` | Controls when a finished job becomes eligible for cascading removal. |
diff --git a/chart/doc/charts/gitlab/gitaly/index.md b/chart/doc/charts/gitlab/gitaly/index.md
index 12e3769be..a1c06077a 100644
--- a/chart/doc/charts/gitlab/gitaly/index.md
+++ b/chart/doc/charts/gitlab/gitaly/index.md
@@ -86,6 +86,7 @@ the `helm install` command using the `--set` flags.
| `securityContext.fsGroupChangePolicy` | | Policy for changing ownership and permission of the volume (requires Kubernetes 1.23) |
| `securityContext.runAsUser` | `1000` | User ID under which the pod should be started |
| `securityContext.seccompProfile.type` | `RuntimeDefault` | Seccomp profile to use |
+| `shareProcessNamespace` | `false` | Allows making container processes visible to all other contains in the same pod |
| `containerSecurityContext` | | Override container [securityContext](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#securitycontext-v1-core) under which the Gitaly container is started |
| `containerSecurityContext.runAsUser` | `1000` | Allow overwriting of the specific security context user ID under which the Gitaly container is started |
| `containerSecurityContext.allowPrivilegeEscalation` | `false` | Controls whether a process of the Gitaly container can gain more privileges than its parent process |
diff --git a/chart/doc/charts/gitlab/migrations/index.md b/chart/doc/charts/gitlab/migrations/index.md
index c4df87b1d..adf1715db 100644
--- a/chart/doc/charts/gitlab/migrations/index.md
+++ b/chart/doc/charts/gitlab/migrations/index.md
@@ -79,7 +79,6 @@ Table below contains all the possible charts configurations that can be supplied
| `extraVolumeMounts` | List of extra volumes mounts to do | |
| `extraEnv` | List of extra environment variables to expose | |
| `extraEnvFrom` | List of extra environment variables from other data sources to expose| |
-| `bootsnap.enabled` | Enable the Bootsnap cache for Rails | `true` |
| `priorityClassName` | [Priority class](https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/) assigned to pods. | |
## Chart configuration examples
diff --git a/chart/doc/charts/globals.md b/chart/doc/charts/globals.md
index 4541ffc5d..4f67a1544 100644
--- a/chart/doc/charts/globals.md
+++ b/chart/doc/charts/globals.md
@@ -256,7 +256,7 @@ with the `-fips` extension to the image tag.
--set global.image.tagSuffix="-fips"
```
-## Custom timezone for all containers
+## Custom timezone for all containers
If you wish to set a custom timezone for all the GitLab containers, you can use the `global.time_zone` key. Refer to `TZ identifier` on the [List of tz database time zones](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones) for the available values. Default is `UTC`.
@@ -460,6 +460,7 @@ global:
redis:
host: redis.example.com
serviceName: redis
+ database: 7
port: 6379
auth:
enabled: true
@@ -476,6 +477,7 @@ global:
| `host` | String | | The hostname of the Redis server with the database to use. This can be omitted in lieu of `serviceName`. |
| `serviceName` | String | `redis` | The name of the `service` which is operating the Redis database. If this is present, and `host` is not, the chart will template the hostname of the service (and current `.Release.Name`) in place of the `host` value. This is convenient when using Redis as a part of the overall GitLab chart. |
| `port` | Integer | `6379` | The port on which to connect to the Redis server. |
+| `database` | Integer | `0` | The database to connect to on the Redis server. |
| `user` | String | | The user used to authenticate against Redis (Redis 6.0+). |
| `auth.enabled` | Boolean | true | The `auth.enabled` provides a toggle for using a password with the Redis instance. |
| `auth.key` | String | | The `auth.key` attribute for Redis defines the name of the key in the secret (below) that contains the password. |
@@ -1362,10 +1364,10 @@ This property has two sub-keys: `secret` and `key`.
- `key` is the name of the key in the secret which houses the YAML block. Defaults to `connection`.
Valid configuration keys can be found in the [GitLab Job Artifacts Administration](https://docs.gitlab.com/ee/administration/job_artifacts.html#s3-compatible-connection-settings)
-documentation. This matches to [Fog](https://github.com/fog), and is different between
+documentation. This matches to [Fog](https://github.com/fog/fog.github.com), and is different between
provider modules.
-Examples for [AWS](https://fog.io/storage/#using-amazon-s3-and-fog) and [Google](https://fog.io/storage/#google-cloud-storage)
+Examples for [AWS](https://fog.github.io/storage/#using-amazon-s3-and-fog) and [Google](https://fog.github.io/storage/#google-cloud-storage)
providers can be found in [`examples/objectstorage`](https://gitlab.com/gitlab-org/charts/gitlab/tree/master/examples/objectstorage).
- [`rails.s3.yaml`](https://gitlab.com/gitlab-org/charts/gitlab/-/blob/master/examples/objectstorage/rails.s3.yaml)
diff --git a/chart/doc/charts/registry/index.md b/chart/doc/charts/registry/index.md
index 07fa999e7..1b6501691 100644
--- a/chart/doc/charts/registry/index.md
+++ b/chart/doc/charts/registry/index.md
@@ -76,7 +76,7 @@ registry:
interval: 24h
dryrun: false
image:
- tag: 'v4.14.0-gitlab'
+ tag: 'v4.15.0-gitlab'
pullPolicy: IfNotPresent
annotations:
service:
@@ -187,7 +187,7 @@ If you chose to deploy this chart as a standalone, remove the `registry` at the
| `image.pullPolicy` | | Pull policy for the registry image |
| `image.pullSecrets` | | Secrets to use for image repository |
| `image.repository` | `registry.gitlab.com/gitlab-org/build/cng/gitlab-container-registry` | Registry image |
-| `image.tag` | `v4.14.0-gitlab` | Version of the image to use |
+| `image.tag` | `v4.15.0-gitlab` | Version of the image to use |
| `init.image.repository` | | initContainer image |
| `init.image.tag` | | initContainer image tag |
| `init.containerSecurityContext` | | initContainer specific [securityContext](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#securitycontext-v1-core) |
@@ -430,7 +430,7 @@ You can change the included version of the Registry and `pullPolicy`.
Default settings:
-- `tag: 'v4.14.0-gitlab'`
+- `tag: 'v4.15.0-gitlab'`
- `pullPolicy: 'IfNotPresent'`
## Configuring the `service`
diff --git a/chart/doc/development/ci.md b/chart/doc/development/ci.md
index e26d459c7..7990f6977 100644
--- a/chart/doc/development/ci.md
+++ b/chart/doc/development/ci.md
@@ -8,8 +8,8 @@
### LIMIT_TO
-`LIMIT_TO` allows to isolate singular logical block of pipeline and *only* execute that block skipping all other blocks. This allows for faster iteration as developer may choose to test only a singular platform before code is ready for more thorough testing. It also allows for external pipeline invocations for very specific scenarios.
+`LIMIT_TO` allows to isolate singular logical block of pipeline and *only* execute that block skipping all other blocks. This allows for faster iteration as developer may choose to test only a singular platform before code is ready for more thorough testing. It also allows for external pipeline invocations for very specific scenarios.
`LIMIT_TO` accepts only a single value.
-Empty value implies that there are no limits and that pipeline shall be executed in full.
+Empty value implies that there are no limits and that pipeline shall be executed in full.
diff --git a/chart/doc/installation/cloud/index.md b/chart/doc/installation/cloud/index.md
index ee8df737b..5fe63b0cd 100644
--- a/chart/doc/installation/cloud/index.md
+++ b/chart/doc/installation/cloud/index.md
@@ -39,7 +39,7 @@ We welcome reports made to our [issue tracker](https://gitlab.com/gitlab-org/cha
Some GitLab features might not work on deprecated releases or releases older than the releases listed above.
-For some components, like the [agent for Kubernetes](https://docs.gitlab.com/ee/user/clusters/agent/#gitlab-agent-for-kubernetes-supported-cluster-versions) and [GitLab Operator](https://docs.gitlab.com/operator/installation.html#kubernetes), GitLab might support different cluster releases.
+For some components, like the [agent for Kubernetes](https://docs.gitlab.com/ee/user/clusters/agent/) and [GitLab Operator](https://docs.gitlab.com/operator/installation.html), GitLab might support different cluster releases.
WARNING:
Kubernetes nodes must use the x86-64 architecture.
diff --git a/chart/doc/installation/secrets.md b/chart/doc/installation/secrets.md
index fd653c291..d59af5c63 100644
--- a/chart/doc/installation/secrets.md
+++ b/chart/doc/installation/secrets.md
@@ -224,6 +224,8 @@ This secret is referenced by the `global.praefect.authToken.secret` setting.
### GitLab Rails secret
+> - The `active_record_encryption_*` keys were added in [GitLab 17.8](../releases/8_0.md#upgrade-to-880).
+
Replace `<name>` with the name of the release.
```shell
@@ -250,9 +252,6 @@ This secret is referenced by the `global.railsSecrets.secret` setting.
It is **not recommended** to rotate this secret as it contains the database encryption keys. If the secret is
rotated, the result will be the same behavior exhibited [when the secrets file is lost](https://docs.gitlab.com/ee/administration/backup_restore/backup_gitlab.html#when-the-secrets-file-is-lost).
-NOTE:
-The `encrypted_settings_key_base` was added in GitLab `13.7`, and will be required for GitLab `14.0`.
-
### GitLab Workhorse secret
Generate the workhorse secret. This must have a length of 32 characters and
diff --git a/chart/doc/installation/upgrade.md b/chart/doc/installation/upgrade.md
index 22ab06abe..fc4e3e0df 100644
--- a/chart/doc/installation/upgrade.md
+++ b/chart/doc/installation/upgrade.md
@@ -21,9 +21,7 @@ Because the GitLab chart versions don't follow the same numbering as GitLab vers
see the [version mappings](version_mappings.md) between them.
NOTE:
-**Zero-downtime upgrades** are not available with the GitLab charts.
-Ongoing work to support this feature can be tracked via
-[the GitLab Operator epic](https://gitlab.com/groups/gitlab-org/cloud-native/-/epics/52).
+**Zero-downtime upgrades** are not available with the GitLab charts but can be achieved by using [GitLab Operator](https://docs.gitlab.com/operator/gitlab_upgrades.html).
We also recommend that you take a [backup](../backup-restore/index.md) first. Also note that you
must provide all values using `helm upgrade --set key=value` syntax or `-f values.yaml` instead of
diff --git a/chart/doc/installation/version_mappings.md b/chart/doc/installation/version_mappings.md
index bb95df50d..33d29f606 100644
--- a/chart/doc/installation/version_mappings.md
+++ b/chart/doc/installation/version_mappings.md
@@ -33,14 +33,17 @@ The table below maps some of the key previous supported chart versions and suppo
| Chart version | GitLab version |
|---------------|----------------|
+| 8.8.1 | 17.8.1 |
+| 8.8.0 | 17.8.0 |
| 8.7.4 | 17.7.2 |
| 8.7.3 | 17.7.1 |
| 8.7.2 | 17.7.0 |
-| 8.7.1 | 17.7.0 |
| 8.7.0 | 17.7.0 |
+| 8.6.3 | 17.6.3 |
| 8.6.2 | 17.6.2 |
| 8.6.1 | 17.6.1 |
| 8.6.0 | 17.6.0 |
+| 8.5.5 | 17.5.5 |
| 8.5.4 | 17.5.4 |
| 8.5.3 | 17.5.3 |
| 8.5.2 | 17.5.2 |
diff --git a/chart/doc/releases/8_0.md b/chart/doc/releases/8_0.md
index 9bb2a83f3..2bb5f5a9b 100644
--- a/chart/doc/releases/8_0.md
+++ b/chart/doc/releases/8_0.md
@@ -20,6 +20,41 @@ See [GitLab 17 changes](https://docs.gitlab.com/ee/update/versions/gitlab_17_cha
To upgrade to the `8.0` version of the chart, you first need to upgrade to the latest `7.11.x`
release of the chart. Check the [version mapping details](../installation/version_mappings.md) for the latest patch.
+### Upgrade to 8.8.0
+
+If you disabled the [`shared-secrets` job](../charts/shared-secrets.md#disable-functionality),
+you'll need to manually create three new secrets. If you have it enabled (default behavior), then there's nothing to do, as the new secrets will be auto-generated.
+
+- `active_record_encryption_primary_key`
+- `active_record_encryption_deterministic_key`
+- `active_record_encryption_key_derivation_salt`
+
+The secrets format can be seen in [the GitLab Rails secrets section](../installation/secrets.md#gitlab-rails-secret).
+
+Here are the steps to populate these 3 secrets:
+
+1. [Back up the secrets](../backup-restore/backup.md#back-up-the-secrets).
+1. Generate 3 different 32-chars random strings –one for each of the new secrets– with `LC_ALL=C < /dev/urandom tr -dc 'a-zA-Z0-9' | head -c 32`
+1. Add the secrets at the end of `gitlab-secrets.yaml`:
+
+ ```yaml
+ active_record_encryption_primary_key:
+ - "<first 32-chars random string>"
+ active_record_encryption_deterministic_key:
+ - "<second 32-chars random string>"
+ active_record_encryption_key_derivation_salt: "<third 32-chars random string>"
+ ```
+
+1. Create a new `secret` resource (replace `<name>` with the name of the release):
+
+ ```shell
+ kubectl create secret generic <name>-rails-secret-v2 --from-file=gitlab-secrets.yaml
+ ```
+
+1. Update the `global.railsSecrets.secret` in your `values.yaml` file to point to the new `<name>-rails-secret-v2` secret resource.
+1. Upgrade the GitLab Chart release with this new value, but making sure other old values still apply (for example, [don't use the `--reuse-values` flag](../installation/upgrade.md)).
+1. Confirm that GitLab is working as expected. If it is, it should be safe to delete the old `<name>-rails-secret` secret resource.
+
### Upgrade to 8.6.0
The `app` label of the Job that performs the database migrations for the registry metadata database has
diff --git a/chart/requirements.yaml b/chart/requirements.yaml
index 2fda5f93e..6e15725a7 100644
--- a/chart/requirements.yaml
+++ b/chart/requirements.yaml
@@ -21,7 +21,7 @@ dependencies:
repository: https://charts.bitnami.com/bitnami
condition: postgresql.install
- name: gitlab-runner
- version: 0.71.0
+ version: 0.72.0
repository: https://charts.gitlab.io/
condition: gitlab-runner.install
- name: redis
diff --git a/chart/spec/configuration/certmanager_issuer_spec.rb b/chart/spec/configuration/certmanager_issuer_spec.rb
new file mode 100644
index 000000000..af35dbecc
--- /dev/null
+++ b/chart/spec/configuration/certmanager_issuer_spec.rb
@@ -0,0 +1,96 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+require 'hash_deep_merge'
+require 'helm_template_helper'
+require 'yaml'
+
+describe 'certmanager_issuer configuration' do
+ let(:default_values) do
+ HelmTemplate.defaults
+ end
+
+ let(:required_resources) do
+ %w[Role RoleBinding ServiceAccount]
+ end
+
+ context 'default chart values' do
+ it 'creates certmanager_issuer related resources with default values' do
+ template = HelmTemplate.new(default_values)
+
+ required_resources.each do |resource|
+ resource_name = "#{resource}/test-certmanager-issuer"
+
+ expect(template.resources_by_kind(resource)[resource_name]).to be_present
+ end
+
+ jobs = template.resources_by_kind("Job")
+ issuer_job = jobs.find { |key, _| key.start_with?("Job/test-issuer-") }.last
+
+ # Expectation for the metadata name prefix
+ expect(issuer_job["metadata"]["name"]).to match(/^test-issuer-[a-f0-9]+$/)
+
+ # Expectation for the container image needs to be a regex to work for master and stable branches.
+ expect(issuer_job["spec"]["template"]["spec"]["containers"][0]["image"]).to match(%r{^registry\.gitlab\.com/gitlab-org/build/cng/kubectl:(v\d+\.\d+\.\d+|master)$})
+
+ # Expectation for the rest of the structure
+ expect(issuer_job).to include(
+ "apiVersion" => "batch/v1",
+ "kind" => "Job",
+ "metadata" => include(
+ "namespace" => "default",
+ "labels" => {
+ "app" => "certmanager-issuer",
+ "chart" => "certmanager-issuer-0.2.0",
+ "release" => "test",
+ "heritage" => "Helm"
+ }
+ ),
+ "spec" => include(
+ "activeDeadlineSeconds" => 300,
+ "ttlSecondsAfterFinished" => 1800,
+ "template" => include(
+ "metadata" => { "labels" => { "app" => "certmanager-issuer", "release" => "test" } },
+ "spec" => include(
+ "securityContext" => { "runAsUser" => 65534, "fsGroup" => 65534, "seccompProfile" => { "type" => "RuntimeDefault" } },
+ "serviceAccountName" => "test-certmanager-issuer",
+ "restartPolicy" => "OnFailure",
+ "containers" => include(
+ include(
+ "name" => "create-issuer",
+ "command" => ["/bin/bash", "/scripts/create-issuer", "/scripts/issuer.yml"],
+ "securityContext" => {
+ "allowPrivilegeEscalation" => false,
+ "capabilities" => { "drop" => ["ALL"] },
+ "runAsGroup" => 65534,
+ "runAsNonRoot" => true,
+ "runAsUser" => 65534
+ },
+ "volumeMounts" => [{ "name" => "scripts", "mountPath" => "/scripts" }],
+ "resources" => { "requests" => { "cpu" => "50m" } }
+ )
+ ),
+ "volumes" => [{ "name" => "scripts", "configMap" => { "name" => "test-certmanager-issuer-certmanager" } }]
+ )
+ )
+ )
+ )
+ end
+ end
+
+ context 'when configureCertmanager is disabled' do
+ it 'does not create any certmanager_issuer related resource' do
+ template = HelmTemplate.new(default_values.deep_merge!(
+ { 'global' => { 'ingress' => { 'configureCertmanager' => false } } })
+ )
+
+ required_resources.each do |resource|
+ resource_name = "#{resource}/test-certmanager-issuer"
+
+ expect(template.resources_by_kind(resource)[resource_name]).to be_nil
+ end
+
+ expect(template.resources_by_kind("Job").keys.select { |k| k.start_with?("Job/test-issuer-") }).to be_empty
+ end
+ end
+end
diff --git a/chart/spec/configuration/gitaly_spec.rb b/chart/spec/configuration/gitaly_spec.rb
index 422a152b8..98a9bc28a 100644
--- a/chart/spec/configuration/gitaly_spec.rb
+++ b/chart/spec/configuration/gitaly_spec.rb
@@ -527,6 +527,42 @@ describe 'Gitaly configuration' do
end
end
+ context 'shareProcessNamespace' do
+ let(:values) do
+ YAML.safe_load(%(
+ gitlab:
+ gitaly:
+ shareProcessNamespace: #{share_process_namespace_enabled}
+ )).merge(default_values)
+ end
+
+ let(:gitaly_stateful_set) { 'StatefulSet/test-gitaly' }
+
+ context 'when enabled' do
+ let(:share_process_namespace_enabled) { true }
+
+ it 'enables shareProcessNamespace' do
+ t = HelmTemplate.new(values)
+ gitaly_set = t.resources_by_kind('StatefulSet').select { |key| key == gitaly_stateful_set }
+ gitaly_template_spec = gitaly_set[gitaly_stateful_set]['spec']['template']['spec']
+ expect(gitaly_template_spec).to include(
+ 'shareProcessNamespace' => true
+ )
+ end
+ end
+
+ context 'when not enabled' do
+ let(:share_process_namespace_enabled) { false }
+
+ it 'does not set shareProcessNamespace' do
+ t = HelmTemplate.new(values)
+ gitaly_set = t.resources_by_kind('StatefulSet').select { |key| key == gitaly_stateful_set }
+ gitaly_template_spec = gitaly_set[gitaly_stateful_set]['spec']['template']['spec']
+ expect(gitaly_template_spec).not_to include('shareProcessNamespace')
+ end
+ end
+ end
+
context 'cgroups' do
let(:values) do
YAML.safe_load(%(
diff --git a/chart/spec/configuration/gitlab_exporter_spec.rb b/chart/spec/configuration/gitlab_exporter_spec.rb
index d5550ff29..e69420211 100644
--- a/chart/spec/configuration/gitlab_exporter_spec.rb
+++ b/chart/spec/configuration/gitlab_exporter_spec.rb
@@ -35,11 +35,26 @@ describe 'gitlab-exporter configuration' do
it 'configures Redis' do
expect(template.exit_code).to eq(0), "Unexpected error code #{template.exit_code} -- #{template.stderr}"
- expect(sidekiq_config['opts']['redis_url']).to eq("redis://:#{password}@test-redis-master.default.svc:6379")
+ expect(sidekiq_config['opts']['redis_url']).to eq("redis://:#{password}@test-redis-master.default.svc:6379/0")
expect(sidekiq_config['opts']).not_to include('redis_sentinels')
end
end
+ context 'with custom redis database value' do
+ let(:values) do
+ YAML.safe_load(%(
+ global:
+ redis:
+ database: 4
+ )).deep_merge(default_values)
+ end
+
+ it 'configures Redis' do
+ expect(template.exit_code).to eq(0), "Unexpected error code #{template.exit_code} -- #{template.stderr}"
+ expect(sidekiq_config['opts']['redis_url']).to eq("redis://:#{password}@test-redis-master.default.svc:6379/4")
+ end
+ end
+
context 'When customer provides additional labels' do
let(:values) do
YAML.safe_load(%(
@@ -103,7 +118,7 @@ describe 'gitlab-exporter configuration' do
it 'configures Sentinels' do
expect(template.exit_code).to eq(0), "Unexpected error code #{template.exit_code} -- #{template.stderr}"
- expect(sidekiq_config['opts']['redis_url']).to eq("redis://:#{password}@global.host:6379")
+ expect(sidekiq_config['opts']['redis_url']).to eq("redis://:#{password}@global.host:6379/0")
expect(sidekiq_config['opts']['redis_sentinels']).to eq(
[
{ 'host' => 'sentinel1.example.com', 'port' => 26379 },
@@ -131,7 +146,7 @@ describe 'gitlab-exporter configuration' do
it 'configures Sentinels' do
expect(template.exit_code).to eq(0), "Unexpected error code #{template.exit_code} -- #{template.stderr}"
- expect(sidekiq_config['opts']['redis_url']).to eq("redis://:#{password}@queues.redis.host:6379")
+ expect(sidekiq_config['opts']['redis_url']).to eq("redis://:#{password}@queues.redis.host:6379/0")
expect(sidekiq_config['opts']['redis_sentinels']).to eq(
[
{ 'host' => 'sentinel1.example.com', 'port' => 26379 },
@@ -164,7 +179,7 @@ describe 'gitlab-exporter configuration' do
it 'configures Sentinels with password' do
expect(template.exit_code).to eq(0), "Unexpected error code #{template.exit_code} -- #{template.stderr}"
- expect(sidekiq_config['opts']['redis_url']).to eq("redis://:#{password}@global.host:6379")
+ expect(sidekiq_config['opts']['redis_url']).to eq("redis://:#{password}@global.host:6379/0")
expect(sidekiq_config['opts']['redis_sentinel_password']).to eq(RuntimeTemplate::JUNK_PASSWORD)
expect(sidekiq_config['opts']['redis_sentinels']).to eq(
[
diff --git a/chart/spec/configuration/kas_spec.rb b/chart/spec/configuration/kas_spec.rb
index b8bbf86e8..ffec4c9b3 100644
--- a/chart/spec/configuration/kas_spec.rb
+++ b/chart/spec/configuration/kas_spec.rb
@@ -290,6 +290,19 @@ describe 'kas configuration' do
))
end
+ let(:sentinels_database) do
+ YAML.safe_load(%(
+ redis:
+ host: global.host
+ database: 6
+ sentinels:
+ - host: sentinel1.example.com
+ port: 26379
+ - host: sentinel2.example.com
+ port: 26379
+ ))
+ end
+
context 'when redis is disabled' do
let(:kas_values) do
default_kas_values.deep_merge!(YAML.safe_load(%(
@@ -336,9 +349,28 @@ describe 'kas configuration' do
end
end
+ context 'when global redis has database value' do
+ let(:kas_values) do
+ default_kas_values.deep_merge!(YAML.safe_load(%(
+ global:
+ redis:
+ database: 3
+ )))
+ end
+
+ it 'has set url' do
+ expect(config_yaml_data['redis']).to include(YAML.safe_load(%(
+ database_index: 3
+ server:
+ address: test-redis-master.default.svc:6379
+ )))
+ end
+ end
+
context 'when no sentinel is setup' do
it 'takes the global redis config' do
expect(config_yaml_data['redis']).to include(YAML.safe_load(%(
+ database_index: 0
password_file: /etc/kas/redis/redis-password
server:
address: test-redis-master.default.svc:6379
@@ -359,6 +391,28 @@ describe 'kas configuration' do
it 'takes the global sentinel redis config' do
expect(config_yaml_data['redis']).to include(YAML.safe_load(%(
+ database_index: 0
+ sentinel:
+ addresses:
+ - sentinel1.example.com:26379
+ - sentinel2.example.com:26379
+ master_name: global.host
+ )))
+ end
+ end
+
+ context 'when sentinel and database are setup' do
+ let(:kas_values) do
+ vals = default_kas_values
+ vals['global'].deep_merge!(sentinels_database)
+ vals.deep_merge!('redis' => { 'install' => false })
+ end
+
+ it_behaves_like 'mounts global redis secret'
+
+ it 'takes the global sentinel and database redis config' do
+ expect(config_yaml_data['redis']).to include(YAML.safe_load(%(
+ database_index: 6
sentinel:
addresses:
- sentinel1.example.com:26379
@@ -439,6 +493,7 @@ describe 'kas configuration' do
let(:sentinels) { {} }
it 'configures a sharedState server config' do
expect(config_yaml_data['redis']).to include(YAML.safe_load(%(
+ database_index: 0
password_file: /etc/kas/redis/sharedState-password
server:
address: shared.redis:6378
diff --git a/chart/spec/configuration/mailroom_spec.rb b/chart/spec/configuration/mailroom_spec.rb
index 1b94ccc49..fcdaeb5c1 100644
--- a/chart/spec/configuration/mailroom_spec.rb
+++ b/chart/spec/configuration/mailroom_spec.rb
@@ -330,13 +330,27 @@ describe 'Mailroom configuration' do
t = HelmTemplate.new(values)
expect(t.exit_code).to eq(0)
# configure the external-redis server, port, secret
- expect(t.dig('ConfigMap/test-mailroom','data','mail_room.yml')).to include("external-redis:9999")
+ expect(t.dig('ConfigMap/test-mailroom','data','mail_room.yml')).to include("external-redis:9999/0")
projected_volume = t.projected_volume_sources('Deployment/test-mailroom','init-mailroom-secrets')
redis_mount = projected_volume.select { |item| item['secret']['name'] == "external-redis-secret" }
expect(redis_mount.length).to eq(1)
expect(t.dig('ConfigMap/test-mailroom','data','mail_room.yml')).not_to include(":sentinels:")
end
+ it 'Populates configured database host, port, password' do
+ local = YAML.safe_load(%(
+ global:
+ redis:
+ host: external-redis
+ port: 9999
+ database: 7
+ ))
+ t = HelmTemplate.new(values.deep_merge(local))
+ expect(t.exit_code).to eq(0)
+ # configure the external-redis server, port, secret
+ expect(t.dig('ConfigMap/test-mailroom','data','mail_room.yml')).to include("external-redis:9999/7")
+ end
+
it 'Populates Sentinels, when configured' do
local = YAML.safe_load(%(
global:
diff --git a/chart/spec/configuration/redis_spec.rb b/chart/spec/configuration/redis_spec.rb
index dd5db4230..5f5720c1e 100644
--- a/chart/spec/configuration/redis_spec.rb
+++ b/chart/spec/configuration/redis_spec.rb
@@ -45,6 +45,26 @@ describe 'Redis configuration' do
expect(resque_yml.dig('production', 'write_timeout')).to eq(5)
end
end
+
+ context 'custom redis database value' do
+ let(:values) do
+ YAML.safe_load(%(
+ global:
+ redis:
+ host: resque.redis
+ port: 6379
+ database: 4
+ redis:
+ install: false
+ )).deep_merge(default_values)
+ end
+
+ it 'configures Redis' do
+ t = HelmTemplate.new(values)
+ expect(t.exit_code).to eq(0), "Unexpected error code #{template.exit_code} -- #{template.stderr}"
+ expect(t.dig('ConfigMap/test-webservice','data','resque.yml.erb')).to include("resque.redis:6379/4")
+ end
+ end
end
describe 'global.redis.auth.enabled' do
diff --git a/chart/spec/configuration/workhorse_spec.rb b/chart/spec/configuration/workhorse_spec.rb
index d8c27b583..7240bf9b3 100644
--- a/chart/spec/configuration/workhorse_spec.rb
+++ b/chart/spec/configuration/workhorse_spec.rb
@@ -155,18 +155,50 @@ describe 'Workhorse configuration' do
context 'configuring dedicated redis' do
let(:template) { HelmTemplate.new(values) }
+ context 'with default redis database' do
+ let(:values) do
+ YAML.safe_load(%(
+ global:
+ redis:
+ host: global.redis
+ auth:
+ enabled: true
+ secret: global-secret
+ redis:
+ install: false
+ )).deep_merge(default_values)
+ end
+
+ it 'renders the global redis config' do
+ toml = render_toml(raw_toml)
+
+ expect(toml.keys).to match_array(%w[shutdown_timeout listeners image_resizer redis])
+
+ redis_config = toml['redis']
+
+ expect(redis_config.keys).to match_array(%w[URL Password DB])
+ expect(redis_config['URL']).to eq('redis://global.redis:6379')
+ expect(redis_config['DB']).to eq(0)
+ expect(redis_config['Password']).to eq(global_redis_password)
+
+ expect(template.dig("ConfigMap/test-workhorse-default", 'data', 'workhorse-config.toml.tpl')).to include('redis/redis-password')
+ expect(template.dig('ConfigMap/test-workhorse-default', 'data', 'configure')).to include('init-config/redis/redis-password')
+ end
+ end
+
context 'with global redis' do
let(:values) do
YAML.safe_load(%(
global:
redis:
host: global.redis
+ database: 3
auth:
enabled: true
secret: global-secret
redis:
install: false
- )).merge(default_values)
+ )).deep_merge(default_values)
end
it 'renders the global redis config' do
@@ -176,8 +208,9 @@ describe 'Workhorse configuration' do
redis_config = toml['redis']
- expect(redis_config.keys).to match_array(%w[URL Password])
+ expect(redis_config.keys).to match_array(%w[URL Password DB])
expect(redis_config['URL']).to eq('redis://global.redis:6379')
+ expect(redis_config['DB']).to eq(3)
expect(redis_config['Password']).to eq(global_redis_password)
expect(template.dig("ConfigMap/test-workhorse-default", 'data', 'workhorse-config.toml.tpl')).to include('redis/redis-password')
@@ -210,8 +243,9 @@ describe 'Workhorse configuration' do
expect(toml.keys).to match_array(%w[shutdown_timeout listeners image_resizer redis])
redis_config = toml['redis']
- expect(redis_config.keys).to match_array(%w[URL Password])
+ expect(redis_config.keys).to match_array(%w[URL Password DB])
expect(redis_config['URL']).to eq('redis://workhorse.redis:6379')
+ expect(redis_config['DB']).to eq(0)
expect(redis_config['Password']).to eq(workhorse_redis_password)
expect(template.dig("ConfigMap/test-workhorse-default", 'data', 'workhorse-config.toml.tpl')).to include('redis/workhorse-password')
expect(template.dig('ConfigMap/test-workhorse-default', 'data', 'configure')).to include('init-config/redis/workhorse-password')
@@ -228,8 +262,9 @@ describe 'Workhorse configuration' do
expect(toml.keys).to match_array(%w[shutdown_timeout listeners image_resizer redis])
redis_config = toml['redis']
- expect(redis_config.keys).to match_array(%w[URL])
+ expect(redis_config.keys).to match_array(%w[URL DB])
expect(redis_config['URL']).to eq('redis://workhorse.redis:6379')
+ expect(redis_config['DB']).to eq(0)
end
end
end
@@ -254,8 +289,9 @@ describe 'Workhorse configuration' do
expect(toml.keys).to match_array(%w[shutdown_timeout listeners image_resizer redis])
redis_config = toml['redis']
- expect(redis_config.keys).to match_array(%w[URL Password])
+ expect(redis_config.keys).to match_array(%w[URL Password DB])
expect(redis_config['URL']).to eq('redis://redis-user@workhorse.redis:6379')
+ expect(redis_config['DB']).to eq(0)
expect(redis_config['Password']).to eq(workhorse_redis_password)
expect(template.dig("ConfigMap/test-workhorse-default", 'data', 'workhorse-config.toml.tpl')).to include('redis/workhorse-password')
expect(template.dig('ConfigMap/test-workhorse-default', 'data', 'configure')).to include('init-config/redis/workhorse-password')
@@ -269,6 +305,7 @@ describe 'Workhorse configuration' do
global:
redis:
host: global.redis
+ database: 7
auth:
enabled: true
secret: global-secret
@@ -290,20 +327,22 @@ describe 'Workhorse configuration' do
expect(toml.keys).to match_array(%w[shutdown_timeout listeners image_resizer redis])
redis_config = toml['redis']
- expect(redis_config.keys).to match_array(%w[URL Password])
+ expect(redis_config.keys).to match_array(%w[URL Password DB])
expect(redis_config['URL']).to eq('redis://workhorse-redis-user@workhorse.redis:6379')
+ expect(redis_config['DB']).to eq(7)
expect(redis_config['Password']).to eq(workhorse_redis_password)
expect(template.dig("ConfigMap/test-workhorse-default", 'data', 'workhorse-config.toml.tpl')).to include('redis/workhorse-password')
expect(template.dig('ConfigMap/test-workhorse-default', 'data', 'configure')).to include('init-config/redis/workhorse-password')
end
end
- context 'with redis sentinel' do
+ context 'with redis sentinel and database' do
let(:values) do
YAML.safe_load(%(
global:
redis:
host: global.redis
+ database: 9
auth:
enabled: true
secret: global-secret
@@ -334,10 +373,11 @@ describe 'Workhorse configuration' do
expect(toml.keys).to match_array(%w[shutdown_timeout listeners image_resizer redis])
redis_config = toml['redis']
- expect(redis_config.keys).to match_array(%w[Password SentinelMaster Sentinel])
+ expect(redis_config.keys).to match_array(%w[Password SentinelMaster Sentinel DB])
expect(redis_config['SentinelMaster']).to eq('workhorse.redis')
expect(redis_config['Sentinel']).to match_array(%w[tcp://s1.workhorse.redis:26379 tcp://s2.workhorse.redis:26379])
expect(redis_config['Password']).to eq(workhorse_redis_password)
+ expect(redis_config['DB']).to eq(9)
expect(template.dig("ConfigMap/test-workhorse-default", "data", 'workhorse-config.toml.tpl')).to include('redis/workhorse-password')
expect(template.dig('ConfigMap/test-workhorse-default', 'data', 'configure')).to include('init-config/redis/workhorse-password')
end
@@ -353,7 +393,7 @@ describe 'Workhorse configuration' do
expect(toml.keys).to match_array(%w[shutdown_timeout listeners image_resizer redis])
redis_config = toml['redis']
- expect(redis_config.keys).to match_array(%w[SentinelMaster Sentinel])
+ expect(redis_config.keys).to match_array(%w[SentinelMaster Sentinel DB])
expect(redis_config['SentinelMaster']).to eq('workhorse.redis')
expect(redis_config['Sentinel']).to match_array(%w[tcp://s1.workhorse.redis:26379 tcp://s2.workhorse.redis:26379])
end
@@ -397,11 +437,12 @@ describe 'Workhorse configuration' do
expect(toml.keys).to match_array(%w[shutdown_timeout listeners image_resizer redis])
redis_config = toml['redis']
- expect(redis_config.keys).to match_array(%w[Password SentinelMaster Sentinel SentinelPassword])
+ expect(redis_config.keys).to match_array(%w[Password SentinelMaster Sentinel SentinelPassword DB])
expect(redis_config['SentinelMaster']).to eq('workhorse.redis')
expect(redis_config['Sentinel']).to match_array(%w[tcp://s1.workhorse.redis:26379 tcp://s2.workhorse.redis:26379])
expect(redis_config['Password']).to eq(workhorse_redis_password)
expect(redis_config['SentinelPassword']).to eq(global_redis_sentinel_password)
+ expect(redis_config['DB']).to eq(0)
expect(template.exit_code).to eq(0), "Unexpected error code #{template.exit_code} -- #{template.stderr}"
diff --git a/chart/spec/gitlab_test_helper.rb b/chart/spec/gitlab_test_helper.rb
index 33808c0b7..93b4c3ae9 100644
--- a/chart/spec/gitlab_test_helper.rb
+++ b/chart/spec/gitlab_test_helper.rb
@@ -150,7 +150,9 @@ module Gitlab
filters="#{filters},release=#{ENV['RELEASE_NAME']}"
end
- stdout, status = Open3.capture2e("kubectl rollout status #{type} -l'#{filters}' --timeout=#{kube_timeout_parse('KUBE_ROLLOUT_TIMEOUT')}")
+ cmd = "kubectl rollout status #{type} -l'#{filters}' --timeout=#{kube_timeout_parse('KUBE_ROLLOUT_TIMEOUT')}"
+ puts "Executing in Namespace #{ENV['KUBE_NAMESPACE']}: #{cmd}"
+ stdout, status = Open3.capture2e(cmd)
raise stdout unless status.success?
end
diff --git a/chart/templates/_redis.tpl b/chart/templates/_redis.tpl
index 7ba03e59e..7935acf01 100644
--- a/chart/templates/_redis.tpl
+++ b/chart/templates/_redis.tpl
@@ -15,7 +15,7 @@ Build a dict of redis configuration
{{- if and $.Values.global.redis.redisYmlOverride $.redisConfigName -}}
{{- $hasOverrideSecret = (kindIs "map" (dig $.redisConfigName "password" "" $.Values.global.redis.redisYmlOverride)) -}}
{{- end -}}
-{{- range $want := list "host" "port" "scheme" "user" -}}
+{{- range $want := list "host" "port" "scheme" "user" "database" -}}
{{- $_ := set $.redisMergedConfig $want (pluck $want (index $.Values.global.redis $.redisConfigName) $.Values.global.redis | first) -}}
{{- end -}}
{{- if and $hasOverrideSecret $.usingOverride -}}
diff --git a/chart/values.yaml b/chart/values.yaml
index ae4e61c25..2a929b284 100644
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -57,7 +57,7 @@ global:
edition: ee
## https://docs.gitlab.com/charts/charts/globals#gitlab-version
- gitlabVersion: "17.7.2"
+ gitlabVersion: "17.8.1"
## https://docs.gitlab.com/charts/charts/globals#application-resource
application:
@@ -193,6 +193,7 @@ global:
# writeTimeout: 1
# host: redis.hostedsomewhere.else
# port: 6379
+ # database: 0
# user: webservice
# sentinels:
# - host:
--
GitLab
From 9b060444b84dee3b5e590d29bfb22afadda723f9 Mon Sep 17 00:00:00 2001
From: Matt Vasquez <evasquez@bridgephase.com>
Date: Fri, 24 Jan 2025 17:58:25 -0600
Subject: [PATCH 3/3] Gitlab 17.8.1 Updates
---
CHANGELOG.md | 19 ++++++++++++++
README.md | 34 +++++++++++++-------------
chart/charts/gitlab-runner-0.71.0.tgz | Bin 28734 -> 0 bytes
chart/charts/gitlab-runner-0.72.0.tgz | Bin 0 -> 28892 bytes
chart/charts/gluon-0.5.12.tgz | Bin 4658 -> 0 bytes
chart/charts/gluon-0.5.14.tgz | Bin 0 -> 4680 bytes
chart/requirements.lock | 8 +++---
chart/requirements.yaml | 2 +-
8 files changed, 41 insertions(+), 22 deletions(-)
delete mode 100644 chart/charts/gitlab-runner-0.71.0.tgz
create mode 100644 chart/charts/gitlab-runner-0.72.0.tgz
delete mode 100644 chart/charts/gluon-0.5.12.tgz
create mode 100644 chart/charts/gluon-0.5.14.tgz
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 28fcdd86a..3047188a4 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,25 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
---
+## [8.8.1-bb.0] (2024-01-24)
+
+### Changed
+
+- update gluon 0.5.3 -> 0.5.14
+- registry1.dso.mil/ironbank/gitlab/gitlab/certificates 17.7.2 -> 17.8.1
+- registry1.dso.mil/ironbank/gitlab/gitlab/gitaly 17.7.2 -> 17.8.1
+- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-base 17.7.2 -> 17.8.1
+- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-container-registry 17.7.2 -> 17.8.1
+- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-exporter 17.7.2 -> 17.8.1
+- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-mailroom 17.7.2 -> 17.8.1
+- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-pages 17.7.2 -> 17.8.1
+- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-shell 17.7.2 -> 17.8.1
+- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-sidekiq 17.7.2 -> 17.8.1
+- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-toolbox 17.7.2 -> 17.8.1
+- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-webservice 17.7.2 -> 17.8.1
+- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-workhorse 17.7.2 -> 17.8.1
+- registry1.dso.mil/ironbank/gitlab/gitlab/kubectl 17.7.2 -> 17.8.1
+
## [8.7.4-bb.1] (2024-01-22)
### Changed
diff --git a/README.md b/README.md
index 346553c39..9f478da60 100644
--- a/README.md
+++ b/README.md
@@ -1,7 +1,7 @@
<!-- Warning: Do not manually edit this file. See notes on gluon + helm-docs at the end of this file for more information. -->
# gitlab
-  
+  
GitLab is the most comprehensive AI-powered DevSecOps Platform.
@@ -48,7 +48,7 @@ helm install gitlab chart/
| global.image | object | `{}` | |
| global.pod.labels | object | `{}` | |
| global.edition | string | `"ee"` | |
-| global.gitlabVersion | string | `"17.7.2"` | |
+| global.gitlabVersion | string | `"17.8.1"` | |
| global.application.create | bool | `false` | |
| global.application.links | list | `[]` | |
| global.application.allowClusterRoles | bool | `true` | |
@@ -362,7 +362,7 @@ helm install gitlab chart/
| global.workhorse.tls.enabled | bool | `false` | |
| global.webservice.workerTimeout | int | `60` | |
| global.certificates.image.repository | string | `"registry1.dso.mil/ironbank/gitlab/gitlab/certificates"` | |
-| global.certificates.image.tag | string | `"17.7.2"` | |
+| global.certificates.image.tag | string | `"17.8.1"` | |
| global.certificates.image.pullSecrets[0].name | string | `"private-registry"` | |
| global.certificates.init.securityContext.capabilities.drop[0] | string | `"ALL"` | |
| global.certificates.init.securityContext.runAsUser | int | `65534` | |
@@ -399,13 +399,13 @@ helm install gitlab chart/
| global.certificates.customCAs[29].secret | string | `"ca-certs-dod-trust-anchors-self-signed"` | |
| global.certificates.customCAs[30].secret | string | `"ca-certs-eca"` | |
| global.kubectl.image.repository | string | `"registry1.dso.mil/ironbank/gitlab/gitlab/kubectl"` | |
-| global.kubectl.image.tag | string | `"17.7.2"` | |
+| global.kubectl.image.tag | string | `"17.8.1"` | |
| global.kubectl.image.pullSecrets[0].name | string | `"private-registry"` | |
| global.kubectl.securityContext.runAsUser | int | `65534` | |
| global.kubectl.securityContext.fsGroup | int | `65534` | |
| global.kubectl.securityContext.seccompProfile.type | string | `"RuntimeDefault"` | |
| global.gitlabBase.image.repository | string | `"registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-base"` | |
-| global.gitlabBase.image.tag | string | `"17.7.2"` | |
+| global.gitlabBase.image.tag | string | `"17.8.1"` | |
| global.gitlabBase.image.pullSecrets[0].name | string | `"private-registry"` | |
| global.serviceAccount.enabled | bool | `true` | |
| global.serviceAccount.create | bool | `true` | |
@@ -790,7 +790,7 @@ helm install gitlab chart/
| registry.resources.requests.cpu | string | `"200m"` | |
| registry.resources.requests.memory | string | `"1024Mi"` | |
| registry.image.repository | string | `"registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-container-registry"` | |
-| registry.image.tag | string | `"17.7.2"` | |
+| registry.image.tag | string | `"17.8.1"` | |
| registry.image.pullSecrets[0].name | string | `"private-registry"` | |
| registry.ingress.enabled | bool | `false` | |
| registry.metrics.enabled | bool | `true` | |
@@ -850,7 +850,7 @@ helm install gitlab chart/
| gitlab.toolbox.replicas | int | `1` | |
| gitlab.toolbox.antiAffinityLabels.matchLabels.app | string | `"gitaly"` | |
| gitlab.toolbox.image.repository | string | `"registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-toolbox"` | |
-| gitlab.toolbox.image.tag | string | `"17.7.2"` | |
+| gitlab.toolbox.image.tag | string | `"17.8.1"` | |
| gitlab.toolbox.image.pullSecrets[0].name | string | `"private-registry"` | |
| gitlab.toolbox.init.resources.requests.cpu | string | `"200m"` | |
| gitlab.toolbox.init.resources.requests.memory | string | `"200Mi"` | |
@@ -887,7 +887,7 @@ helm install gitlab chart/
| gitlab.gitlab-exporter.resources.requests.memory | string | `"200Mi"` | |
| gitlab.gitlab-exporter.capabilities.drop[0] | string | `"ALL"` | |
| gitlab.gitlab-exporter.image.repository | string | `"registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-exporter"` | |
-| gitlab.gitlab-exporter.image.tag | string | `"17.7.2"` | |
+| gitlab.gitlab-exporter.image.tag | string | `"17.8.1"` | |
| gitlab.gitlab-exporter.image.pullSecrets[0].name | string | `"private-registry"` | |
| gitlab.gitlab-exporter.metrics.enabled | bool | `true` | |
| gitlab.gitlab-exporter.metrics.port | int | `9168` | |
@@ -909,7 +909,7 @@ helm install gitlab chart/
| gitlab.migrations.resources.requests.cpu | string | `"500m"` | |
| gitlab.migrations.resources.requests.memory | string | `"1.5G"` | |
| gitlab.migrations.image.repository | string | `"registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-toolbox"` | |
-| gitlab.migrations.image.tag | string | `"17.7.2"` | |
+| gitlab.migrations.image.tag | string | `"17.8.1"` | |
| gitlab.migrations.image.pullSecrets[0].name | string | `"private-registry"` | |
| gitlab.migrations.securityContext.runAsUser | int | `1000` | |
| gitlab.migrations.securityContext.runAsGroup | int | `1000` | |
@@ -933,14 +933,14 @@ helm install gitlab chart/
| gitlab.webservice.resources.requests.cpu | string | `"300m"` | |
| gitlab.webservice.resources.requests.memory | string | `"2.5G"` | |
| gitlab.webservice.image.repository | string | `"registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-webservice"` | |
-| gitlab.webservice.image.tag | string | `"17.7.2"` | |
+| gitlab.webservice.image.tag | string | `"17.8.1"` | |
| gitlab.webservice.image.pullSecrets[0].name | string | `"private-registry"` | |
| gitlab.webservice.workhorse.resources.limits.cpu | string | `"600m"` | |
| gitlab.webservice.workhorse.resources.limits.memory | string | `"2.5G"` | |
| gitlab.webservice.workhorse.resources.requests.cpu | string | `"600m"` | |
| gitlab.webservice.workhorse.resources.requests.memory | string | `"2.5G"` | |
| gitlab.webservice.workhorse.image | string | `"registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-workhorse"` | |
-| gitlab.webservice.workhorse.tag | string | `"17.7.2"` | |
+| gitlab.webservice.workhorse.tag | string | `"17.8.1"` | |
| gitlab.webservice.workhorse.pullSecrets[0].name | string | `"private-registry"` | |
| gitlab.webservice.workhorse.metrics.enabled | bool | `true` | |
| gitlab.webservice.workhorse.metrics.serviceMonitor.enabled | bool | `true` | |
@@ -951,7 +951,7 @@ helm install gitlab chart/
| gitlab.webservice.metrics.serviceMonitor.enabled | bool | `true` | |
| gitlab.webservice.helmTests.enabled | bool | `false` | |
| gitlab.sidekiq.image.repository | string | `"registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-sidekiq"` | |
-| gitlab.sidekiq.image.tag | string | `"17.7.2"` | |
+| gitlab.sidekiq.image.tag | string | `"17.8.1"` | |
| gitlab.sidekiq.image.pullSecrets[0].name | string | `"private-registry"` | |
| gitlab.sidekiq.init.resources.limits.cpu | string | `"200m"` | |
| gitlab.sidekiq.init.resources.limits.memory | string | `"200Mi"` | |
@@ -969,7 +969,7 @@ helm install gitlab chart/
| gitlab.sidekiq.containerSecurityContext.runAsGroup | int | `1000` | |
| gitlab.sidekiq.containerSecurityContext.capabilities.drop[0] | string | `"ALL"` | |
| gitlab.gitaly.image.repository | string | `"registry1.dso.mil/ironbank/gitlab/gitlab/gitaly"` | |
-| gitlab.gitaly.image.tag | string | `"17.7.2"` | |
+| gitlab.gitaly.image.tag | string | `"17.8.1"` | |
| gitlab.gitaly.image.pullSecrets[0].name | string | `"private-registry"` | |
| gitlab.gitaly.init.resources.limits.cpu | string | `"200m"` | |
| gitlab.gitaly.init.resources.limits.memory | string | `"200Mi"` | |
@@ -989,7 +989,7 @@ helm install gitlab chart/
| gitlab.gitaly.containerSecurityContext.runAsGroup | int | `1000` | |
| gitlab.gitaly.containerSecurityContext.capabilities.drop[0] | string | `"ALL"` | |
| gitlab.gitlab-shell.image.repository | string | `"registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-shell"` | |
-| gitlab.gitlab-shell.image.tag | string | `"17.7.2"` | |
+| gitlab.gitlab-shell.image.tag | string | `"17.8.1"` | |
| gitlab.gitlab-shell.image.pullSecrets[0].name | string | `"private-registry"` | |
| gitlab.gitlab-shell.init.resources.limits.cpu | string | `"200m"` | |
| gitlab.gitlab-shell.init.resources.limits.memory | string | `"200Mi"` | |
@@ -1007,15 +1007,15 @@ helm install gitlab chart/
| gitlab.gitlab-shell.containerSecurityContext.runAsGroup | int | `1000` | |
| gitlab.gitlab-shell.containerSecurityContext.capabilities.drop[0] | string | `"ALL"` | |
| gitlab.mailroom.image.repository | string | `"registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-mailroom"` | |
-| gitlab.mailroom.image.tag | string | `"17.7.2"` | |
+| gitlab.mailroom.image.tag | string | `"17.8.1"` | |
| gitlab.mailroom.image.pullSecrets[0].name | string | `"private-registry"` | |
| gitlab.mailroom.containerSecurityContext.capabilities.drop[0] | string | `"ALL"` | |
| gitlab.gitlab-pages.service.customDomains.type | string | `"ClusterIP"` | |
| gitlab.gitlab-pages.image.repository | string | `"registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-pages"` | |
-| gitlab.gitlab-pages.image.tag | string | `"17.7.2"` | |
+| gitlab.gitlab-pages.image.tag | string | `"17.8.1"` | |
| gitlab.gitlab-pages.containerSecurityContext.capabilities.drop[0] | string | `"ALL"` | |
| gitlab.praefect.image.repository | string | `"registry1.dso.mil/ironbank/gitlab/gitlab/gitaly"` | |
-| gitlab.praefect.image.tag | string | `"17.7.2"` | |
+| gitlab.praefect.image.tag | string | `"17.8.1"` | |
| gitlab.praefect.init.resources.limits.cpu | string | `"200m"` | |
| gitlab.praefect.init.resources.limits.memory | string | `"200Mi"` | |
| gitlab.praefect.init.resources.requests.cpu | string | `"200m"` | |
diff --git a/chart/charts/gitlab-runner-0.71.0.tgz b/chart/charts/gitlab-runner-0.71.0.tgz
deleted file mode 100644
index 7c208e5223edaec89cfc7f30b682c9a4edd7c3d3..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 28734
zcmV)DK*7HsiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PMZncH}m)D7c^VE22``mgHT`i>_7Ktv)5I<SMmQl15UwPaoTp
zg(Q)gu$Tl*fGMSAoi#r&Z}S85I1lqWKd|RZ=1XQF0FWS)dC|q??%qYORaTNfAP@)y
zA_9THfXR^byd;exnlulGB$15?8HNA$j8Ci8YVB@s<NsT&R{8&}-L1`kYj5wh_qKL7
z+gn@z)@pC<?QH%Vw4M`*Sx+h?N&c<%<hIJ4`zLuw%)Y0IU_9!;xLqT0oc(O?HFg`V
zT0n)Luvp@|cTAp;9$X;1)R?c{4W*1lr`go3)bRPJnZ_X}foOV7F%goEnsLH^roL>F
zF_9!`Ztk>RZEZC**L6ca;EgyM)UN5|h9`mO)I1n4S@XbWH4g$BhkQ~S5f(|pBAQ?U
zIwCCWfJoz*C-P0+dJP~VBbp(59Qlo!epBG~n&4^TQv_Dg2UC_OgQl;hg=iLQFRC=F
zbijSlaH^Q8R~uWpw;FrxMyvLD#=kiK$0SUtcy0kOfBx@oZ|#-m|MuqQ)|dJJIi8i3
z;+%%#5gE|h%1Uiz1-_X;K>H*OB`~=rAQdbcKtcyh$Yj!3g6}&dj9Emz@!j`F7njFp
zr}ql(&5$M(vRA+aNODah=qG#x`68r$=Q0WUjD~?hE}{KO*)t23rq7M|=-M7MH(zhP
z+WK!i325@oWdHQw!_ilQCvu+%|0_XB;tzlLY2S7se`7E><&t*bxDOMaf<GkDfPx%S
zV2XqwIsQm{X(UrfXh?}rga!QsJX({`=gELdRo1C5sGlZGP7Zk_>8<=zUP%tAFz^K=
zX#_lifc5({p^=1CsPTI%8VWxw)Tu!>T%D?ctAU1=iN<Nk1+W5=3_6ev<y}J$(Lpva
z_xCl0<llxgGE7ors`oTB;|e!S4vTWwOMA>SeOg~2h?(aH%~`c8MtDP^g<}#4Ny3mw
zWFx{t0X^!IR8aU7q@$k4A|^j6PK>yOnE2OZKm%Y=KB5hH&u{3MCNJTWWD&#CaY6-+
zq#`+74VeI+M}0O(6W!7c3qv4b$Zux%Sq+;|EI@DLkoio86QB|4g_;`_ioBmS83{>A
zfNyfVYpI}DEMgt#lTc6`jLVq%tUm#wu|H44@SKOtpD3n7$ZA0ajgMJlM>LYE?%F|k
zLndMkSYOw^A_LXiwU9_E<l0N1p-_y9th;vHKjrdVQ(~<!IhcfiQ%zJ7$Kgbk|C#q7
z8!7=INh5zq1L#daDiYFL>Zg(?NYsyNgyJ*|yD?&~NB}=*tVQEG?a?Hnl8T?4NyKnG
zri4UZxWPEC!-`{k8cT<DMAI<SN}NznHB19DQrWc1X{n}v-glSoY7!jV!k5%fs1$0t
z5;*5dgu!<iHdcobAo98yLPnfej)rSG$pJN<+R3~{-AUD9p|SON<Pk6CTHxkfWIEHS
zDXHWcU8|0tkzSszUq@<Ou@U8|e5poFP@hMEc!>-cvN4UQ5I~{;5=sJwzv6`Vs8H-p
zENjNtP5s4yyVQ_6u#JrznmMN@jD>uzD%1+UI&gQ7XscPnNcfh9WRd~fZQ-|=CX5H!
z+qQlyQs1XSTn!T{hCB>9(8l*lmZS-F-f!W1Ns|$aPzt<Dh)>UpP`6qYm}g|rs26{J
zCfpTP@A(akNHlRq00oqusd{cfLY1^4s+D3T9tLosKVB-P*W!i=c$>)>TrqD*gyJKi
ziYXD|n5os|Jrj~AlM^;#68oTqE47QtB~8XOfsYp_u#U?~oN&o~9&Ugf66pX|Q-*3`
zXSzZLM2XO;X){AB_xWf<qChlR6wuqoP>#Ztq9C`8XrkzEACquOHJR`<@dB=7E;fLj
zdV6$!addcab@aA_9lX$!T(2Eh991Ho00{ym5+ZtI7F1!iivmR|g<iR1ls0{4x+j_u
zz3KW1#Rj`KJh|?N{06&e1{uq_XdzY|sMoVmF>Cz8(bWs)DAmK!Q~WOzM#nVJik~8x
zt%B=!<kJQmOVk&KO2bkuDp3&u3Ds<wWMfVPgL^I^*KerNx`t$|{`4(x5(yJ3UqUaH
za6>cxQ7bQrfZj48Rfn*>4VN%EF;<WqAES)tNEn(zO4I0bHN|t0U`Fa=91smU<Ipt$
zXl{bB2Z1M5I)zqU9LCOMJ8C>!k<+$E0~E42&gyS91uXH&#DKEI4jp3aNrc*^kE(0L
zBM-@;C}h`Q_!wogpxBp+j>CvaHc(oGmI+LVluoZ=kDiWcRG5%PDT@;x(?lx0N~8(4
zO(YJH%osS+<*d>da-W2T_6^BLA&`VZ-T)1hA*0LcA!7p4$Y`1r7kN*a2RW~5g|W|W
zRb3^yJ`KV|dY@o@L`hU4-VG7im>HBl9xHY@I6vNasf_|u5HpPOj+pKSG^Co;8PpMp
z$Uy0^N+rwRH#EGfse%e;7SKqtKC?PnE={ArXp;VrMO2g3aH4M2Az!0F5T}zaK^0Mm
zRdzJTXwt0*G)}0msIl?Vg}{XAX3(fjk)i`KNoj7J2+8BPNavR@U}L2-f@C9P`5VH}
zG6N=sQdYJ2vXiOtx#zB-$v|ll{WQcrKtg{>sgRBNdWM3h_%TU+DO`=y_A=zr0BFS1
z!7wum@<qSU?+k%(^6>e(BG@1zp{OlVi*{Rjxxb{EJAIl+p*7A^GE#ONpt-J4i-{26
zr$X`(mg_Sg1&iuP(f-uJ9ML{c_?QK1t<mm3)L-?o<q}9Y31_{Zsh>#%p^B>VA|^h4
zsclOXVhTKxE9P;kj3g}I9P$w@c_A7lr-bTX69Se{UnxDyQ`TXtrVNEAXxR4@nQ5Q}
zqp>Pz;BoZc3a`%-x0t6IXNGE?B*}m(hW6x;dIn2@E45zoN<-19P+&*omW|R8MCqtU
z6SXue+apcTJ)vgO<GM$Jv09D-ukc#;5|IsgkD%RQ*Veq*Oo2Sja58oXq>*HL1?cm{
z%&lQ61AY^M5}-!>u#qxIQi;-z-YTJ>>ck0GO7#Qg!qd8BQR_-=19d?6>n-goBf&AS
zV90NP_oZ5!lub<iYdaqlpDVqrm$ESUe50XIIF2Mu#w4^xM$S2fxw<AG<b#0{tRWrK
zumJ~S!a{V1X!o>QhC2|@UOG@_WuL!<8<IpXfhGx0UP7Np6263(M9lwOJzP;ppD29G
z(_&WV`aBsCIjeVeX_E9-zJ#9zw(|LU@+~5_s4JH=lF0<#UY^=X@cSbtu+6t3T7;Yx
zMLv%r4FJeM3;L^*OSq;qCZSsR^8(`Ybt7-|1GzmI&<@nwJ0opV9oRLkN5l~H=9@8W
zmG;o1#z95{h!e&WYh1Bt%zZ7hIO<pmSYfrXGOM;yTZt2Tq(~Wa7RgI&qyxXzRsg6!
z<WL{dFy!@uC-G)T<*;Z@iy=?L0EARpkM>;))O<u{ktzX2(omw(q1}^)m5m~$6*FDW
znD$H<4`}ex`al!#l`X~)gV-$M1md(8GT;2~_*}u`2_!U}0N0B)y_GbHNC?O0KvKye
zV8Z8PnrJl!TPKJw^XY-_^E5K5hFR57|5A`t?UDMdjX}K%@IV37xZ>W1QZ1C;Lyc~n
z3dMJNL~=X}{q5Ai_SbrF0ak!S5tlfi0-ZnTiMPVP{i@Z%H!RZqJLie)z^m5lEqrae
ztzW-xDZL6{<v0SL2wJ3f!}R`Y5@WYdc|cXYhEmp*oe<y}6TH*}w4XD6B*N$&*m7h(
zcVMffu)&wM<7h0a7a=FXHzZUuC%HsT?1DrCDmwTTz=L*Uv$56KZf<QNi0?_r0wW|l
za2Tda%|AYW3GXQhLMp_|46&DR;y|wfIQ{DsziATob9O5d#-a^lk}#CghU0sg_gf9?
zkP8X4F=&{1(QeRNGKxcL_gJDqLIw7%Vx$55kO*<A9jSGEGd=bIGBgkrbwsX+m9`d4
z53KH{nDSemz{NKQht|{FsU<z)BdP85W>jPooWKPSDe61wk8fCn4xPN~#w^wK(V$~O
z4~=3ULzqv>^!oG?J{9LyLs$M}!I4mKhn!}H>&j{_e?l^S!nSH)ns%m%)qrpy1~gK7
z8x5)^G+OJrzJn$jh`J-vZg--rsu#%GP?nF<{p*TdaFa+2Awvb%m3NMNeds?bcV0or
zc5!NuBYZi9uXeJzJq($UN|GdLsBJhk_kuuM9w?Q2#D_$UU99XZ<O9*rFph{n#G3hb
zgQ{{(C&Dm-2P9_i5}wAQlWqLg>#(lI-zV0Q;PZsS!TB)^RM8DZ4s0qKsNtfcSWX%i
zptZ7GfM3_=RvFWzw`_4;=Yo;|MhYv^Q+m2~r5hQHjzC2&vmEq!81frbFIjZ$Kv_n)
zvO814*=BKlQC0(>b}o{bdCpMS<`AO}{O}V_=MtfQsM9fxq^R4kU}^G0U2#DDCDd<-
z^oR8s)iVpV5`>-r3W#=_%z_g0U~YX|{bhYXr31v_p&#lFfGOZjA|>&M^_TjWqHR@s
z3i`{u)fjvJavJ&N+YR|(c0)+v86+_qW6M+JWj&1pGMmOmI1oMQD*+dYTUC2LKDxe{
zD5;(UMzHmWKy5MKYRpxg9t)Yo-CDgf+|=$sci)!xwMmbleZ3xgH%cwz3GgVKAUGD~
z9up<Lb-BN>K#4lFCfY4)1oP22#`0NO@X26*!N^GMxnX_1vN4hAVcK28gbq8<9=UZv
zwRkkk&&HFaww4(cYfL7$YVO)PahG#6K}uZ_FIBVsG}MkLr?5!<ArJxdS~SRr{K_M8
zBeY23A@xWS8NvCzwjM`hqFwfC=r}H=)~?jjyDQ_c3;i_GHW3rRMp@VaiQ|ybpaCD4
z(O!Q^xzw70jqFgAeTmABZn#K<14nPs-(e2!9jL2+$&KhRGU{~h?x3MN($H2@!%U6i
z0PgQQs#<fp3?n0@rr;WXe_x*~(-j697rh&HEt)!}p{Z<)LCON!BtmeX5lKDMH_u?<
zDFpQHSl-5xEaVL86erClp;G<wnGvI>6k~%x#~)O5b6x;|4xwnqJn(Fgk!Rl3zy)uj
z8)oUNRtzbUJ347GaHu!~c!Y8Rm+5jSfwr?0>&IyrmbO8#@T@Vd=&U5-S~T;OSamj&
zTF(2@*fv*45KPBFNbZqx(T5Lyxx-T&Fcn;(bc3RUqo^RFN3if_jy7McIzx}w)vwOp
zo^{asZWS=4$>%C~mHvG-G+uOL<d&MV&Ub4pDBW4<-ua%Sl0w#6AV#bUN0+yPhr*|7
zo&3`$kaQHQnQZ$K<<`{73LFFhQ!|Q$*11xa$kT}b4l?<RKz@`!HbF{@#c_ql<X>6>
zEg?2oB<Vm;qw|E1lt@SgjHpbQFM!_S7E!WH<cP6>Mm%DYCoCE?R|+0akN0uw$iVg#
z9A^W`ysq$d6>MCRZ^+?}l0j6VX?v~y*2<RoY9O5FUO}Eny9s3>ElCKcjSjrt+}Sk1
zbBYpW`J4Kl-Y4RTopm2Hb(GN4VV@+GJfPCJpm|?ILszMv5WN?TJ8uoRpueOnp~m-V
zna}{vH!OQJ<Ts6y?qJ%jT(Pxv;Ls-*h9T+EFbmJIO_?Finlu0`99_xkCPmPWn4Ar?
z5^8zw+V>e>AieZBCSwx9I!e<UCa5zYdBD1!(;KB$3LKtS%jRzW%8H?)v%mOjMdQ@f
zZwpOjcv?43K^A4>PqW}P5dM&kC<^kI8bu|p)E`B_x?Bh9>XQRH#rRqRGAu_S+bK{Q
zig~0NFgZ;1ymz?W=c7>?F*#`tX*lxCxtLzad(9DHkv%A*WTNL(6O#DX_M@K!`9D^$
z8I1JNlVW#eDD>PbaD~!2K3*I{Oytm<Cy1wKwND~+Eh43LR9O+Ys@{Qm(^SZ*d5}5V
zKH#Sdid?TTLEg^7nFV@!vnVeX4Jg{xzc1%$jJt`(%W$A5_HN{&&Z2=?AEvsveCMpp
z`hELW?9^0SrS6o3^OU^Q6DkwPnb@^VGG;`<SS-}7!aZ{dD+pLuzLq9n?m;Mu(n=6j
zis}@c3gKB0o!Thy^KBDg`q)aqQ6I;UM*_hlA|vK2Rp|lxPG(+Ohm;pldBc-yr6ZVk
z%@u#hxzblXjD+Pkk;h_>1c6!)@{afx!D;U|$@taP<ecq2C)Bu1py%p@ZOvn`gS35n
ze4fp)f;y6sKjb9nnXRYebHkZBfHmvKiBsm;@eiwj7xv-`l+U|hNpI%V@i`>8U8m+1
zhSL)C=IKTMcN_q6BfKc=d1eozx(|i@#C$*si?5LqauQn!;cO{ZZzL+7J2Jzh^v`GS
z9PT!Xp_(LFIji|AL^GC?xRIG5JiCASQW)`oqFQVwJ_a{uWKfp7qJ-VM&FPw{?bB_j
z!dlf%qktxGGi3hI#zvKwVqOUQBngEP35)}Q*ch0`vy;?zJMU1wJw1ob9TnMZm2n+-
z5p&_3RQkQR9QWH58)TNBBkD8MR4=C2z@o}`jz>3!#Etc}C$6--q{JU$OxVx7r|dKn
z)~)y9^8nQx_DiF0p?Q{ul0m4%vyd45%>>Xf2~!<vE`aE;1>>Co!S!iL64}E}pj1ig
z6Je3S4TL_P;R4WIma%i5LKSa_p(f{$-$-sW%dTXx=#nVtDvrAr%@y>IpiL^{(6cU<
znH_t+*s2;B$Q}3%^_Cy(iM5}8GTzdvBW&gq<U1y?5B0md#)UpT+BmiEwO2(y`h3_v
z)b#;P%hU%w!NXKits-k5R(_VDs{hbup_!3~T5(3N2nl&Kz+tJ6d6<r<sH5-B{Q97`
zt_lYx%u=SIJ75odiLuuG?C^joqPS)h%ZU=PQ5xn1Jl6`k?bP2;#Mo_E$CIfrbr)n^
zpaVH|YttUv#eq#dJO*&Bci5eU+~hOR;pH#25;#+MJ^Bcav$!c7Y%u%Ge&9g^G7ymM
zU^vlB#$^hJd^A#GB_`S#Vnv>+_&at%fp-S7u#UJ6AA1}jm)E6Gh#CF1@qQ*i3fA*@
z*o|WJoS-_o|7YGSyHRaoi{Fh32FoiO#WlBEOmDE_5Mo?|8rqyOlQjAr$16#rkC7yU
z!4iBod;Z`yaFRyo<)FUew_ZYU@%bHb&l)RWUf!nA4pzIPoeM=zA2`8tsqPs+<K@J!
zX8TtGC}$NhWKtDa52G~gF)$xb$qbh0a`k$XN-lh2T;3}|-hydbcy0^Xev5n7Qb}mB
z1wEn!dj<i|8|$iOkKkLD7)2-y5kN$>3``>(S0mvaZqI~jIw=79An)Z?{##^GwK+P6
zdcTKQ;;)G<Z8)sC<FKaRUDL@Ld<AQ|tol_!y3+nZFXRKIT<LAhCTc3e8%@liWKTo(
zt|{(#TC`Sio$zI7H>3=DxCO<0uvo&6b_>Px`UxL-A(M&-`x(Of^}q8p(V-3B(Mf$~
zjjU6;hIZhq8V}SXi#(#CHs>?Iz!$$C2fRDHoX-N9Hb&_B3B|KzBowG7bY`&0fb&5}
zJ=_k{G0vV-wZJ@hkkKhP)kfpd6L3MGx0!{Cj&$IQEaDrR`@7P5Q6^>^K+Eyo{H{;&
zm+IlZYJElpU7*oaTA?So_QuR_1FJOf5W@5FW`PyV%w+noYMih!kyK68nLOc(D%pX3
zx3Exts5cJ0wSP7Su>G7VOA1|fCD8HP*#f9U6<zIIzxX_I=-}5hp<YQ6(V$8Yy__R<
z=B_V9wNbgmVB>ZtS?LAHE5+9{)*NJ(5%Uu+cwcHICGt|y#M(_Ec|ryh_eF&L<>4=n
zMKa+*n)AhSJm7R=_8K(Rql^`7c-m}knCf?-?z8cOvg_3B$YR=+DX^7W0R`2pVK=;-
zP<Oi$+sZm%kO}RBKr7c3DutPWf~Cav6-{LGZP_;F3ut5gPPH<(){;%*3^E6Vr$!&U
zJ2kEqs5s13IPWtxD*liLX_$HXoMW%{lbbQ5F)ParI*sDc1z6ygiZhiJoR%dfXc{m|
z@m<Mbnh^TY#M2Q!UiPJ4+B34+qObF974st%&SpQryJr;8La3dPBnn6ph^7wTDx~>R
z;tqGHlniDe9nd4C?HkXO4Yx`t3C^N$a>2R$mW5R3S9HFo(SbPSk^0`TXB%P*(Fx-7
zNvwl>nT_BJ5*~Nphx)<ENxi(Sro)&4jUYPEDWq^1J(C8;NgyR=jXS!q;eu)r_tKs(
zQ3HpE>FI+=tZYA>Wl{}M!oyIRhdCO}6^ktr+x(p!q)Oa|?V+O)xxGx20qsCLfAcZQ
z{L>xKXRfsWy@>mKo*LunCCgbiLp-CQ6G1&IQ#mo54qqWxd=xb4K-(M}!&ewE-+|qo
zovp1JK)?KA1qUyrik>9Q!t3#~-Br<vzKs9YcF<(K%aYKoxG21S{Tg3o&8Zhf@@1R1
zCeMMkEkZV8a{AQr^2?A8V)wErde6y-g}(1Ryxy>hZZhK!I^xNs1DiX$ADDUP$7u&P
zTdk4#P2(XQsWsIzD}M)e+MA}h?M@kBd-GKhV0$h=-98=`?e|&4q@Iy656oFSo5<~v
zbkaaDa4q5iZLSd0j7OrtBavjDeWS=`|JGa2D=TotV;=Is<T6(B>X1ij`mx9)gPKP3
zV(BT6iF%KYnXi){n8rMTt*J4!&EcTRS;%CAe54QS=^RYj2$=Q*(=m<03Ft<EDCJMU
zuRPMba^RuxxTZI`?63`gM<*RDY2M!qY4kA?L^9E5TCBX~r(9l|1<Dk|*nmqKVqyr(
zFiIjxe|Vzf2C|m`ea<`3Bl^7GMH)#qqK6?7B6qJojXmr<Ni=K^&n!00j#1W{bBNKQ
z>sjQ}0#f>%du|EkqR|8Zyqwx5G8;lL-P&k^xaceoJfLpW#S{8m#cSn>p}MdB$cAYN
zma>U;3~NPP+Ekt*<}ypZB;36+-L77HhIEvj_oIU}BnhaskS4gbDbVMdpTyNcvc-Pt
z;vJ|f{XlC&CuSD__jIM6tEv$mVhlE{CpI|IS=s-x5ADY8#uEe$wuC~(w4`3@No#-F
zb8-$%FRHpdA`=sdpz(hRa+r#O>niJw-Y8)@kXCO3sB)Uh&Jn5dkfEmSjyEWc+=^f`
zD2PtO2!(4k_v`ZqqHd<K4Lj;U{pgknDawi}jm9kD$jRA(WKrDQusN)<%v6O`N+utV
z>XvYmV~v@jU_VXJjc@cR;A894cVU<u0$J`SH$fKKI+h!XvHE#7KF=G{F#h!H2`zMH
z1saXNCrK$g<;BO-)1!;-(SJWW{CIVCQPV;bb(Z25VezOyHN7!6-8G$f`oMEcSRxuV
zdMguh6pb?paCmU|{-}Go)xA8r`2Ogkd+_${#nI)ZGGU9s_r=oRd_4T_=&E~q@Zrd&
z0nvVaT3PPo?C{{~`0TU;sqiQf(rdfr-XB~Xy>*gcE!R1HOd%kWn0OzNb?@7RkEXkL
zaCmrhdD;E$=<jw(64sxsmiBC!ipn;;evOkPbD@{1cX)Ah^)%3#uN`S%H#~>j>Xpam
zrCG$HpY>)Hi}E}VYr<4PE?0jZgp3F}EuhTYXK@GW?ajSLtI=w-?JQRnBYSR2Giklg
zc>~kU)$?~flDO|IxK;!6A}oTI&=Hrk1kS!hPAEodyC=yDxqxf=ukyjPsV)cnCc+)6
zq?yKQk?z2sN0YApyQ_1P{zWf0S={+D4WHyul2dK+n}{Y2Ny$hz=5ro))lbt9>r;Q?
zhZIZ_tfkwu70b<<9Y%U7d2ESJZ>gWNqLH%7mTvY~)D*+|OQ?Ik`WKU{tchWYzDuOo
znz6Posmz8Gbr;8%Qd_ZKl)B@Ub{yvqr(L{ECf}F`3kQ;sQN;lvO<?s`mn6}=fh;v?
zqSLh#Kt}?xXrM58<j9sk*PSy+>Ww{hq=OpVk7NM%_f4wgv|Gs)hN><mv^_ttz6%@<
zb8svRh_mab@$#FHV3BS2N)FkUt=Vtmkxivif`%TiV<)#=Y8`(zYKeqQPF@z&8IvTO
zlwe_Q27T@ZdYDj-jf@SiSgx*1H*Cw-uaqiMHy*_-X`E_32_PnkoB#<(tWOE$N?657
z0iDI}c0{7~X7l=$aL)kbAZjZxj7gTxc*LR$CzY^qx;U?N4&$8cD9^M9<{YO6PC7M9
zIyGwz>C$d?l&-mKL}#J1`SkJR&B2%|v-*3j4s0vSyQp_znk6PDna!d7UpbRE;F40f
zekJm(vig`=)aPo@hx`UD5eo=4SIt6?P@0wXVIg^OLg^^hdh-;XS)N{d%q^RzMhgfh
zfEkVQ6e78$hdg-@hGzNH7F$+&m|)UKrTONGXLLCo7gobFJpsfa@pUMmGMq6Wgh*&&
zMO(wB*^ihkI$RZiKGTT$JZ2^kD*_gI+IM1FgAxw7oHJB%Ey}7@^SMzI&Vjj#r8|?f
zx?Jh)nbMCg^Dh8Q(vf418@>OUPP)0-k6eo3Z0cY9fR}7=9#Vp-`ed3!!2A7TwyEN&
zRGnto5UiNBe|e9&*%BeC97g!>ug%g4Lp5PXENZUwcp3#$CoeGw#>)n}wlWu8_gVt?
zByJuah@6SlZP%Pc6D)#HW(tf*EI!!`tmeRV#HGnROPs`$m?ocSSE7=IrPQ?zJuB!V
zZvJU{&WR@**eY@a^%<s>6_ZrdroU8bXQQS|eIT*OoMjG0+=xnK^dL{|Go327<`!Sb
z$!4&O-%-`kv6W5y8{+}0(V2lsQE@UwABIIt6QOLvNPds64@1I6jvl3cS{IKOkA00_
zl8}iSVKhnLyI0Eek60hQ#F;{;aKZvQgR4f&q>0IHxXMm*Sh2u(bKLGxN%T5&&6E~r
zL;lT#H;WNb=8;`+bobWo?tn#pm<F_*Jjz^&01ddmU(-4HW2G|c>Iv;9R1EVBneCzZ
zqU&8so=~)QtQ^spUFKi2FD1!^K4be;FLyZ<%e?s;0JmHEnHdD9Ru@>w)RB;)_eEd`
zFb4CQkZ@F<_$VflnY1zqC4xtysu>IU?(UP)&zwB#aDV?v>1Hb#o@k8LtjNXT_N9wF
zO5qYMtVsW(Z(jPxc#4uOmu9DDS4Wo(c`KixjrsR~wc9(bcIp1Fo$a0Wm;1jy$8&e*
z;Uz!SVk^7OLQAgN-<=y7E(#kY5x>zlIAp2Z%}pEby${*F0tqGlP#Z6@1GB|uxqXE#
z-aO>p-`7@t&j(Y39$cIrpT6s0=vKhAt6pRoo$|{*l!k&~hiiD2#oPd}20jVH224E&
z{rAMZhIVPbKs$adC5J;QsY!mV%t@O}6)zaLI5GEO@HDBFhmDEi$myfR*yl7JBqX3}
zEDNVq;Qk(Cj`ZVsg36q3`%3wmc}2?08JCajW4Y<&$Z1CdEL~)V%o7F3J2k`iYDBFM
zpmZeV^K%&9O(Lk?-oZ01HU~s;${7T+GgSo_K_la^%z&+iVl6m*ILyMrA<k1L5@DRd
zQ~X;xI%K_Tmecav8r0-)?tg1HS`9a2qpX}Ai#7$!6mzW{jKb6>zKUr{Y~LE6W$sxn
zvrM+CG0skIL1$k{NqYM&ivp<s_@nqbJME=@>^J^H{jUz|G7e|)=IRFg=0e$T{6`&r
z1DUYVIo>Y<^?myS`Q5NPR{21rKdfrGK4&V_4A<l*)9&u3`*wei7kc!S%?R1$av7X#
zBrHDV_96#T?K4k5+&dKJ+KC*I>0V%1T_`vfW|7P41r|1ISPqJ6CtSn1WhDcem&#=I
zAmRxPrq_?p$-<>SSs#0!4O^a15!RJSax9?EB8+v)nW-}U@5Uc6!X{?}d{TIS%8pez
zm+q<lWoM$vtaND&JHo~Rq4;1{lH)lUjVm;R0{?u=6X+5D`i3NdC>c=GSX#EpahwbN
z_oVwY(-at{A~W+JJlmZaj5o|`4yi!2a?A?6urPb*oPqf#7%g|3>7QZH9DIvow{Xy^
z@^vmfc7ODsO{KT{#~iDvw3yWdUN}}W(`zm>V4qbZbXU>!Ararvi5)qpPu*Tt-^hk_
z`jWSGWxK3vN1H8Gv3<SqN366a4$JIIhS?sx;s;*x?=Ki5dy5~fgoZnsxb#VKjnPj&
z4XCnJv*0C5xx_jw?BPUk4JE+>n%!Jk%s_2}rij4Qf4K1vL(Z?4V=a9z#P9HE=r$7J
z_knIg8=f0@2E7<8L9+{K>Mz~tfZ-D!2}66ruKv?v=)WhwJ5&0PcHlknndSfO(rDZr
zlSDLR96qs)`TpP5*3Rx$$^W~%v$g%j|NA)}#mPD(rR;k(`!O^cdx{V0irMW(-r=#0
zYW#R{Qp+MKmv`jO3e0ptWjBE2PM&EGMV1QYH=P;T(TM0Tus#DFCJs_LL~mjp8XHhY
zi>%Pai=%hPmsdv@-IKG!?~dNq0DIS0_M2XLi>tRq2<kdlOMPQw3Rja!#=F1I`)NY3
z6?Dh7oqyJd+3#B9l!$kA@UDAue0fz(ylIkQ8j%vYin^qt+=HmUQ7o22LP|Z(>$Kr^
z^}CPX99^6qT^(IwWbEbn!QoM%ztbs_=5(=Ib2gE~#$TrM+f99Ra8j*C#(FKFqT_;>
zYF;<8dQB%UVO7`b?B|V|pxaWbs(884)kTdi*V4BMAI)z~2LPj|U4fPS?_?C_%||Q>
zXe42~n%1)?<fVJ>)`8N!XrSh%gUsd8<>m3&X(^!E%nfHCXI$Y`9;PKqXOnWiIMKm&
zg^Rar%04Y#vP^yTG8S>dBH4%fzl+Adi-s8c4RZj-#Qr|CO?^XEW20(9JZqP1io|-E
zH;^^Z$}{oV>T#nk#%=Qw3+W&fA&E>yW5|U(K7U3m?cH$Cie=1$B9hLS7A1A%pMUg{
zUwCHfe?uC^^jXxu#ryv|Q~KZ5m;L|G^W5DvzlJdzb#z)Z7E(2N_D6~=n5W_ECNgjH
z>)O$6Y|s3-SphIau2D1PW@(dJE_rzwR4y90C#W}ytvpsG&&D)KSU_<LD~){E-7>pb
zmuVljx4ayfv!~nqx|U@Cv2Eau<?u^NLVbfhiDSgSQTrR!(6PK!ZK%Eo=uv$`yWk`0
z9(U7$`AQt<$U;0DY$IoxfOQjL`1bTtmBn!CnED$FiIZO~X!`{2dS*XoRLM)h>_W?s
z4sw;#!dt~&cJ`MaBeyo|!;lEG2dP07!vWmFQ2MqU#uYe&vy6KGuJqIbT#d)l&<#5o
z`Z&KT8BJd=mgU>9H~$lp8^f@KE`{e(7jgrZb#W?p&K(f_w^_AtQyAl|q5dCrsCVm+
zm_W{Ln)9>e;UP+8LWxB^veA!Tg}d75{04m9>8jmtQ)o3)bG>p*keNHx+Co0fR;T*D
zJRP=l1{*_=g@dWeRuQ1ueAMNko~LKYD^(V4<Rz!6GP7@2S?CB)fTuFn8Q}7RuOE|e
zQO_KczKmfW7&Qx}1*}%s+SG{HtEn#Nh>s~`vFsT0>u!F`<-_uZUSUXhGJnr{*4M}t
zZ1c+emI>8a3T@7!jg4w9FK_i2)XFRCQVkRU&AEwo_I#@s7<0z%u6KW5Uw*RTX3k3!
z{AA?YK^$8VhdBldflNC8F?#21?@<?D#K2fDb5^X9yp7I2V90kefqE~bG+@!74(lj~
zp+2rpqqPC+^p^^3^XeN}&z+Wz6$)2mpjxz2UT1MeN$=v6)kd^UP~4<|YKEd65G>kA
zY}tCVZt$G(-9?f)s9CaBVP1qK$)F4(4&C1UyZCp}!M+vyQ3RuhG{?b$REt6mb`=)!
zk~sxuFQqrRfh}{jU$t6~;G2@sX@F*o1Q|4hU+reFS&ARn0ejawCZ)ICc-?xAZe(X6
zVr$eFJA<uMcgDSH{-Hg}a)rA+dewTp_4FQDV$JFiwo=_A_fGxl9(~L<r?T^&Ji;@6
zLh^VKrqesU?mF}wo5PFug|WqKGqr<h!m>ln`H|))?9nYJ^I3m7$ApgOwHK_zIud2F
zQDb<xgrssvBWd%y>cTvMh%Z#f3XcC=P~~rxtU{lA{&h&iR1C5zRvw`l;mU=ftp=8B
zuB*~QFKT;p>$vFe;|7HueGO~_dC7)_4#Grw_3YCO1v*D#=03s#ERctt2nEyNa>zI=
zQvkb&kE~EJGREBgWyAh@6Yz)Bzh=>(W|%HNE@;x&3A~Bm7o}6S7xPlJ&)Q;%ByhJ<
z+OVF{&^Gs*lIgqK8ynExs1`=Egs$n;T$&UKvX)&~VjLh3lcz-&v#D9KO_x$T>n=o^
z)T?@Me_vcQ3Ipq2-qWZZ%QaEFr>8fueEZlwY7cTrr>?t=)Mt!~fp9g6X{ld-w5zZ3
zndSd2o@RYo8}t3Yn_Ih^J7xdx?(P@=?`L^RTORsc>7hNOT+0u-LcSxoc#i8Gk!+uL
zi5*(7SK-z4Moj#mmOwk$=G8G?wX8y-u`y{tN=KIJ=3rC8B<5Qzl(BdBt74WmxmILv
z{8@Q{xnFuj4Dq+15<GJktG;X&4$n@%J$~0cKe&3|{r2pldwhC)wXd4WEV?F@e(CUe
z9qP>?AJNk5M!D2_g%;VE&JK!di%!gGjKfyGN=+AUWTo?!Ya=7r=sI8tcrmQrRrSq`
zR1D5x{-&EgY*w{ww|P-i$Ba#6*f4PxcJO~mnOxt1JEPxTvoHkj>geJF)K~o>3j^IB
z)3QuRj8))&`FMN<s+|6y2Di`|L8Vt*-0Tg9@Reax76$vPFYw0=VKQ%UX^6->3&B~E
z*~nAmNz5^n#<OyN@dRw9F?8ks@B?`LENMnF%g_a1eO367<=29re)^MIup>iQ%jna2
z!uD6!eJ3GD4trxp)jSVaxoXz>hS}7u&A{Ki6`|sWgBi%bJ3D)Ka@0LIKR-Fvxz@Ue
z7e{Z8POpv+PA>QB%YxTKLc{rZRb9RCoQPGyx0nfP8km7%mPfrb{H2uYWpqnp`R?%2
z^1<=j@>mwy*~kE_0Orl|XqIq%q{Dr&QBaLyHfqe0zRn_(T^)WFT$_tn#4XO0y-u+_
zCUyKV+L(>*`Ni?~2Ukai`7A0Gs5?~H*vR4s7O-VS=JpbSr;@nOoo5IC<KxAVBJtVB
zQ=Ld~YO+nWSUKy8fT|{K8Lve%aAqor86DC=co&+vug<<ZIxV9x6XKGn%xgW5a-7$6
zMQbZ?VVy&H!W4_g3n+<r>p}7ID@01zFbVB)19+zv^>W3-6Mn*CnKv`FmQ<Es+|;Ec
zi7a=7-clbNXAq{a{n1^h3kL<u(VFYZ5)(rjhILq9pB+~C8%TbMSw!?X292iYrGh5=
z#r&c_mX|zR*4(b?>Fi`Yne106P_^vFK~zPo7AJ<O4ERmdwGP|;Lg-let5rsMWV8Mh
z$~*5fwUzqU-Rw&HVrliw=7g~oLO$q*bWBaz%rs?DpXVlN$Ok7_sGwm_1<Hkd@GVb9
zM7q%X`b`0qykG@DhukIjHpQIvRoGTA=TFyaM*C3jIBnTVvG%=AX)+b<2;{@JBC_B0
zi*6tyeSv0W$z>q>Jc@LBzYpa0U_hM_Ht)M5a@#c*a2AKUTyb7|&!W}-U=+o!Rut`Z
zqV{cpg_jGc%l0-J`GlGty%r`oZFQCgTk^~|AivI(1Y?>=CaBv$b>L^G^!ohl;;KsT
z)p6UikGAI%-yTob5<nSZbB^GnY{KAIWeH)>>!uB{bXu>F?j;k^8i;HVk+3@?Q4rF^
zu};+51uwu0px%rV?l)I0%x=trI+V37v;zudikgTP^TxmdYu~ID+h5bR&hhD$UIsoK
z{P%7a5`S=Yb@bu<>T-Xpl`nXL%4Qm62k5!P#85PVen<vFC#0U?yhj)pA5Xg<Pp=N%
zy*qkaw1PcFH!n4}QSNJ=ug@@Xvp9U`0?YbzEWYzKw_lA~dUEvr(McHvqm`oU-A`!0
zn_V)w1TJ~mX-u+j8jq!=f_s8tN)!}{S=BrJP7m1hS%>V))DeSet5TVb3|IuK>w^9Q
zZK$u_RkF){edA9MaLa^Bjjp>J8$hI*f)ZBm*gfz*%!Fe=6!Z_PaphTHW^bqEBZF?F
z=|Rck`mGj$_h~r-zEIMMk0`ZY&_$L*sdz_h1#-m#MKsMfE4iyME>(Xh?hj(h{9KKN
zvU=z8rrYG|oy(!iAu~^^Tas9@ZqmY3dY@d$Uv9V@byH~SoXFw)<|;;@P<4JkJuk8g
zCefE?e^oOdT?ub}Ky##jLgko*`>X%0=B_KNcl!N3>_cm6Dd{DYT-*5?nhH#noi#P5
zKsY8vZd3q>kkS}-@K=DTP>nL|g=|dcJ5hNGF^g%Ru+T0)Ru8s14im6tuYZ1NHv+kd
zSk=gVe{^yD?ccjs#~+T)K3?sw-nBd4>Rs_|$J??}4o#|NDiXvf9wanY_GG>Bb;Sx_
z2lxv#13GR-X&5SVzOt^#YxH$xrA3CBK8G8E9;te%%9;XVv$7>n`+3}c$G{^Sz~
zyt@MLb#?AvvEpYP^F7@#L7~q=sa`1ozgjr*r_Egru&d(-_gB{~@#|$W-q)cD6^rfW
zU%qN@z;D0VE?E{`$%YfV@ACljQ?<9Zw9lrOib;>(>WjqMo7?)W&l8$TX712qeOO;N
zfMI_hD{o+9#n+qL>UELkxInE{VZNp`gAt1`qd{+y2No%{hoJozrb5kD#iVIM>+qMa
zHr=so<=(&?k-tD|8Vgl=^-h<#FK~e7qhF4o&IGIzHF18!+&dd}`17CtTwlE_jF46?
zp3mTz?d-0azOEZ4QY=!f)Zf?3&KN-h@ECX$>Y`a)sku7i{h&T;Pr==HD7!xo&W|;m
zeVc`B_0BnfsJ<N^9(CWJU0!uOCj*(?a~5O&zEfF6nJ67^dwa{3`d@to=DTsV?Kj6H
zX(nluxtfZ}oXr-q&HPh<l%0+=-YP|B7xsNK+m+iW)^vSb)3r>9Mxn;x!Qs(`lAPtj
zK56(#39%t10ZsPnN<-iY`_<fQ_zfiqO<?s7o45KeSc-hSIN4vl%Le4WNn+L<xARVj
z=IUM6=X*;U(OlXVEghW8v|4~65!MLZx3?zZ3Oi&Wg&!0TJ4Np6U?Ycqa<ts6C&%ZC
zwrLW=|M$QBAD&<#EexGn>3!nUL=j&T_P+F4QxKcQzwYbB0{<P}9bM%^_wnN79yb4y
zFDP!|-?Z>ptFyS?S+hSq4r@QOyw^Ydc-MZp_2d1Ijb(o+5DF{s+8ed39g_n4M!ZCu
zFuUA>3CONggkCC9Y^oAjG$5X@E6`8PHtWm&hohqHnWm+mO0?EHb@2L|@EhEcWFQ>6
z81b}U&ziBl>v*dfzvPp_=xW}t3T;PFW}gchmtDE+K6N29#wN3d1LIy%q@Pfk4@lhs
zG;0b#NrQu;04-NF*N|p4myzg?5aHnZI0Bt`->#N3_EBf9RIZ`+EXQOwbU0jf&`@Mb
zZ5Yk}v#vnTwf;PI^?B&p^MIA-q3g~czUru1qxjO9ZKdT#eVwt^80^&$|3gYi%jNT>
z<dnd3x^+M8?JUYV+r&JvRuo(Xv6Yd(AhG7jD}`0Fh~vXVmJwLi2CnuwR7;C&vtt2z
zcXx~6EQ@jx!R6auZc>zvAT%C>m+SS<e^l;#D%tNiXX1n&WkoKrgmYl4UeDe9+a|eh
zmf)lqY@c88u>tq@cXxK1VETJ;=OD-UGsgeTivP?{3_Lvmbiw)mz1{Y1DgJY>-TD&$
z`B@$}{*%P9Xl6m6Z}a<IzC?k}j{>#QXMT>I@_mN+7BGO#vNI!>50st5CHHsb9gVuA
zlgG4^!6`|k>guIrJ_QW)?KMR;*;Q|cF)<47y6!~9!3UI@HmoDb?t63n<+iZfyeU3r
zifP|7A$c-6VIw9Bd9T_n2g-C=>%qz|*Pgmq`!O7-P(&wWw&2QyNIEbHl<Y6Pw`|5>
zE}h*wdZ2LekVY^pp!=99^QdXF<kWe<^nvL;o$PwZ^1hFZLs&1da8`JuK+#v_x`pkP
zsks3*BuAv9e4D618FR#TwPDZDH@+c);$BX@bZVlmaS=nZxw9+MQN{k1bL4#1L9eP~
zS2GeL6o%CFBD?5r**@62u$Jk;{7tzT;Xi;WE$qdRXi)kIiD?Jcl-j*EqmVY&X9WtC
zgykFr=L_lL?Wo1NONr@<maVXKNK`&MIPdm6XZv*iC3_BS=3X9{ft#XGIj&0IfUj?O
z$V(Mo7jvmqSD0!?6i*ct<l*e23YF8^Zp1Jiy-SEs&+(SwOTG11KyGfynKYQb`!g$9
zaouLYo+wwG;*<)yl#?gSlgd@;EF2M?-=Juj&wIG`rXM_VKd+w2r7&ITJPpHh9x{J2
zD=lTISk-)5f?dQ+UTL?cL{xPjDh_4OT}m7#Nd>)P5i1B_=gf2}k|w6}LnotT5!0uo
z)xVkF5q~(L3C=<5pNf*jvAwHWQUHT=)bm)x<dYhjE8Q#3l)I%v=l<-e(W<IDZ^TNN
z&}iIQW<;k_*fw&D`&ALyF^#AY=Lzr8j_XNxPQg!8dlp6WKnC^2Vf$@II`AGfAvjh9
z{f4(}dTsa(M&uUSN;&$;X<UsbBjH;bl8GzeEcD%6=Ph)oQBl$DJ=p#0DxmXGE<lN=
zL~n&QUc@Y}mccmbQ;fK~8YWZ>c^DJ{&VX00R0L@@<Eue#%>Y@hR0LU$s4i4pa>aoM
zEn|;vqGBQ?lmzS%j9&<4slO}-vOJP$i`e`_acv2;r?YJd;Ir^;3FbV;#k=_P@pV%g
zS7_JO+6%Zk#`#?B{DDz~%Lcr=s24Z)=A!uMAa$2(5-z#V!wy^>p3hsW3U@SDn18dV
zP)r=xC`W-l%uckoqA#`^Eji<a|BO+|_HJaS@9yQ%<*!vCj0Pl?zE?bRQw?(A>E<cO
z`O-TBWJQ7UK@XZpahd1RtH591KjL9YryVux&Z2PAfzmejgZk7&u+0bPUxmBEb;|OR
zmQ^TGt@u=~34*7IPerE!WcD$K=W1*A7Vwh2Vf3&vub>0)Elb>WW<&#)jyh2PfVcbC
zYs>P`1AzU5PQJxcFZ<$lG8-*$p1Zl%`j)y^lxzwS{iz5NV6pRm0pJR5bCCW0oMBJv
z)XeUvhe<jT(=b(gc=`Cu^Qje80AiFD52;gZW=Y7?#paAm@g4+`Uno{h-J)mP%81>C
ztgy%zHB&&(70=USp65#~s4FwUPai0qz35~+yKaMza=BE>`nh7>k;uC<u`hwGx+YH7
zD}Sk43#MvMFER6*C;h(C@h6Ud)4Zu_E-U@eW+ab!$On_lSS{6uJW`X2MQ(Rz7O6sH
zHoS*omZXugVJcjU<u9GmF_L1n2OY|dct9`B##i2;`?jjng<20EfsiI;kGk`+n#y^d
zhqgE5LLP*S2<o)wysT=^t@D`niYLbGn=0p5x%Ay1d70R(_z%1g#v74{^{FtsL62=?
z!Tn#YcB_>CYqQmAf4Tqbvpmxm9jSpo>nS}`-*)7AHFFX=+jHHpsdxVoZ#4PxJmi@*
z|A#SohRlEZSup?Go4f5&{MXL*&hD4_|2dxWN){96j)p@L6TEPoQPDU!KQ@tKqVb-X
zJ!|2UkVS*$coUs+g=n(E=VAi;hXC$TNftrJGBtN|Y<}6cdoz;`cYDth_A8Gh3D0?O
zU~16h^Toc|C;@EuiX;Onv#Y79qVxb0*Oemm9%XQhSajirUrl?fl{9clnQG*AnQD0{
zQ%yUDD|IkcUVknn)yQMN{^$wwFZRrm|126LREW}<na3>&3*`T1Yj?Y(|FyTa_rA#g
z&+!;hpXcBz91+-P7(Uo=gScF26j5pNYc;N4VVqVLKzyvLK1hNtJSO8AgcjZUXo|Vl
z_`}liu!})06B}#lRon2@P54DmK$3>mvFo8px%9=AXoE`WIHF=AhXqHaXMBRqf?rO(
zyPCwb13F22;bV{Z*E9;s?oKmGkMXQ7Iuuogh(UlA4o;oO{Q+%FpEWUqsH6JC-w!^V
z*jS>@{_ObP%3+i?W>tm`lNme9c1w?FVG}kBDs-D)cDQrgM1>o(?Dm}NA}oZNPhVyE
zN6V})&+|RA*8hZu)a$V*P?G(LhTtOmZ>POoKL4}1+xoKpe~zc@kuF^+<}UU4jkw2X
zr<VLusyzgzuQUD|3+MsHxWN6ry$|_<hx8lGWA(c`YrECUueH>9k|Fj_daNivW4M5(
z-h<7}f^b)}-58rBX73W7#&gEIW)06r40m~)odJIEu!>Z>DLXaKAXJQYUsB(k5kl<{
zb7~arecJVZ{0lx7JoDuLb2$JP*?;Z!UfKV*yYof<f0pMDm;ZAF!WW7EJ4$?QT2>9e
zbMi(X$#89dFIyl)2Yy(KvB26-H8*Yy-v{<Y1{PsdV4*QhdZL4N#}8|%poN-<b!F69
zHClyw)eb|*z1hV>`Unz<Fx{(qz0{w(J6I2ykWl}+u5*(ARd92T%JgV<k-Nf;W~JS>
zIcO+|*=?>GbbSLFS&1?tC45U&6;^rl-keTU)x*!#z4~Xk<Lb*Z`<b==yQe^(+QuUL
zuia{u@BiA`{<8n~S)QkzLoTZbnIfP=!XD`QErePA7f2f+(a(AolV4Jr-6S?M_;c3z
z$ywv|8}xR!Y2+6P<wk(chd3L`7lHq;^URk2+81w<y#1c>Uz@G%a{R~M-rmj^`Tsc{
zHJ6)T!`0c_vkqL)5g$`XXrCrD@~HsH;ghSYeuA%??tRAGy`I)}rC1|!y>JbXV_mMR
zh2mI1okf_lxIQ1y#s<K=<)+~GahIKih`QT)1w@PGmP@Qtom^r>lR^mnv$S84kphGC
zbh8_HLCO3CLN=Ms^Ek==RafbS3^Wx7Ul_%z82jnydY5~A9{EH*Uu(tVoijZGUo5)+
ziqE3;|1-q@Y)!|1x3{)7zpVeC<9V***z=a<CpdDwsbk#__jt~X5qgH$pk-r%{z=!q
zEGD&(DDUCuFT_Th!gqI1OSb)<k|3l)Xb-HtyUT1g9G}-84cX<Try%I2Vy`b|&|;8J
z=u|#FUpf?QUf#%JJ-2~NbQE7Gg+xp@?|xl!rpyFBf7(=G|12z`A^Mg#I&i8J#upmQ
z(qwoQ2_NEz<&!8!oY}b{G1U8+l2gnb-z+({DQthwVWo1FF9BiyV$TBo?{oP7x3;&+
z@n5@JJ74s_&+^<&U)F4g-tPL&O6R%A8}n$jub{zw77s(oQ?k6aRjQcjIa6v*sbH>q
zRjFR{Z*8{Y6PB__S1iDVf>R6aBHcjOex#N>UHJj|q|0EkWqNAWF05ST!n0f*GuyFi
z^zpgrtMg)EU){=!m71ynEhu<PD1DXH9^C22t9_2g(`P~A=FwdaxD9&8+Vc^g*2(Uc
z$Ts|l#AdmYS?-I{BApw37N}9Wj%{s@B2~~O=cP|8X^P8rXsIb41We6Q5-Q+My7gJJ
zx>P>r_RWe$A8kB7PPk^KWaaQVH+ndBVa4X=e-X8If&Mq*5tICpen0yx(EqkKcXp=s
z|8~FRfA}m<h5l#diD7{ch6NU>gR|5}Z|MW&hS^v&X!ty#Tr_+>YL46WDOGb;$)W;k
zF#n>5{yuu>3_b}<cQ#b4BlBx6qo)=Q;mrUyS8*+%wUlZ~qX3g+TYu2Qmf>ZohmM^w
z32iO=yRxYTb>}B7ngK-kLz*8P)W4Q#+|+weDykWvWGD^`_qb;-IuGWl99BNYyHCPS
zzrLWztt=X3tUmRjfNjN{B}+HppuSP`^*tE-*txG>pZ{Gvv~Hb8HJVHlE15y2r6`nC
z(`Ff~b_T?sc@M9T(RJ*vWr$O(S!g<2GA^g@88Wf%?#bUpYsz!pRy38&`O!<w0~VVH
zEH_{L%%AD0%t_qrB_#5P4KuQh$pHW`|IgEWz>DI)cc=ZodtdT@e4dB+nIq3rLLeH@
zkPo_eCy13R!sp7Qj_8for$nZS&2p_v!N)itlEOPCPe>2+<tZ@Mx;jV>V|TJ2#IaH1
zLEp{k!A-(smOY}+LfU~tC2i2^wDO5Zk}BoPT-XeytVkvy5@cB?s<T9oZFv_Z2cH~t
z{C!o?BKEd)K=qBHSiC@ntjIN;-0&nQq<a`J>HPAU^Fv>dlD(M9@$7-U7}{LDpzI&h
zWu6S0D6K_vR@(IWl^4|txGx$`RU<sIlFV0hsAwaNLrwzG^qOKKBpo$PLhB|O6G@Wh
z=1%L?)|P?S4f%jK;%Jb;9T8T((J1%u8L}Toe#6NRLPvy!9S~`()bckuE}HXvJ{mFU
zvYzO`4>|MMi!4S|2wb)dt7D0oES_@++SRF`!J{U}=a~Q1@;?&<PZj<6ERz3wn^Wh1
zTJ10Ae?H4&yrEqq<GCEtq!wA_)Dig|IHfmWeu!FrDVNu0w|L+Oe?gz!;%9vOO*+V4
z;OwOliG13D5BZP$P)fjrOjs|ikfY#!s{sVuPe(M8<~H}Y?oYFfsW!1Y9XM0}%U<&&
zph>6Z6&5tF(4U$I`d<g>npcHq%`4(k^9&8qLg}KGj`GTLd_vWbvW2#~8MnF}laBSo
z*D6=(VkO(bylkn<ZejGIcY5g{FFmW!s4$kMaFKA8xYKB;KAXIS3(<G^r<2e=QMS-B
z4HhcKELMi2=HLg_yy3}pKjb&dR4lSYR-yP>AEg&V7I$r34-WZglwz85rSW9LFRoeK
z&DFEKy!zl}A8HR?Gpgl39$0uT^?#xK-`?9S%m3Z>m;1jz%Tv(*|3MUSoqf7-N^j){
z7V)HUDH9eAPPtA=2lw}0k4jRhtoK4n1Li1=Uv%^T>bm(79A;T+34J|dus?d{KF?Eq
zCza2hMe#S!eEHwr+TPwR$^Y%`y)XHHKFhOGcxo$f$Rn*%3RtO?zSbJ7@1btsCG?k+
z3h7yWssmrm{8j^C{SK@i9(T`=&yP-yPmj8nXCE&Pk6?cv>R733Ds}0YMzXG(GRBFg
z-I2P9;yVL+O~F1q`|#oTs{75w!Rg_91zEj(d-UzW#}oT@O~VzE^g@Lv3WWmr%1=%Q
zOd}UZ-*!(AJ{-aR|Agj`2S2pD*FXJ-Xa1*Q{P=5Aw`O5UGSF=}FDmfAI(Uar|JShw
z_hX~@|8+0%^<NwRZM6wseWeL|arW1v!>jJcixVX3!<V4CC5|-;rtq%%@&|RmqB655
zE=ylvejSIKYc-v7r(>9@<L27+;Lm^Vz}NG*IWIEBjrpfpoRpU+lF_MIMQ4k$-E9fz
zn1(!7=EMy2r*H$f8B)yItdCMH(NkMxM52_0Q%I;abGg>bH8pi+)O{FXN&@WMU|$kn
zwVE^7=00<iWMk5pt84XA76u+x5gofgBHNiyJ%!4Uh9hsQu~!3-WMDd!1FO}>Bw?!0
z`03s8Rrm1Z?DVL6esJ|(i<WOb9-q9u?7ls|n9}kNPR^CkJpOR-?nuqA4!BQ!tI>W{
zuK~P2I{DE3czS$wb#!^vJwN&Q?)bF({n5qc@!4qy>aE6BV_TK`?)da={=WRw$F0U@
ztI@)eAHO*|ygHdtxIS(-Hun_Fnvh7Ing@~!S@Z0!V9kS=3u#BJRtuSCSb8gI6c{=c
zr=v2M^)4a8Qs%SL;B`?&XHY<(QL8CSxvL6^63A+x8JG-E9Hs*n0gHqrVd(0`!&LJF
zj;m@%HB<bh*ake$Du=6g^XPx?HftfMK493!Kxb~jzAUCrft3K>o*jO7bkTi(c6rr-
zy7c2tvw5BNXcAFLMQ3wsZ>L#zOJ1E^b`Os(uHGJBbf8}N^!DQT`=g5v@G(t7GTFp$
z$ER0E?=B9mj?YfJ*vIp;x7~}QlcR&nqwdMUH%BKOJKp=NZsCiMr>933xKd6Js^0ZA
zebk0R!2N5QbT(U!cB|3e^#T?JI)*A_M06nURX&N!b+qNyqkW#xuFE+jzSbA4dlC2W
zrb^&3jf4onPm>UOL=5pSFQ8+rfp0VjbE$h56X!I<5bCRUS7+ZHop!JOetvXc&wk@^
zMwio8;8<T|&3>gg^KAIKwsKU<-U$c1Q#<573Grra)l*;Q94RDE$bdEmoDV`uVx~jh
za)Q_y*0ld$y(>-LdjuS^D7|fxQLww6HS*P0;15SUfd9CifyaDYSrlZ5svix(2ErzX
z3_^v9BXRDrjE9JLh{#+7Gz;hquV9jg7z%>t=_?oaSJ&g4V54cr3LDU$tnb1A7*L5^
zq(A<qOg)dnnrOBf_@6`3=3ou};uOvy(OV45M*5zeetZ1RwqI4)64{7}!aLIsk41f+
zbDZZxz0VWqGGGzhwHl4x*8QI#;8{H{%EFjchs;zmxq7ls9>-|~e}QH|$IU1WL)iSw
zS8YY^UP8(BpFo6^#?V&4BU*n53aZ_R2UPqvNN5b+4O~zXOdiyjni@v%qEsg+6RkW|
zLYa~Pcpu_~dPYXm0C+?dRu5mjwaCbM+45{cZW>zTr-CNN!<9*Y{m+Q7DC4gIm1e<*
z-;iL~nTs?+;U*k9-e&T{5%crqhx+sTgOiU(-M=4vIO%?Sd~$?Bh4dv&3KH!vC}4ho
z7vS}wng!t}H30OMNoYNscjxq>>xYy?Y23ihSE)Rnmdv%9Qw!+>B$Y!NN#>h(n2c;{
z)hn-y(+l5>rKST;RZms*9P{Mz{n>^3_rNQn;oORw4@?JdqjE~s^8y`MJ@|O_{^<1T
z_)z13udzUB{5nu?H1*96NZfh_QSiEOlchA!_gFt0J?hI51RM7PmehYoGFV>98nYBJ
z3m23un<`bP!U)Rs3#)2Y=#4S)ugQQyLrtedvOe+c4IIw>C|=QL{dGeQe#H;;Hf9O!
zvZw=lYEdF#$ZxuR!b032#rxm0ZdluB9{$FSJ%xB_TranjS=<4!)oC_Y?=H8x-+Vm$
z?&#_s|5g@+)-ErO&d+p7E7{z_4YAcABl0Vc$PH=_h1v@=rFf#uLLK?c;!I&CH^L7Y
zzFt$E>8h1%e|24H#@h4Vqu_ZVj|T7?;A)#dT{O`(@MELs4Dg!G`o@|8ro?tvvJu^1
zT}Qv}fBd_!A9FbC**<~=h<@CS=8tV}^)3f;uYOtl?wfV+n6tGp1=ihBXnftQ+F)1+
zBTL1kvlVyXxPQv!c|rw^<n-5r@P<r;hU!QP4R&-LumrpqbZUpD9;F)rVhj8ja3DWk
zoZL5A6wq5O_)Ssg&2PVH7FCtk{lJv?Q)y~6nj86qNodS5ukx)a4W4!uRDkz9wWhA#
zSuVVHu@sZYw;(cf!Sjf3G4&Ekw5GR4{UL|?70=jAp&^*$$pn%#>NvP5HZ9Cn?Z<bp
zQ0re_KE+Lf`dU6ub5F#)nW{@w%~fNDkT7Nu?X2FFZS^H4mr_O?4ck)^#k*m0==FGz
z?=*pDT{Lihc6sH#@AG5?bzH&rm1zI#**97Y*QZJ)w7)+h#sDb+$mGrshwl$Au5k7E
zY2S6vsW;Owor=~hyg2$+*DQHVoyrw1J`%I$c-!thiRR|3-PZ0-yD1Yk7|^7dxu(jl
zX{AbH+;WB6+C(&)m<4mhEe}~~zNImZ0vh=f@6snx#G*lQBjjIXuczuM?f<BW!Uhpf
z=rgvlVE@0hGj;##cKgfyKcDAWfpa1yO(M+osfQkYzJQA-iw1UO5RKXjTn(A9JGKJE
zkcJ@)Lf+HI5m+>Mi6=WG8&lM%ocAOOYAX=Yf!2A~W8BQAfj-OiVxs|PQ8+>4F4ibP
zOcPMEy-{ntz3g5}o>1JO8jW}a-ydEoJz3P$Ty5gN8vR<M_iNI`f9;FmpsD_`KgBp|
z=74&{zfNPl!(98iA#UQ@*Nq;zu6^B*qqz3<|E#UR_atFF6>$9aNYoleJk=U3pronG
zCH&`FtwL|K>TV4!!{$GlC@IeW!}kZL?~YE+-Ze(S^R+R5{_k$?mGA#-Z|&}UIsf}v
zo|P3Cw;FrxMhn(ATbtWnyY01iHgJ6{Mts)1#ex3qy~b{%r7P#LpE{ZnV~L^x)khlR
zgi4wK??W-epLI20s09&2_~FI&>z$w0AHJX2^qPg8WzpPzy|V%9C+Rg2aG`|Ln<N$Z
zQ~lbgdGIZ}wfKO+$K2`Y9v(%UUOg91uQp))0~@3?giGQlOvwNIKO=Y}sif^aGZ1dL
zY(5UzY}KwI7^R_PaftHMA5w+qPOJ4ic<!`Xia;hqv@Wa<jX^+T(O_1!2BWGWk@lX8
zNP8Pjx6e+mE{?zXcy)ZL<P^s2oE#q>on9VckK51H<2F(s=SQotmCq0J;c@e0r?KTg
z-Lz0!-saYmpl({IyRV-O>UIHY``MtjGpMg}x;_!=R!-O5SI<U)Er$Yo&xY%!gX`Y2
z;kxPIy8CQU+YZ#7XQM#Np}=-y`&ppwHrnmRb_RCqnHY8#_Z2g+o6khq-Nx&jvU@ET
z+4id^NrJWmwdFwFdlJ-E&4Ys=fS3m+PlH~^d8qYyCGIz$OWbd6!20o+MDQJvAtQ-D
zOt0b1@pb;o^rd*R!=Pv`9=CQ1^mzg%hcW29mWb^$t&H2RTN|+caWtY54%wK&n^gVn
zvoYInq^BK;)@!f*`bpBWO21OwrqLM2BoV;+=DKHK0^)>^SwI8T<yWttsmrfkYh_?e
z6A5xiLB|YtSpWkX(IjJuSI?y;y?TWjfS^ENq-<1dhxtI_IN`(}D*7CpA736_e1CKS
zJ_$qA(_TH73i4`i1J?fs34SI4T+m+$gEzn8ucTT>JHqrg(3@o2v5HQg(nxPx(nJrh
z_@qWCriq-OB4dw;0FwfGbV$aGBfD-tlUlRA-JUgfk~ETRM6(O)apLG`cZHIs=X2@e
zuaqu+&bUnAf{R~?ocPxa-URe^n<ic=XtLp~=T<tlUU{2O(Z05{bo{S4dvap7a$>fg
zB8s-MMZuM{al(7l3+b4KAZapUk?zkRAwGqeCX8!xZa-J&wl`osCJ`6#2LI=IioWkO
zDJ^w@1=_D=_7qq&DD_Sb6P^x+I3n+9I5H;*et5Cnel8)Bt-%HMyCe~l>{n_{PHTZ4
zpDW_xQl{wjTms-#yINv>z<r$_@vlK?WiQpgJNWM|iYBG3W~L>J@W=<~@J_^U_qp)f
zbu7&#rsZ>K9j}zu@z<0@@K-MW^Z$a2l>G`9d_)rtZ+`xnOETPW)b>my?RlHKPg2|4
zj@tfQP}>gFolIqYD%6%^3~Xn{z|)|j+V0vztsLx=G~rDYPanuNg^-PDM1?q4vI&_v
zp(J4WD;@ZfCb(w5*nYKDA=m=e$9u7|cq=^rD)3v$iS=T8Z+E6n=)tjev#Z6HrxJLi
zP-p!Ko_SK(DUeDG74d$ty|V}FS3^D`0s;!}5*jh8mS{L3lBWs0k@#^CdK~kzR!N(0
z*)77hdWa{7)JzKFd{gMZhV{SFgpMZgK8@rJPp;w3&qMQPwfx9#56f>N)S*2v73=b1
zdvDKSB!@j)kGE2gkv5+dwH<dpww^X~+*zKn_^!9vdeSU+SiDdDi62tnvG!6Hc$!5x
z=(#qhI=ThxA4uZU5RRBX3~2&yM)<q^s<pXcra(Xg<`YSS(k*K_d?enB?e-3=e@l9d
zL~!X3Bgz5=uupm-@n<n&LgSG6MCgzQz!+QP{)mODlgM}^6kP8TUC|^Vxa0g{d+!yj
zUy|M=`E^JlxSB+h9+}WFyb<=L<1@s|jCo%lHbCDp1rn$gL~=bFdc=o>hp3^97|vz^
zMBpA&;oP=rx((~cVnk>N=UkA0z*WL~9Nw@Pf6C{bAUip~>^#-&(yGMltu;}&-jrAD
z;sl{6bXqfv27kyCOeLUISscM*n}|@4Dyq23o*=^VA?gm6tfHYB*o5^D%pal~Jd!jF
zIlLL+i-s^SHXNDJ&PmdGqR*)9fXyhq{glNA!B#29K93@bN3Odga@!>X3NcB@2scAs
zZ129Rd2pWam<&`4HZhu=aoQ+L_{a<nyx7{^!#ONj1ZRPe$^ZMmv+zIv?`xdMl0^-!
zUivI#*R!UeU1PN3j#!#5o%2B9wClLkGV*MBo10H_sa3f#%nVT+vSvlY8uS?r1Kn@+
z1%r8P7>B(r9}n&JChGr4$URs;2<a^o@C{e9nI;t85Pb7`Z+pXW=e6@LJ;AZR+jw1Y
z5@v+je9Cs3f~wf)%Jx?E9|Mj+;F)+;45JVs73$}wySs*tNy}3S-QR!8uk=*3+16qo
zzTsgwBq56FQ+|Qz1+CN{av?EzT(2go+E$ria%rvA2cd;@whbl8K&XnFuzrvvB!a(@
z@LDxSe!juKHY#Qay_E?8jt8^_s%n`D@M3$X4eN&_q&;{~B0-V>-uUWgW2k>t@%SN+
z(9pKmB-#}R`KcdrB6qhj_90S#yx88|$r-VqMmSk*ihw-q+*Ou#+om7p^f**snWh*w
zM(*5s4eQ^AJW)&KH#G5wl7|7j>FZaGo_)3PC`=TKbuh$C#-S=_>?YHEHgjHV@2C|!
zp#eJ5KG1}w@TPBmH%98W-4u;*VKT;iG%y2RKqBNkRxn$3yO)hdG+;#15T~VG>+Pao
z8MmeIZozu6MS|WAywU%ERKrzE+wn*li&SY67|p`_sAZ!+>&5ogYgqq|hd&cIN&TUO
zH`lG7$#pIs+PQAJ`4nf#ZsXNFfw%PN=6JOoyq+Rps_}XZ=?!9;<ZD00(VZcNQ0+#>
zme<~ViUV-Bu~*sM?<kFxxYBweO0;Pu?Zx)a=7Y-4*r71unkHUA`z)e?tCb@hI$*}G
zL|N+DndACmUu<vY#^7a4iL(BL`oGU3bZKN<ykmESx4d@S+k6VQ?B<Kyj@=Q~P+L{9
z_d&EWKwCM`Cu~{mVjv2NWmNKG9`eEDGFEo~A&(RaOp#FwqZiv-n@SJ}IU(?OGJrSN
zB$0fOka+ldmg3~DTA!Rd^FLv%8^j5wGEkZ^PM?6r3Dt%ajm9kD5e|43Ijg;sdKo8C
zcJqvt-k1)GhssF9#Y(M@s$A7sn!?d3A`qm~9CT-uZqJBTqh4%pzFx#d8M(CqsVxOm
z7O%7e<C6M33ec?DQt0B37u(yfGH&N%nj{S6FKRChdv;6JNwf?UArV7WZ4cJJqe_uD
z91_7Jcyq0OHGKS4u;~hltK`{;RMO<d_V#YI-&2{-F%N7!@F9;Ry_HtSjx%-K=Sf0+
z8BP?e*RcLQyOunG6Ba2Y`#=Am5gZIdA!#7t%^1IhB%g$@+)0?3ECsH5G@bJ{vMJf}
zHn-=r@krvCR$5LgkN02fI@`)(n96|PL|y9?>xX23Q)>|No}LCexu4GF{$hJ;N2#&5
zYy?-tPvOl-5<ji#u>y}4y;{SRnU51KpuKc3Q19$PWYx*dg@(O?_j4+=wQH9|)W{{*
z(XQGKHqH?mRI%2J?X7KCe@_w;2JkkGu4xEwh5`Penz$?~#I7I^#&4mfuxp~zX#BlW
zlJVW2fQ&f{GTAfcVLGB(oz{Qr<7Rr1iFl;!BB`a7Zsf)G=I&y_P~}|pWlF+u;+T^J
z-8ha4@nXBR4eNa-u7^}ecw_%kAeC6cT!YrAXqXYt^wxw%N<)nX@M7!LZZ-|i5-Nt*
zEP^*e((BFF)jk;9>WhbTL=zHv=2SJ%TQZ76bE?!N^lI3h0pl;WuR}IsNTBVloXdL&
zP7_s<r!qh(AF}8g9Ui!uq+{iZPL-`!bG6T%J$E`k!Tq@FMn~=J=7Q+SP&XZ@7T4D6
zr@2nH935jf6E#oU`Q3H5S$1}EsC!Qg4RWAv=TLW_hN}}DwX>CtR%_R5J%z3<>l`mx
zAZQ)ygGfeRh-@$PyX-W4w)<v1gJ77rwOjMxN(llMfjxp=q2{5zZGgPkZtXZ?P9J*J
zzFDgi8%JSr!n78+_pOsdX%#)<H?mo)=dgM;rb$oD-d0ZH&75_2z1HL1S~~@2;?7nM
zcIRnYcdG!k<v@Lk4{nw-_#hy$EboFl3WE9)sZ|WMT{uYmA(PZsZNrPL*RS#c$u7V^
z@@p1z)L``MiQKX0G-pm&D0q80JQ9W#_2rN#{*9nVQA~$pd#EH^GDb8R=mq1o^<tS*
zyTGQs??RPpIqZ>9eETUB-_cIt=_zPJh4jr>s1m1wf@BeM75N|?^*k0aMU+=+_8doJ
z60$(gL)2+7JBFjuWYZC;5%EG0`-`ntZCL*wbPUHrNq{%M(lJwiRWF>&(adOD7)f9c
zSlaa)H(ls0^;0!?I%HiRt29vrYMLf`uuuS)tr<7Y;KkOfY+q#C>Y<xnd-L(OVtdCr
z1rX?74z&IF(Qfb9gAfRGHwW5!{L;|gL50}@-N}HqUOx%wcCLjR?azer=UZW_<i$4!
zhnc37MPR(xQl`)q8^L?t>j`)><UPqUPkPl_Q#X+&dPvs{w#_^=&f}5Yl3vq%u%?(`
ztqw1?cB_{FyQ^&vh(eG4|LlF+a@$Cj;B(<C4qO#$s#~N9fLBL!tSE`H*+r2GlCoFp
z?XW-~DP{{qa&eK&ig}v%`H1<Jnfb4YJb42sQnD>~^~|*RA`$`;nI})4`-LBbdBlQS
z;Tb5@3ec!&dreMWPFaxZ`k_URqb-G~rYi1oTV#r*gO)<b0)7-6vrP@NO`Y$zh&jz-
zxYZBerXL4Q9By|#_P;fxJp<|X_v@uj6C+0+UkBQM*ow0=UrGA5*K9%Mn8a|*LK3ei
z8f%W`bMs4!_6^s}^%*e$oTr$`?1VBb!5>6^nxgZ@_Rt(Jhtcd<dB6h}r&90pgM_6i
zto)cRBsp(*P?<-5aGTMPz>)r{yf%x3kZ4m5Gf1}--Heq&4!mYVhmof#H4Km4kp!zx
zYr}`oskNQR_L>e<F8nN^xA1{w?BD-|+``dalKHpQ;5V&|Ze?$2tSK<Qa;%T%wV-nD
zXW5eaDIEKG0!ORb+|T#K_43I}720Ui=g4KXfW(xdTUtBX!vd<&AH^LMe!N<v=Ac=p
z)~>ny);3gT{%yYTVZ?6oU`gR9i)m7@ew|`*9sUqjJ_EKZiok2Mo*YO4yl9duBV1t<
z8cp+H;HT1|B5yaU!By{khzYg)k;apULJN5OeT0)M6OLhf!qBsCgYYyt<}@{*MPuvw
zG;#7*l*lx50;bZGl{Le2yHFYSer0J!Q#exJ3hP3#Enu=jHX@Fa?3ARd4KJSKBB6|5
z^F3J;F5IF_j3=5dG`Yp!Y33)Hbi9iA3w^8YdM;FY%atGc5ryf}Ur<8e$QM^4x+l3X
zm8j_zrBAo!v}#?BWf6@tRb&qS%H~Ka+<j=KcBpQ4sPPPX*AS5dW{bAyh&H>y%Kt)F
z`AP@bp_Xt@qlgo}lnC1zPQPGxFWB^Kui-$Y7bcX%@Q$&BZ>^6%Yd83FKYj2^H80_0
zz+Z%sMlv@NT{)>?uQV2VPb!L(*q+x_et5nUstn4G1Mar88E#*vb+*{fe%Ypgji(Nn
z*EQScm1WJdZ`;1^P7UakrZ^YbV^Q~7Ev8S{p4Z-uu+pL}vXZ!bAUwSpQx)Yh{|k%R
ziW4wT8_PXqEXOsK)c$W=Q^%OWJfoA;3!cgy;#HnR^4O~2iE=z0jTbCg$%r%0X+Y(4
zMYDu%V4AUwAG13+l2_CPPH=8JDH2Z+0Dze?#t1@VC1=&Z_Udh@oN(N~$`^#fQLtHr
zB-kuW;GZgs0;w#Eg7T#R!A@n}({>6^<u$t1y0ga>!NFikD@kA$bTO}Oc4(i6af;;+
z3&9qAn1vsuWD9rP!l-pKYKd8V<G#0dhInCGoF8BbjC(RyF7${WR<ksv5jv>5ey>^2
zY3#|j=b&9DY(=sq$&1PBkjL0$GgO{W&-KLfkMvtAXaq{Y(_ARYh26YdF^7-KMZGhh
zM&dc4=ok0~=OtM0NLm#*A92ktsa#V5AaDOc`le;dq20pJ3ayln<}2Y|$hh`Ym@p2g
zb*gV3&?yY4vBP<WYTr=yf`<X0LcGXh&4W@Q*KiCzpP(4hDTsQi!H`N&V##*+ujjPI
zVb~I|1^jopF>SBjg37O(h`>jZ{f2Vk?Y;PBQt!P+tzJz64d8m!c?LY>V7p;LQxTD*
zyk>L8sk4d~LkqI;@`LSmx_XkH-mrSN>VCHX+CU}$5hiD3NbJ2Sn4~lqUTX{CHAYvV
z2k<wxnp1>-K++Tsnd3m^9bw504E;PKoLem6=!Rd3^aTTd*DS5`41-uh=3{J=%Y@uf
ze$#uJW-QqZ>567xyWK8SCJaq~?-CM|42}}~S-ZiX1q5--1fQe!H)^}BvsjhL5BEiF
z(1lWZxKL@kU8Sv%d-&)lD?f&#RdA2r%$)0H&aG!CEREW}I9fD=YyULnn{eS$^w<bk
z9OOxYtlf6IyTc+>i?z4%^lN51PdLJ8BTXtC-;|#SH2!bzaJnV|U2M=U9V|(hM<l^W
zW)>F}<TVTVoi%>2xU|DoG^PO@lRH27|G5uG;aq;zV060%jLm0ky;pNwBX+nQGwO46
z6|Z3L--7LhpQaD|+lBN)?YJQE4c8BBw_7&?;L(WOvBg59k#cCGqO3s97C_^W-qA4k
zvFh|ZHQ`q#hsj8Vw%e&g<vrt+JcoXMLt^+4`5_!F?;<}`dDjw`j86woFMl&qM*d~a
zUmV}?GeI#=Pi#FUA=qxSB|@@cO8g{+qm=*g@6{SaoUtEm@fCTtFtL<{M*Ik*f$2KQ
z<6e51lH?laam~RHVN*drdY7<#onC|Oas~B~6+Uk43(;uFNkGgp%=<!J5<!A7wk%fA
zQPC-GSH%QNfg9~J<(i)y@LC&j+Xm^pXRv%vE662QRyb#xq1kSywg0%n2`=T_Ukm7$
zvL{Q1Ef>8};(eSHpe@W#<}^$EWb@F4jBnP`m}?|qt}%T#fAM6fJnF*2%fz-dT~}m0
z?YH$k2-ci!)(nGDY`5cnt#Q{i;#*N~*<O<Jek-VODEEHL6CypOw%cxh-O4+A$c)Ia
z(nbg@U5es1qJ#*-Mm<hS=gPN=0-f9LJb3$wmIJq>Keyd{;t=V$v-lRR!Ytrg!=&Fk
zJ@406oItd7gqf>+CiQ2<`#PRf(flHPd99D(Q~>_<ww2m#b-8Ao&@_|DY>X{9#S&kF
zeaM2SSLin=ft2JD``qqRb{5w&3xAH_@2Til9czpZe0j3{cvGfVd>h3sY8AwF%}kyV
z<mY(B(lL2tqS*L+w!G9PlSEqoZMWe(O}Dp@eo8WtS#XiiI~tK2(oX|FQlTi)IPj39
zarR=n4euF@VvFAA^E}RSxt9O+z&B#MEhBR{8r(%^?rtUEF=z{4E<gDDbv87VVx*!U
zMa3?*qIM?<l`YM7o6SAAj$A{Qw$yEzmVSaUr7B~=Z5sYoHw)}M3!j7=RK`pMd7816
z%A3X+?+a=P;ksP%`5LVdB70jkuV%?DAH#iI_2t@C5Ri2SF}XLuYG{4X>6+C(qLY-5
zr-*!l3llD?<OGKc#25ZO`Hz2wU;T)z<~|&)Z^gHRuLIlH`80K~sc>oD(`>n&3hFjG
zLXh+0Fd^_~KM83pa_jI)?XP%6(=?}JU{TO@z8$r-F#P}-(Vl7?G)03xs_H80%=H}3
z!;?6KBR}!yd0Gs%E$At`L`|-kINg0FQ?*!Svc$#ibFY8JVhbT(PTK(R5iO_xWzEt;
z2p>o6g8y8}`yk_2MNq4ZaMkWtj>c|X?=MN<f@Fm2t}z@%<ja>YB0%|p&?x215eo^-
zSR{+sq#SoUQ2D=PlfxB(qv<k_=!R^b0hfY9Th*)=p0SvV=jiroa21Qj((!`4#*_om
z_IBGf=0>MwVEjms7hm>vQf|TMs32myjsulb|Bi+*VJRjtg#1^6KX%%&<)bpkfFq-*
zQNtGS?qq6E*l9qemt@O4fsd5T3CCpqtJQoo>AYafXA8LADw&_tDC8QH@_o6kqmw;j
z+*rQJoH|OMg<sGl5&GHEkKt9h4I`gz2LsiF`^xmrlN43@wUi9$wD+9vC-K4+HTtTm
z#B7974P5TS>Ny$19N`7y_&>O~Yw?$PP&xazf1OhX=YHnjad2a`0?JnEw>j2LgC3qa
zg5Qe1uGCS!-m2=NGk8MQ5!blQ10>E8O44GzD9v>1-ABk|k(6g#xv^cR4wYlfMLk)v
z4IIrkLBHQOYd6BUQqaC?sfGMK$B4B`A=1SJhk|>`Sihne?w~bEgjNVXUkyl-NjH}A
z^KQA;ZMSX?wUl9<E~*i(e(iO+VL6&h1Kr7kzqzS=U?pamF<2)oBLSC@CW?$W7*i^v
zPs$=*S^adn-LC^(A#~7j%o;T4K4|MBX6uViKjX{U#pUetaBx1Di43$~FOU0^QGeE-
ze!dtFho5JI^Zxj926l6|Ay%@_T}$jV^@L=pN<N`_)$Qy@2eFnywO6NZ)*{0o)uY=D
zx7D+CX?)7%UCPynwdFBXOh|M~lVV{z?SlAb%v`;T0V*9r)#U)^2h3@;A2(U@(<VHz
zd}K8r47K1|dQB2$ZLvdCBEc=tg>slBBtv^Al{R9h)v~H^ny@v*gotWCxBx+*WK^HX
z%(>^lSHxIo5(-yBlF6JXek+S)uz>tG-?g^3vUD}%xq2b6==<P`f;R`uk|p#ve(oX^
zm;5|qRjz2E=fqF3Pn(j@m0#a>+_s_8{4TjBEZ@MFp;)%<G+Tyyo&Fj86nsI~LpdSS
za-M^<j(3~ZOBzfp2GQ<BiiF3qfe-Y<8})kIX*Np{QJkva!wYy_Z0Pj5Fu_(sX<A5?
z5OgwYK`DVIB1!~9IT!;rSV;?I`TXT^HIFm@=7xm2>Vnfy7>Ak$lg1g1F+nkE#A)#j
zI%8a`sOD=_Q^HW@U74}9l;X7XsqPs3=oBesn(O&t{k}yWL7K5OhnS{OZS!zjJ<Q>v
zlcItpON8YI2MSV^3xFY<j@Nu>svwz(0ps@|A3V-iYk?}eWq?|pLriO7Ei<o{2tg>C
zDY2t*v=MzSL@bdMCq>yy6W^+%({0D)+wl=&?ImgF;KkLv6{SdE>M3E(Pt$xwV9-04
zp=^%h6sI5+zFl4!>9uxH4trwRbzHUyY-yThH`R7LI)o#*jP1DE0@u()o{PhcuNs3h
z2HSBwGe*5I#@EfGj{aE}Y^UB)5h6lP*;YfHx?_Y0rGx93E*oVBUluayMbu9VUIaf)
z>5XvY*`2Pa5n}jsK?W)1OEemV7Z(3hcx(Hs*T`X2*SQRyft9CVC8?yar!!st5asWw
zXCgF+O05YJ5|TKhew2dUYM8>NJKUBgM%8X~3L@sz`+U+ndEfs$7)|>pmy^DDpSU*l
z%w@Y<kYr0zrOxQ4GC@TW026(bf{i|dCm_{Dq%`uJ5$B8`s^U^el5pwS*L8qmPC{Ob
zfc4kvJhgGNMGslkGC)w~wsM7RcNY-<?r3C-d>X^~U<N4QVRC{RiOXCZ<woP#;G_?B
zN15VitkgQm59L;F)fH>&Ix-7nK$}DCusX%UJWPa*W(D1P7dj)?l=THwD~*sQIKZaV
z*r&wXvEbno+tE>Y+iA;nZHS-9*hQ(ARDou%Q}Ck%o5AwU0=uJ&vOBd#Q*EK6ws0nc
zA{C$2aVU~s8G!}`kTb3_BTaZvrp%yMtE^^;pzOII))A9TW+`1Cap)&uu`Z6P{#b&(
zw4IuAT}E6%-!+%-v3eI-`$@4m$I6fW8^Q1Gb`uxu2e;s_*M(NMg-(KCw;SJw*-vaB
z=hJq_Ewv!p>i<(l{vXt1=867aPQ%;o|I=`r?U(*PzsKk2pW#%9IwXM;l4Nv&)gC#+
z87K6H#_&fN(tyM%v8-cZ4HbcbA{<oeZG$+d9l{mMm1P`>;Y~t_QtcNgm*P_-S)l>a
z3RoOcL(HyN&ec!skck5<a?C0{(eLDUrulqDvrN=(EWF<8f5A7K;;A@mF1W@SmfuPU
zjkg|>cF=&XDN+v3XW1gV_Y-0jIqZD%aHV{riA+mP=*==agp6hpIg|nZ8A(WrN`Ro;
z7Ot<fm>QP`x7Nq0N19^+w1==eJsB4^1R+_otWTxOPt`*X1NLSfvH2UJ7roI=*aOSr
z)7kP6h<4Z_=pi8~4M_?)+J^bmK5-%bjo~qWsl4G=4mc#UB~7hD?@pSkO$p@)$cyP6
zk-gZ`x7MeV6F9!APJ7U(6*@Eo^2R{iSL5rDW2JBAn`-L6Y1Ha(4r-S58JpC}P>poS
z@+jm~e#2Er1SU=Ru3$}Yp|0)X`L)mg)mpXvO+ID%f7<`hAC521`=i+p>;U&v|3}Yl
zKj{DHxi9qp_xKp{k4?0>oW^AbL8j9zwJfKm^G{G<%41G^(+t*8enVr?q5AszTDHLl
z*-jY$X`VC$X_?P;YyGMkto*BXLo+q3<<>-;6`#$Xm+2|h)c^n9VEu3NDW89-$^77V
zJaPWrdiz2D$GZ2@|M7SE%$5YTSt&X|<$N$Zu&fid-k?YWmEeG@ah)paaz$~=x-fa?
zG)3`hzERTFA*KgowaulU+>k@GM#dXh3&T5`XFf$T<3qsK8%v4{TKW<KWSX*oqJ_Gw
zD`T@(sBq@}YAT<2b#N%GYJOx%#;*Q_Mhupt{E{UUt>%Xy`a<(LsDGnxT>5&JL<n`M
zCF1K3ah`{;Vj*4dzXX?s&CAo}VZk1A$i+7)oS-cD20i3aWCd(ZMMhq6c85|v6p8$q
z1QFV3?w7JQie3p#two;1G+hb-IAoBr!~FuI5wYJ|)(n$c*&V^Phz*v45>A0{K%ts|
zmZ5x+HYpovbJ^D7m(+3+{(7!RXB52wi4bJBmRYl`+50|B$7i#Ty-6PiQ@EInKMYR$
zr|_ybg~9aIA$%On-j6S5@Ub_U^hUEQ7@t9JbOpZ-MyH3+|34R#{&WiCi8VOC7!LZU
zhcFnO3@=Xyqjzw8IfK!72IvCopTcYm{DpF;L4V2zJMT}pYCh{74~B!;)uDAZn2q?D
zXX6R<;G#E~4NfkHy$M`gPA<mNKJ-SXFdB~rqqE6i^sbM>5e!B!8bkj>e>8*X``&QK
zUuE?!XYa=oK0i1aUtCQF@7~Yg{djoVpG@Jn55qz4c-R-O8ePH3us1kAgwx)6?_D3C
z8qePMCl<d=%nm-j@AFIieZ3L%PG*Dgh%W<0*51kN5N6}aOh5W@Fzp{gZ!(y2fSgUn
z=Z6*t=lG1@G8pmaMtv~~2Q`#-WIVy&m(#u;5KjBO;b8P`3WHH;`)bxdgnaxz{Zr=u
z=l(6>r1i(X<0<=3yWwr~|3=$+;s3wK=iOj7>>YpB*2>Qx`jaWA4*&a4(rs#O-vWPv
zTDDrh*$(Ha{!-aD+JR-&F5ZtvS8r9s3i+&`vmRc03*-wr9?eLT{;=Ph_W8U*a<}uD
zhwneIe)?H80^`guCif46Xsn-(c037H=@YNg5L%wwZMD1b|E!;W(rNv_R36OkK-_^v
z8EAY{#r(V~Rs|&qyt?~TuXg|Phg#{+EAfmlFIUmsAaiNo=&52#t+-7?8}BSOY`3f(
z%Xkap>F3$i1p@Auis;y%W5`xDg@1x9f!Ckj=Ib>{-u~q^{~ob>{C==|xYO~+(Qw>5
z{d_qY!k^%k((Gg@&DsrPHxcpIG%cE)WT08bSd>0MoHvgk&MqvID>|t9tFYC0wR4_)
z;|HeG+b@;kybr)ncVo-Z>NcbaRM#3-Ax#ikJ8tLqV+M0I9m1=vSG<BM;};)1^@=~W
zT(J=T_+`%x7FTGiT%&ypKmQDUQ8NuLW17igYY_|lDB4&*9hDW}>H=Ql9dG`CzJ%9M
zdz?*|>A&z?{b(BVl>XQ7oGtqAw!Qib{r^2aAF%=jxj_$@&>f_Xr^I%tHhjC1cwGDN
zq9nd3i7!gxKeUoqtyV4Tj3wwL%a$|=VeKcFR<T;M7@ckyAF*Z$o?%`0bBhigLbhZn
zu?o*|RNrza@dp|DEis8j&?{X9alR2Z+{Yx5m}mKG%!kEnA~p0sj&fV(|JoDyL*Ma~
z|EJMtZtH(uz4gNXe~-_0-5*odi8BJ4%IFyp6PJR&bvycZ;(&-#yJ2}!$oIB_DCZhv
z4fy%TT2zIqR)?^b6@<tgCHL@&KU`wq#`_zxAgvXg*|MW=sj+Wa)i|hGmiBE4*Vcu2
to#1-#sTkq8_1dx<^q}_l-lUh$%jf0u^7$Kl{xbjo|NpBEe3bwI0sy!&`6K`U
diff --git a/chart/charts/gitlab-runner-0.72.0.tgz b/chart/charts/gitlab-runner-0.72.0.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..54d30273f02d3226024c11e2f7f4d1433a6ebc39
GIT binary patch
literal 28892
zcmV)YK&-zXiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PMZpdfYbBF!&z#Rg_zLV<}^@yY*+gXEdJ`S+O;dC9Nc9zWI`@
zj3&|Dh}Z-}fGu?teb3&&p6w0n;U4Vi-oU$8vRASX3IGYR*+2S;GxNS?p2ty>K%r15
z6sih^!hp$$^t?2SW16=1ha{E$gp8tpd%~yPZnt-~w($S$cDwrj_Ri+Uzjd}=Zgw_a
zZtZk-{;l2Fe7U{zZ_s{9BxXICkR<)L_M_XXcJ5!~Aqo4Qrh@Uf3*%0MBuW0W^U{Cm
zw;Lf9LCO+|@7^(aM0#+B?9yO?dN-6Z5#3fxvyvb1Q7cO#PD0W0T4Ew39kr5_|4akf
zB4Z*++S=G|zuMevX|B7B_<;LKJZN0e$u&<y(QSAzV6x#sz#1NeG>Q16F(NFMgvB()
z0(3-J)CG|x2~XvlqV)zqOhz<E_An0ohJI7x_J-hD8c+mQ(+5+Qr-N3YriEygYcHxa
zt8~Z%;X75#)N70_-P``l4Zq#^JmX)U|6>wmR6Ml+m_Pq_wqJIt^M7k&<IDX2EYHeH
zc}~OOhzw|BWu>vQ0^dv^q<xY_5}150AQLPeKuQNp$aLZ_!S`JfB`l`i`1bpQv-87~
z<2wcSdPq|W`72-oB)Ot7^iw{9ViD563z-CcMx)Rmm(qT%?3sm1E8s?aT-qMAHePSO
z+Wc=k4Qcw#WcPUQ!@*aAr*fBw;448%8VrB<Y1ek4cw;a)=8|^dun!ZSK`<oofPx%S
zV2XqwIsV9cSu8V1X+()oga!SCJbo^r&(i^ws;pCA&>%~hob2;h(i{2bqLLg^Vc-i$
zvlw^`A?x>PN@EF`P~-Pj_zFKP)NMdMT-~~XYk-E9i^gfm1+W5=47!jH<*l!WXfGd_
zySs)$^6x_$8zw0;)q5J5afNFphh;hJWj*GZKCLYf#LNrA)~wn!BfPHA!ZC@3BvC{p
zvJqjCfF2D<CMbLgvr*4uF_WJZC&pYtLV_zYpdqlh7*QYI^J_Y$=?nNIS<J9>l2Soq
zsYnhNLna{Lai0ycRJU}^q6kP7@$1=rR>LL~3(%V+VgZxU1ZYfpk>&=4BJbx-#zImO
z;+q2RMkeS5i&+=?BoY({<2<1O>ra4a>`${OI^_`yCW`40vRY6<<73v?5sjs)`+P6D
zCKK@-SYOw^AOqFg=Mj-q$mcJBMnW+vvhMT4{xO%Qni9`TlY>bJIn_iZNfJ#|`JZ_Y
z@}UwCkt_~|G=$y+q#_}`p+P2jibVaWMkvXm=rTd<6$#)6jkWNvvK~!iDyjI%nM4f7
zV@gOAg?+|x9abC@&_p_{BU*-;R+5x@s$m+Mk;<o4K}$9Li@v*bSCin-7CxszN~KWK
zmB1-iA`HIEv9UUg08!M<5i;V$ax`4gNdd@zY$uBrbthGag~rz7u}8dwYk^yEk?Bmg
zp`?;$bgd?SMtXU=eiNy2!A6v4@`V~TK?5F#;sr8b#KttHLI8<FNGS;!{z_8bqe8Ja
zv8<V3H}w|-?p#Ca!WK5NZ|0nyFc$Kus?aF?>cZ_EqOE2PBhgzLkx340r;Xndnlc{d
zZ#(*}$bx_haWPD(81g9WLI>X~S(2sHdB2J8B~3>xMk(+vB>_DxL)~oGV4jmfqh9{`
znQ&KFz3103BJso-0TfVrrs}x`DOJ*ns8-6Acof2!{&=pKUW*$h;B78raK*ePF^Z3r
zDyBq;W2RP<_e@BhPL9}!N$i6buGB6n=QJJD6h59E!5S_nNy;S;c(e|3NTdT;O&O|%
zo#_f05G6vVrp*kkJm8}di9^w1aY%3cp&UgkWkGHm(L~YTKBm!>YBJ$j>V;g%Tx<Y4
z_4eTO>|lTI;^1u;J9wrixn4UiII2WE1rmlzB*gUEEU3b27bS|+3cYH_C~XDIbWgNm
zdVLwB6dSy}=IK>G;@8+sGssxZMGLX&LbI8Vidp0DkFH)YN0}aup5lL*GCHQAR{Rvn
zY!zI;<AC~bC{bS=Dh*4us6<5!BvP|wl8-qJ4eo`6T)U=5>l%`=`ZKV+NhD0Dd;z^o
z!ZpqLN3Fah271GUR2{<h)?LCB#8^Rce2jCRBT-}uDNUo#)f6v8f*GlgNk}y4oI{@r
zKywp}JqSFl(<!v-;xKkD+fn1;ik!AR8lsTJaaMn;DPW0DCI*xxcH|ISPa@PV15{mO
z9(za*MIpNe!^b$E1?9ffbR0%ZvVqbfv`k<^WORBJd+>D3;?jgPN?DTfgr-vIRU%8V
zZ6a}qWX{03E@zd#hzBGxwD%<+ML<#tMFTWchKw$&hl~lxVxwtNT;x4v9u&N)6~;ch
zQFWE%`ZS1A>3xE=5hZbjc-KVaV`fnLc&ON6@APo}g*FOMLCi5KI%2vT(uitO=TJu^
zCIh9zDwV8w?`wD$Qw0^yETpkyeP(sELYl^*(IkT*i>W57;Y8i4Lq5Mm5T}zaK^0Mm
zRdzJTXwt2PG)ZZosImUSg}{XAX6QGjNYMqEX0$L)gycz5rt=FJu(8q^L9!9D{54@{
znE{hRDXUt1*~#R8?zwAdGEiDXKZ~#rkkVf=Dx^PO&rt9bKc-nAg{yJeUPe3~0F8Mz
z80Ka{vFMljog)xU?mu5w1RKO85{*S_(N0@0_vch|XFyXaw8nW%M#_!@G}jes2@wK<
zOh`V$a(xz{U{M_@+n-vPBig4aAG1)cHQN1$`m0{HTmtDP;iUI74RVPfR8du4BqX3O
zv~7t(Oo2yoB|OQLk%Z-2Lq4JvFN9xlN~r#|AY>^Gl+v?2WgWI^$w+vDMtx6_nTA?0
z8moea9!Kx3@cKM;i+QSXW~k;#k`Ab1XipBQXRs8wQtKtJG8Ek!1$IPk*eDx8oQ--k
zRZFw7J+c(t6KW<sta~IJtK}&4O0RV<5!s0M2-+QXZ7rJ370BZpCu4^|7E7jAfId&n
z+!|&w<kvAM0cyk#8!3Y%lPK-zjS>o~PLgt^RNrGRJg!R?wM(gOpf2csy`_C+Bsc~Z
z4EZ(izEo?IvWaPMW#@z9bETK{G8ToOZ!{DNhq0vTm_*jdC^)AySDy=r_+X#}YedI1
z@?mdGScL8n?VeW4a2G<_%LdA<?DH3JP15)U&@|=g3+NL`q8E^mm<6A!hbs!{BZY5u
zTFmNPpQj@tXZ6l5O_JWo7x1&dRz6=(zD48~b>*DKGM&KN^J6;+et+Zyw)s}Xi;%OT
zDBy9d0RS0jL4R>{4p)>WBvK21Q9yjYZWN7vAUAsh+J$Ckd!%iuJ-ep$h!}$2d^3iv
z(jI!$ILK%SNy>O?jVl(9d7xz$M;%K6E3GzGW;IqCD@jTZ6e$zVVtI~@bm6zg3IGj;
z9GXKKMZ8(^Bwi1x9G1;#G2~ekf{;q<(Y|YenvcjWQYD~B7D-e(w0qL9vQeb8Vy5dE
z)1C?A0S#YRA7~1Jvc(u;keEfBK$7($7MTAXo+@}eg_K4U;Cj)fH<G3?iQw=QNG3Ui
zOay#PQ?15e>jd#-0o@A%p2bGhFsnN1UkZ|{JyM^wF{oDo9x8wuSKQlBs)f>fsL_ox
zq4-XZNP%amzugAd{#p+%zzUE!<`M@~pz{Yk@mBbEUbWl!hQ+#nr#zKic-4NriLY(9
z_3PJdrB?y09L5k3LCf^^P46!z33mIKhg8+`m9nnvgb>%5@P#Iz{hae75k~L8mSgj|
z3!80)4ZgG;M`KyNh&TzqA(5In={ag*XCxj_(Z#O-9(4Q-f79P;ZEhfl?@7c$BP6@9
zA7x6-KRkT_?<ol*D#VK%u@`XUKyLsz{p*&$DaZwfYYxV;qF@}El73$?8M=J2hOV}>
z<JH3SVk)nBdd1>_eb-ts;5`J-sK^`0F}TnrjLUf*&XyVeIGim8H8=z77t^}TfR;UA
zOj3rcp^+@Te3wD>bI64R>JNM)e>y(BA)_Rsb}uU)q*Nde)yyb>AR<B>Yln3c-%QUj
z02vtwiVH=d@K&~POb@J%tS0}rJcYAw_V%quzuQQAB<Q*W#;C{zDS<N{QPeBdAK$PT
z9cM+?jrp(Zqv6bio&su`8p3>1Chn&f@Tn}rd|mmI1xF&m9da5;sw*p*`3cGN$&RG1
z?T90*Y2rW(Xsq;O8rBI;^or>E4w`6)>yAjft&D3zvqV;3S(wVkYASZY%{VRW4HaCM
z=_&51qMxqXc?BWgEo(r5@c9(J+L`J0Fk(U~iJfMVww0BP3qx(;;p*2T0i<f|5@pXK
z9|&K=I3U3gYZlu&s>&6e2*U^-kc7QUd6tN7zQNvX!kQZYfLMo3z*7o)r-v|5Mb{NM
zu&H>UhKr68Iq@w(Yt6a<zi!U0GNx&7+2Xp+86_c%6jr3C>><5nVb(fyxGHj)Ww+0x
zh+m@`&*H0D0%(SUWp@CDBcWWMpVhReor@%4o--7-ImD<7Km3H#xk9KPnsiKKDVp{x
zSepFMR2<NJ0nKY7gJE+<_1qIs3qnr-1w^~2W<g1KIJds7{-Qac(gEV|&<{-qz!dNn
zk&*<%<_rBx(YCHV1^q?QYJxp~F^&B4?M8esyCJ0T43d})$mOZ>qM0QjnN4FO9EhIu
zwSddSt*bpBA6?%}luXY7BiMRGpjKXN=@u$wk3~%4uDITTZ)vxyyFbqR+I51U1FiRX
z*Gm26DeyR&AUGBmo+%~1b-BN@P>DLVCfd*d1oP22Ad6XA@_k`{!N^GMA!B{LvN4hC
zyV@<rgbwe}p3gNwwRkkk&-$aJw$Ul3*O**xRg@uTIY(2k(iQPSHQUc3?eKF7i!2xd
z5kRkmPe$Zd9+PXKMG}vwN7C2`&hNFAJ|YvnHKK-&<5FtvcP+gyWfEONKZ~{P$po-b
z9^OHcBw{r5;R7>P!Y>(@S~IW_G>Wn>P}$K9mx-|F=q>s?%)z}2P4zFi7F|Y0-R|uz
z__`y$woZLBH4a0#yX&fIt?4q1jFg&!Yy90^bFNHR7-(GduH%(x>DZB$vgHOD3u%i8
z!2?Dl^-SM9gN3IM(7TXD8%wf~GpJLXG@FD<^($sZf*xs%!GhC5fnHvB)>?Nf;h|@P
zxjgf(0WNr}9?#HMtr$`ycXZNnfL3`1@EGL+F4NVJ4Q<aV)=#o1s%$r5;d>Ygl87tO
zDpq3E*<5Nl?<-^5S|MRL9cv=FN2*2dKls%SPjSFh5R1|c%8sP6f{32i(wjNje7Wij
zJziJ8IC*>0#a#}ofGJJBP{Hf;?~9??tuW4nN^^FT!x{@pcUHQ0vG=Q_khK<w5$nRy
z<*neM@Tp!W|MUqY9VKce+rGqwHMOz=dtu1bj3SYBVpS#bG~&O5O#UK}A0&`XFxX;o
zT;rMgPc4C#5F0F(bfBlvY05`RBxC|cRHiHtKyPp>E?p)<$Jjt49y7^P77to0CC{?Q
z`?y7CV0#LVvr%VW*Z34mHZCbPK5^&HAga)`y;gr~Wy^du5Kas4D^I1}?6Z)TB!tsO
z7hZ2{Zy4YOMTxTfO?^-A$MMw8x(}K<O6ckET9Qc~QfXZMysx35b1X=S-t)&DP9M(b
zFBwaz@iAK_G=PhZ;U10nwO`R4OuMx!wzdu&`V_)2B0U=AVNkXyGsJn527ra5D_Py7
z4B8Qsvw_w^t<GKhKIaRhmmbG-Od?oAX?o2Bbq1t37@+6$dZm>ThZoiIxm&!lVyL{S
zQvS7~ak|uROHJi?S~t$Lb5!@o1_^=)hIB+xkiXC<DsiR$C<E5zy3kag9MBoYF%ytc
zHQL)wfyz+KBh7%xVW#K3!|eedjk1`@Noz=>k!Q{y^&;MDjR=eFfg~jpJ*S$GB)GC4
zgETDuv4YKDq>uQNyDKB1=U#~`l+N+-><|(nhvwWyGCivU5~FJoDXpXT%D`3iE;L)F
zLP5>F+}ZX4Kb=wJdW{M4b{;k^(9@eo)3JC!(XRe|IZtDJnQFWY2a0m<MlR|s9+>rE
zs*B5a&dRLcw{PW6O|@0&PDMCR$xA(<a)F$SUCSh6Mih+2LftCdGncTEfOX|-Wdar+
zgt92D1yQG{PQj@Wo+Z(#je?-qo&u(i2ZbE<aSSab5Kdw;Vu4bXo_uR27;>)kRSzSM
z`E~5E#3Ny-)`OxWfkklI`%Q9wbu~F>8`TNvt`g{}I$>M$SW>eec6gf4u#!5GlRx4l
z?3pdT!&AeVI#4+8$B|R!$?=csfS2|>OO!9VU`cQ0)Zr<lxGk#Y6^1Pn^ycYB|92b!
zaxJ_#>Um}lqrMNNecNI{YIY_;P7*62oUPmX4O_)?2WFU*{`usc!`((PRFfnxXElF?
zXwGsHH;i+H=k2^&DHrpQqFQVwJ_eEJWKfp7qJ-TeFX)=9?bB_j!dlhN;*h3rJ!HYq
z#-LS~VqOZbB`Jjw35^4R*jOX~$w_LvU391j1DM0+j*4uy%D4`2Nw{!Mg#BJzj&Ti&
z4RXuR5%oE0suv6R`%ARI(?$z8x<*;GKE<O*L*mA++Y^L(U7{oyVvOU@yr=A8b4)?U
zl@tNj1?(3_uSGLBizI_cErUYhX$B^Mj!Bg1qZ0xM!m(a35L}=BC9yrc2TEnPz9$w7
z+^Ff}nM45HYneFbgH&-}3^hH6{91CO!Cy+2h)WWOmuhBTiPj4Gq0si1N#t2q*36DQ
zU94aO4CF5ShWg<T_5|inKN+ud-H}Z535uO5*oEfpt$(IZL;J_}z4l(|N1u1xg{D4m
zY=y^OPw*&{RGT8&S6H0Qsp~)VS!5*NzBW+M`$Qrh4{%tTV;*HADw^mcHNQUSEyB_P
zATv!gbO-ESAo1)#KR*m(iYTrbC32#cvN($h0-kC^$ad=QD9Y`2x8pHZn7UJ27wAGk
z-Nv+Md~u*&50AB6=|~1gVKVtS^l^z7TG^htNIdvRnWID~9PHtYnf<_nGh`qj-zjpU
z@r-L4_W5X}#CJlp)5$I^s^ah11qI$2$kKZ4I@av*nqpn7gq+Oiw~b#l0e`So#CNZk
zqd^7Lr&WIDy{fy~CTjWJs9><Xuu+L~yT$ZIHVz@ikEo$77&Fb{-*LRsEdCfvG8inu
zceCdYZnvjdjNT*~D1Pgu1Q(y*5%;{Y66V$IAnnMukpqQL^z;ELJZJ5mSvB5d{Myjl
z><U0NOO7Fvs=#^}b!?9{26*agutb;Z*PBdo5fHPruo4z6n5Kp2wvg{@xo3x!gch67
zBTBI65b*rGu4?vTzGbOVIHL#w#8k_`EY|T$65io9Sfr+t0-z73pKlhwMII$yptG;{
z)rckjbFrxnwCC<PJlF58=;S$k1<!R^^{a+-m3^9C#0N^d(%Z!?)Kr8wnwUfOo`&pQ
zQQTR!XszNp5y;4H{2BCctB(a>v4kJ(R+Z=VQ$F${CKVBObA)%B|KM4wLrA`(ljh7C
zd8c#@y-}iS+*6S(^N5Dpn$G}(K>U6j@NWNnJ_~5t7@-@a6wgYMNT8a~oxvsp&Ib|o
zaNAMG?0Zht67%4}T&Lhv8~%eQ;DUn-W)><s(m^2d6AakgKa|#sGBMw1TaNeUcYTV#
zR1bGm>oY3o0)9(rg`VWv>ova(tm5OLny2N>5-XUQ$@JmtBxPeFshX%Wc_I*XvIF~W
zVWIp`Zyb2f|J4}4_H(8zDRtSEK!<N<3!n;BbhT6c;`7L%y<fAGdKF1T!#Y9qVvg9E
zyS@<BM(q-VjoTf2r57NtlwZ$SbC6j^EJ(TFeW{g{*vmu<Yqx~tDH%}Qe-ieWhrc`)
z%an&%!57Q%fYXiHYtU4Wa#pZmfU~(_s^6u$PsR_*u2ZukKRcjIfz84SD5++?-B@&v
z6xfy6R@Q-;OlThjTDh)JDa{NNEETq|X(FF*%eFCJKpX3Ks+GC5mTVelkU8)^HTu}y
zsd24A#bK_}`L(H035GPxqTHkE9OJg1+zdGWtgKDwG)f{DV2N95&Is3VTApa5Wxy!K
zccp-7jw*~Mo{p^Y@-NNG-kjAI1D!vvobRiYYv3O4J)?k@LK=l6aY)iov~-wUDQ%q+
zceoR%WH5{9fF3Aq-*~2MSX)X-coIjGGtT9=ETTGJsPjFG_rx)e)%UJFLy}mCPOxM^
z5*<v<Y@}qE@}vttH202<n$_(~9WD-N1kr&`iH5`InY2buLNqaJ+;OV_&Zrh~FYGxU
zHE@_5g5Hb7%J$P)Q`HcqJc^WgSfJ5bvDhN9&ENUKz|?Kn9-<qOoAWFk&@Oa}Hy`7C
zAD|2R458lVDC0h#r^a|1&vMrF5YNKs#AZ**R8Fj{!&k@^9|cXj&@sm#@f99S=)%tS
z_U2{-pkIBlf`b=PMNbmt#~ARl_3rD$b;f^dJ7}^v=1CP-TohivevPm4=G2Qa`SMM2
zlea_L77-gUIeiL$`DI8S7Vz@Z3Z9eU4SnCmF$TjXy2+eB=!mD2E^KV?d|>8XkYruh
zXtzh^H%*3gq}Ei=to&Wr?rfOiwmVgTosCyzfStJjb^Cbux!-3olX^xbJTzxZZDPU)
z(n$ls0Ku4tw6#J^GaiXUkHnIB_KhN&{abJGudKiYPk6)!lk-H$t9>4;>BnM|+-w@n
zv!$m%F6uoxW`R!TVH)!Uwx-6^Hiv^MXCadh@_{}SsdI{HBVgJOOvf~iCZHPuqLe=Y
zzw%gb&wz)*<BDDvvcop~9i4Qsq<Mcmr18gC5XnTJX|eK_A9Hzb7AR8;V=&HXgo#cp
z!zhU)gW-{m&&Xc_^f~WBkLYuiXIU)Si0(&3h{C=4IQFpfB-OAzJR90FJ4ShH&S6o9
zt|xIoOGxRw4TU9Ch(;4=@nUM5$ZQC~bZest;-a&b@Q}LEEsyAP9j{d<hU&ihBOj(E
zSjr}fGOQJIX;agRgv&gcm~i*Xbh~=(8PZXHu96P2h@_y_LYm?hvOu3}ak5+oBbWQB
zi+7=^^aHI89hqGK+&h<guBt|Ogt6|hmf9dtXJ!BEE_D2z^+yOAYzc*mX-U1*lh*#U
z=Mf#6p4D}GL?$NUL*xGf<S-K@*Hzvdy-~t+z_Q*1P~|k0oug>gAwx~u9dA$?xfQ`?
zP!Jv82!$&(_nY$vqG_hF4e#ng^WcUFDXNMpjmIqI$jSM^Z&BXdusPZCOlzgoU?#tm
z>XvYmy^WcoU_VRIjc@cR;A894cVU>E7<n!;H{l!FI+h#CXCjL1lAbrDQS#}@6SU||
zAv7L;Ptr=Z)w7Ss#|LMZ2mk$G|Kr8USwjm=)LF_~gyka{_4LMEi&u2w>4W77VX5#N
z^hT!SARgxuV1IA_{lVq==H>ap+4l!$mwRvDo*kT@D-*VS$e~>Nn~(e79b8-<?|nG1
zX>GJ$pVpQ;I@#a5I6OJ-LMA*)g!DRYx%Yc#2XCFEZp(E}9|sAEBqpv(<lXx=<)i5?
z?(Od%oS$EQckmCpBnj)!R!e)nOvP0jUcbgklDp8W)Z0HhxOg1s+}DmYup6F3ZuQE;
z)5<Jj@y~j*ip53VlIOxyK`vK+?nR6UIxV2g+-FG_nw^c8e%o*R9Xrca#n_%t(@fgz
zbM9mM#AflXM^g8l1=sd5&&MKYDIIZ1E8y%)<b-lWynAB5l-s&d{Hh)Roa%DOuVdVy
zN?Tc?7U?ehWi+|ee_!fcyMNWoO&;IBOv6V-H0o5F{5qzoFDV)6#sbcxOZC$<#QHRt
z1Q7+3)NScDZN+M{W`~iUOP*Mw(;FHTtZ1aHvZY%+7PrK(`2w0=p#H^VLC?i7L*FG*
z?76YF&#BCZ6LlBIm(p0VUzEDzRdyWb52szcOlInYhYJUikx|V-EKOkb*Ck2gc>`H#
z(wqX&P5>PV#NvU%<bfkw{oHiUdZ{<|be9fla6gg(+}*XPlGAP_R~V|gn4tM|&-yNK
zILraPJn+!2pT^5?La#->-77idTefDujmI`MPz4%#ybhgQjhS`)*{CHFF*$irQfExk
zds2agIWYA3Cg@>;L^d)uykfbgF74ZvuU;utq-i{gc@jj`dKyAPQaJ$<l0=`zDwMFA
z6B#-y<IRY~osHJjE8(8CC_pq;V3?3RJ@<&kXHIHt<8*Oe>73jJ*-@Tp56me}4V-jp
zmUJ7|8q%fREHszq@*JI2(cTY%C!F@iRGHP^Yjt2tS>9#63)6-%ImvAf?f)v6+=p{Y
z;p&wrvLx%{d~u(vK_BvKv_vc*)Lb<SJwRzz)`x}UB`Kw&MC;8{c;<Ph?Qz0<o*FG6
zngC|#DpIu+mLBrtUKE+-Q(J6#>0ydVP?hFeB>2(gbX-^i&rXGqL?qCmfXZ;jfDj^~
zg%xcLdu>F_WZB`W0Q8wgG~fv{fmkuH*welf(;8H8z~!8wl50^`t(wn%LpTQ$YnJX@
z(&}=Rw<k(JIxoHeFiA&_Id1g+D>}I>%zorj3};jS;s?AmhVzILOg$;HGzQ-9m$Rpp
zPygz);f7%4TPT+In42vTlF4C=|Nh#loa9s!cEsY=N{?r8ICa7mgJ8UTpc^Z5(RHuc
za8EoJ;ep7RSlxEbN$A01_++NQh$P~Z%_wXRw#QtWOv=Pbq>9%*5ba7-vaphh+1Imz
zKHw&+mgk%-vw^LmKv16*TUjwla&0<SrFQxaUFri#MD8qeDB?y`BBO^z3Z?1P#|^jm
zLQXb=W&Dn+j*hKt;ole!P>;?GOv;LrDSAIF5}FES6UOp;e7zqLHgfbR_0zg|yks0`
z{L++6)Ci+V0^hw-rhm-(=q1h-I)xJ!&>4v}VkR9=eq&pHYQ~BM##`e~k4mD~p)01e
zID53hOn9>x5oI3P1xI)9`Ry&RIEb>4R+Ds@D?Y%7ySwN5j)_F6jJkSC`zaN}BI9dk
zXujxr=aQ!stsN^zG-l_;*ZfOGa-q-Ie$~re0mU+J@dm){mVRai!Ku{+R&sSDqUe1Q
z7y^vJye1?Zl_x$*h-4;xPfCg4v8ZdtLcYEIr1UfA-T=6}`=oTUl^jnrMjKY-;&2Dj
zMINPag%(z%KkWXmvLq;G|MAJi!MQJQ<P+R6Hvj&&PG`H_soejzy|uml<^H$N@!Z~e
zc*#@!G|#Uy(KEgA59daXv(kn_%&+wg9(gK%bJL1@??-;GL`q38)XKi>!fY{9ZC_!F
zH&1zYca4?b^TE`xduPXo$M3or>J&2V+7@}Hsp7I1wW4E~-g7+rVQzqU4grZGAEq9J
z{(IuyKs&Bj&>TOIl3Nj#)FeMw=9f*Tix*6s9hv)3c$PM*!^T8;<n$3|>~oe3QW8=%
zmZj4jaCe6>I{NWEL1jU=U8StdydvktjLT<svD~!ycG}SZD;L=z^TZ+YPQ&oM8c}OA
zSB`Leeh$OCX#~~VA$SJF=B6l5IfGz+2B~CH`#Fc@246iCYw_sAR2CKvagoxI2;)4R
z;@`?q8|#g-oL1b{p(clO|6j*%`)(#lSvxxxInm7&bFBi5TGS_`%IQ*U-~7)q_biuL
zCR^1Q=O>+@yQ`!mz4?~KAvAydQGA`Bj#58%{XePyHDOIA(JbCvU5DRXD7*fjn(!OQ
zl#NdDei>-)+84<0hTXBs2O@)EUCYfmQ=wtFrZ~xUdpq5?yF0wlrLSx($S)Vn;p8J>
z@u{{KJCGWmdHUgAn=sdo6o^ds0>jWE!LcxlT~;r#uvx<jP*gjueCL*(9B5H0m(_!q
zr!<^iKRzc5SN>#u?0r6LMV?1kQ!4zSfF_GEHmG2x+O)*$f4~TvToUj};r%H;hU8qj
zsQQ<m)h4sjxcPR3jlr(?U{><wIhmGgG=mcVe9Kelk>Ki@q@k!79Mf1@wkdF&3;p+`
z`!v&(7^Ws;^dCIiof(Wb3~LUlL9}+vO1!WztLdD9`4<>1cU$IPVbC0W%VW22(CYGt
zE<JXC^q@_p-TUVptEqII^#ooxRx{InE;C@CRU>p)(X}BF-_eO3IcQGZUe{dDhjsdr
zzcppMtZB!TEmgDKyZ%S4v?gxJ?BhlGp0(l!Uh#)77$bX&BdvvoJAk<KNpgkJLIDk_
zvQ_h7A4|E^IxOsAK5z{s!9tqfTw2bIZG()6z?6izQ4T}Sua;vieP6}z@M!3E=l=JB
zZbAW`8h8%999%&23yGR9-06Vf1|Eqbdm^p*(_-kqC%-#W`j2+tJ@T35|GlK~_;O5A
z;mag?WE=DSzwOQKoz05>cV~O6{l)+LIUdEyI)tO@do}wPG#-1351NYE?Z(&sp^XCk
zcy`ptBM+B%<jx9YbV21elN3&#X%9u7I^{Q=vDwjx=r6D~105#zGC4$VViWvzXre_{
z>f+hKyTkK~gR{${ll|`w-ZlVx*H`wNUU|!_w?zn=I=4x4eSHd7lX=CvyDR!>LY5VD
z$F*I2)`;2fTI5uScd_^G^62pVqMmruB*U~D6>^nzNkzGPQGdN$tbl}+dYIQ~-R<gk
zAHO*`J3hELILAoR^V7ZkgHnH|Qwq)LV!h^UB5jSoOy}L3`sm=KT8)kMT0%v~(Js}z
zZe;a}PF}#OuGify8Z|+xl~z^pYNM-*8eOiXZ&N;+-<l4XMNhi|EBQajC@PwdSsc<>
z!d5-4XHUp;_dc*arF+p(%}ocH^MmvA!;|Am0J51I&Opw%TC6%uOO(zh<$Q6XgVRbE
zg4tApTD;^L1e;YXl9a`=56yoU{=W-fj04{s7%{Q3_ia<(oaL|AO^7G$l1<&%tnvo3
z23mP0o>@I^l)|`UUSc5~v>_ysnec~P$iveo#M0gk_@r1SJS-#WjA>a?*Z%oOFZrcs
zrv5jiQ9_?Y{ad{Mzdfb@ZGPGR|2)s_ZR=|ovr$*45n~ZmlV^9N$bxwdzHTA&w!Us0
z+$8pljC+b6L(2SyDK|@-)N;uy%Aj)L<DQ`2D7Nxgl{^{KG-V;hEvzgKU}w|pW}Rn!
z+}`pEV9uUy>+43IF~hcjH`c>18Hre*(GW<IApU;i?^Hv_@=~>-`XZo5^$q=kkEnY*
zOb4<naiAmd@GPy3G-U$TOhn$><8xIO!;cdhtS=-^apj@y6S(V{{hU*!C<U_%Ekime
zR89+T6?@s;U4D$*+N=*lBFrA722~CRa0^4_+j1D!;0(?(>ixUYQ%i6)9!o<v>}2TU
z{HkR%eeGGEpJJ@n4<II&gkcF?3eRya<OVG3;#BRNJ0SXRvufd{FvcfC^G{7^UN#>v
zft*`D=VzD0Lx;+Q5{r6dqXoShceT;^4fvwdb-UlD&}y#cdexX9Gk5B>g<_hmPW63x
zI&A8UFNPos2UC@;BS5|RsLMmMNM}-1sx9glC8wz}vu_u9=m<}NXEM<l(~5(lAJb@2
z&m5D!ieV8LH4CK$tXA6E)QH$Cv(D&<k16D_-xwq7Zhp+=!|H}!X-IfFf6sc>*Vq+o
z^UC~|3)NW)ZNZ}cdOep{w|Wd})s=Or21<bD+>kqazBNmXIb(O%ySr;HKiP0I=Y<J=
zGV*ONNvw#&oP4D~CY>)Bz4NyBsEaRRV62xrD^^L-Mt2u5L^_>7vlmesvUt#hHI&29
z95<)YT8B0IOAWR~_4T~xPD_Uhg$puJEm|qBvmT?QcX7&VBibe?Zc;)uN6`)l7WGqG
zw%KYLJZF4&kz@{PmaKJ{mtjdVsDel$w|D<8{#|sjZ{>cJ!RR3^aIhfNqELWcg+;t%
zPK_D+(B{&$%+-0-Za;u;Dn_RPnllpQ&=7vTo55!Fy=MpVgzX7lnxMP!y8RU0$j=TW
z)~GLc23x7`jIDag(|h+Q&#mqD=vDjm=Hq*0i8ZT7*h+nmY}MI4`j~G{<>w=LjA!D6
z<jEpTr+0eYb?7NJhZpY)V~hD_Y8TUL<%fWaBfyW?qgzhqv;K5W1|839FMfwLB+6vH
z!SFB!$>fm6(&j_eg?S1wU#O0i9RG!&D&8ttg+BM<>yU`47-UtfIzltTl}kfg53JB!
zSEYqs*7oMsanaw!4GKN_8rVAWk_`(TM5*+e`KK8Qbb-dqeS`&AAP+kc3Z}v3ka1Y1
z1a=W0S)pQNjJcJ}hW+&>5DaN>#o|H3FkNxH&ZK=4n7RKKrBikm^HROf+G2?$aJN!A
zu$I%%Husy7={sBN>(E)R7e=#$uIbfWnv@ChJikcAI6&?vPs=W5Q?p{5E~R!hU5GSo
z*7e}-uDocJ2G+e)$Zs6V=c0UnP;X-S_Mv^$9^{Hn-E<pi&KMU1;bM}|O27VSS6}Tj
z%l}(G{rR{y=KFs)Hg`6*tN!1eoiG01&+=5ZJoGuteS4_4Q5+0~Vn=ZC9M?M{`9ALw
zJG5Z0=xgYWnB-n9fp)OXt7E)sd4*JCW71|+jx06J!KRc+%uiS<W9(xrW@%GsMfQfA
zm1meMrANdNe+w$XGk3)5OK@TT<oMgecbBJo7w<2>JvqBPJU+bGRZZm<U5m<~a#*_w
z&DM~QXyvtEEwxsoMf%g(G*NBQi7btA*e+J7>EeD~x>&i^bApYoLY9J;!0K&X-^@rQ
z;2eH$x#_lMRm*pq7e#f<*hGeP6K7!u|Cfx(wRN~P`t22qBJeH_&OShMH5jre)cr9n
z%akNo1^$<hhZmsA=?`jfOPvu^dgaB<-n<B388&56xV!oce_RtLiw2j5h`h59oF$o!
zJVl<woIF`FD_0gz!Di+{SN;z_fY;BHOtkWhR`AtVr4M;ND){NAKdS{hHiWf|KAl%<
zcXcgr5?B<l*Jo5M@@7@5=B=-rP2I)}{M}mwYHkFWf&9CZlXpi4mwTtDM~6B$+2#J(
z!P|r5i^IL6^WEmM;PsHuXg*$bR~0-ZVs-E>W`ddqW}uko9j^?3B?WmE-O5<L+dsE_
zaQL=5mZf&qa{w!Vd8Ry?C+HsOa9?Z`RHK-^8MBJ7vDjoIho1%4<{}nxi!)`fQ!I~3
z5Pyu<XQO+1cKH3?#ercyi%JdZ4i(nd^Z0=UY*~}(yh7lqq~~+z+1~&7cy^#jeDd*F
zC*GTyY*Q`P&bl(7x=CBbYtamxnR;PHhjb9$nP%>blkX0Wt0>HbxFjm`S}&p;=QUl^
z+6tUm=TMPg#NzP`Dk9!`P`u*GjS4nQLZ{jQ-a$pZLh<lKkg`M;%}lK&wdEH#buLLN
zs~w>?GyumLgehNtbQkK<LBVRY=9;p^#E?c&6V}#dhZX(?lAmMN4SkM5qv?5>py_To
zALozNCC`>M*HL;pn-@<fyEO__Bfp^!RS~PjiD4!~ejQ(0hwW}DbgcT-Dx*BMS#nC{
zo%gxgN`tG*{HpzOY4y$KP_Y#vKDdnNn3}S=Y0Bb0FHF*i500=<NyDBBl#BS_Tb_=H
zbfNe4n-VHT!5V-LxhwE(N;d1Ou&rQ@oJ*@2?LxEbv}G$L+V?u8$<(wXkPqLA*nZb9
zE<+LP3nyz!E(1B>ajetfeIPe`1L};hd4D+~H<#wZ%JNWGE6!{0NwnG@jG}m{6-9gf
zrhQvt;pGDA^1Them{8NB*T#gP?e5ZGE1r2Dit9f~IHsv&g1QaV2Yz-duTM|TF6#7N
z9k)IEXnQg7?eTOi0hA#&=LkN^CJcU6mJkNLZrBh@r}Y}?UNI4^fyf3ii7tmE4kMa6
z)`?oX;2C%!G+Rl^gVw5rd6}@V2~}+i?SN95vL>R%yfJXV+BeV3?LXJH&f)QeUIsqw
z{rAf}B!2JW;^4#S#rf`LyIAl9m8~q!572XoiIivv{fG>NPT)Mld5<v8J|16wJigd_
z_wL|r*$Va)-Mq})-ngrIzB$9h&ExQ$3m==)vG~r{!hSVs>CwUW2S-&Dj8=-WcQ>W|
z%luNtC2%RqPGgdP(|9Z`72FdHQ=*_u%(~v`cY464&pPB^rj8g)Tb0UeWWZurT@&;d
z=s<Jzww7J)n(KdtkXt5HYIM`x*Z?Bc6qK-f%kF^pVI~{{qNIOVjjPB4GkZI&7#VaU
zO%F;D*Kf55yno6O@THPYd_<-Fk}k3wO65CMYmh4!D5Gh<S;<|8ai#iwalaQ+7Uya#
zl+|08H{B*zZ(R;u4w-pU-IBzLb(0pR*8Aj2{%XV3sGCw#r$i3tH&-(PrK<D$>3OkT
zFp0iw`m2Wd=t_9&1DYfKQ!2+K+Fku`4R>8xz18pUU>Dj`OGz)K<jT(1$W&me?5wFd
z1;Q~Y3Znu*M3g45jlV)n9cq+eFJfal--*gINLWJqghh7wv3ju8ahQNjdtLGiyAjAu
z#HvQ_`-8K?Z~t+5aroij<m1Ke>TRd%t=^X3cD+q2<<O*RWg<n4l0ixnWluK!uWMHL
zCcs~z71D7l&Z0<}^R;zNUZbyTD=jk2^kIbEwxNLDX7#)*jdo#3qeN6MEEv<2^(UV|
z;9U=R52|xti4{L<nD6PD2?~7{N%cwz_|?*pKW*-6fR{RcaCddh62Dm`<6RT#P_fu<
z{PnBOI{fyV?UH5Dm3%m{`vDIzKUHUIQ~PXsnV9tWjlOuRv$3V$20W#iWaiE})`zt<
z0~mI9vGO`LR(`#)rCyh5jtkWDI?SId&0xf0%xKV?6oExb?ICFYMVU~uRWWIn(kA@%
zs||N7+l4o<K;*B`p2k9zUcJ>N?n)e>`RJDeXfgq7L`|IEF!#=S6aMm-zcg2GOCzL}
zi>EU<W;?s<rmyRUi4}{~EA@BHsxwB=5IhDRg{ElLS8A=!ct2>)+EZ}%9jflnz0*St
zXV+#STfKD-AgXVN`v;frPtGs8o|A#h?m3HbaM!J^qD+*ox3#tDO8u|C0`uLt+ICxG
zlD5(;&RtFA<i}=<*=GJJLCQ}@8gG@NvkUvKmG8=}mutE{uIXAPM59z=e{cWbOi9ja
z;ehx-T0v|`Nl4S(rqU32%6>KX0DePBN>f<9#pbR43zi}u&yIFiZ}S1UYmtPt#+{-Q
zqP2RP_xa9}Mzof;MJosAa;+9%NQ5;)ckL~MxWW!uMBxX;!%mUACfLZKpBybW@5$k*
zqHUH&@c;d9|A!}7L`y@bR{DShG*!gcguSbL))d5M@vpmPxxjyicLx{6(0x2Rx`U0s
z77L17_%|&)o;O+2>^`?YJr2)*XnU`J`ti2&V)MtlAN^&2DG&-P@H*>_yd9G=`dYj|
zn=ro&f(gj4AcS5fQEaLbc{CuNuPf0{%{J@H{->j&?U|-!kV&-GyG`)=8}J+4kaQp%
zx)|}a+svD>z3Y0bIlmN>!RTt<uL^BPQ0AXY8kb$U>^^lVG{z=>hCSn6QKX+xSqw<i
z0W@n0Kt+RtvH-1CHP?3LHJ6d-4-nzt`Zz+JsNSxYGxkwuu2im}_9Vw-*L65teb7*B
zO065s|Ff<@PqqF$boIIK+H;SU=f3OCAHM3SS)=&UnQfKjMtz;J))?&75dTw3Nz3K)
zrR0>rbGmgm?d>efI@`oNu~rsbC9##0za+8d$t#6btBm9QM3xa))&{QkIn+ywe6wQ#
zdbhWW;4F)B8Nub-Uv5%Vjv)9C!OQjf7e8uuK9%fuoHI#E5Aq`CSi(85)od1S{w<T-
zH&1X<4z@3@#8`*ByW3m4O)&kvymL@s{2Al_X2pLNCk7rL0J`A(|I3}uP9^^HWvBfm
z{`0duZu}=n64A<oK;IVkp?rw~ogW2irO*5vJJtLDiY;IOn`LK4E+42mhb!*y+B*$(
zNhgnKH-}S^NcGh#$$Ux}=-Xb(YO<@|4ijP&-ZkBcnu8B0HEmc&n%|G+`pa!$w|P^1
z%oNkUXF~FHa>PbVmhxV8+76WIvetuDTt+>05%ohjP@#xU$b7*y*YunAic9;8Rbeij
z-8*fdbWx8+Fe;(@kSX(^X|v?ixyST@={=qNI>qX~k4z$1tFUlhc)di?SJk?u?Ukvy
z0X8H@WTRr6s6-ia#CFxUXXyQJh@iNa)2y7DXlh)<kZf%4h-_4|f8`uGpLNiy?%36g
z#0aG!HND6$hFi7|_U@=<dN6-eZbtYIU`h*nks=zDK}r(Zh387`em<j+HrHnb3RQ&V
z90cbJ>GEx&<+@9W>6(_UuyjaNJv%t>wmE0}bpEAu4sGUMwwHsOqEI!i%3R=|9+$Sm
zORvkh)aoltwIj->3QF>D_ECk}X>B)R7?0njB%r5wEAP49`YRzfx8zJ3Oy8B6m#n#-
zvSd$GD^77r4PC0q6Xr?fx^xzfh%Rm%w9Mz-UwhLJ9=V@a&*V~=u5_A3(J7BuFqxH>
zvQn&WJ}tp6VkWP2+EXH`z7I8rvga-(4wGbpUa**z1h8{vIumIN)A^y3QL>on)6(kS
z-0z4#oX`a4p!H8>$>P}FbuB4?VK(Y{EN1di4b7GAHD}7*(vfrD^wen8)txtD6-;P6
z?k+Q;Qz>ly!s32aMs`eND#U5Zd$j9%(w$TA)6||t(ISvReR0@+%aIPeM@<Nh6+yq@
zt(0B|euELYfsRs+esUUD<H<<$mPTaa3OEaWr_gyz9r9}`y1fUxe_aQ3KFTF1$&~1=
z(Z<V|CG|2GCw+zycNfEyiXo4}GQb(|s+Gzh&1QT($juobtCh+is}a?us!OgoaIa<T
z!A;amq?D47J%I5`p)Ac8)j*a9GHn@~e=4r6p!RsStpI!yzOBHV$GCWReKEdnO5+;s
zx?Xz$SI0P=tDWC7ig4M0cNg{Y=H6Ts9~`9aa!tx54|vpti~ZAiYgOq^;~MjC78S~g
z<NRtA=>6<OdyDvDyU~&}N%_whm2B@4cKYsKwp{&M7s6;jQW<#VGdJ}h7oKjOf?O=U
zGeFi9s2=p7sTAi$F1;H3_5C9rmUP-tv+g90CS9m(bKk2^Ed<-ThyGQ%TU)0ruV`7N
z67`Bt?V2EXmIhRGYe4273wW-!W^c`|*c(O<tMUpu0N=9IU1vr#WZ9?-%@24RezUPG
z58VUUKk4LKJoWM~ZYT560_VA%d#!J!du7R{5YeB?AORLT{}%wR;Wh`^-_IHLxK7RN
zj(V7+BQXtAwTG8=&pe-6Qw1PFX>p%A<z|+IJY8(g$dvCv5XFUJ_0%nUwyliVS;z{D
zd{Hw6^jz^gJ?2He)RMX~6a4gn(%FknzO(B#_#l@{t*oCb<{gQ=GZXs?*t%=tbiL}A
zy0u`c_Vf}nzj@N{D;<C0_&3d)y5{oI_iaY<ghzZZIZxD5z0YGcsaWiGcV>|~L}tUg
zFJ@^LD;uW9wOIYqtsEmMSG(7t+?a>-+-!Um4Z3gZI$f%D{}G62TJ@+qFYBpX)VXha
zLoVcA#E76yd(O+c_S`xTX|H@@%)Y5}epO4~{*jl7&5HlP3t_wwiCLctvm5l#HWu9f
z)$X(_`M);W?Ts(@e|?r``l2H>@FzW`XX@LIJg;F+Lg#y~>o)c7KjV!iU!MCsv*!OW
zAy1I`Pd^Lhe`jN-Q;GlD-rCvtGXFovQ(egt;@r`&PZEL`jx#F!z0*SzDJJ~)#Ozs%
zfJ7`Fw8k6glq*G(l|Gjf*xv_mk4mx#I+kg;n`86KcHEnpbhz7lp0ZzgEJ<|A!#z`j
zrk^kN%|;1eyB8!KP?=v%RTrfPn7FPIsrMj*W5nV!H~ebaTdkylQ_55$H_KEjN||cf
zF<h&Isq*@BC8<Uc`}IdpnEzzYEcwskK}v<FoSAvplCVJjZ?t!|D*9h%b9?iP{Qn$}
z5%on5uF?^Kb>Hy8x*NphN~4%clV8ifdWCUXc>wXDu6i#Cy6~8cXAoL+>!T^=UgHl-
z$HOiLwM=ZRsaJ2q*EbQAJppMJS;wx2Cgsu>SE3CnrQ?W7h#Zz2m7ehlwn~0E_3mPl
z&@SjC?WK=B5?s+ZthzhRC_Tipy68|;6(R-!);KtIBKLc=HGS5^45E(e6aU!zaAaeN
zy1TREduxYL+L%=tIZS5kEZZ$TqNPpPJgCrZe%awJa1%9d%&OaSu8Xh~W<GtD<sU7x
zzC2I&%v%3b9#OBy;!sKUM;d~Q?7!{KR`vYP#?IE4_5X7`RgZM#N-=k-$8W?vMmx3S
zS5oaEFnyiz-&siaFvbP$?(BWYXFQ_cXdY|c-dfwOS$(ag&Z7*mf6-$_#Tml|H1+On
zZkB|*n(fBeBnf+$@+_G%-VJMbK47@3<LnIZy@yp~+D+MQcm|<zwEL3!=8O<(hnQ2N
zXz$Z*{_|h(vEZ2}|DVbMxXAwNbY52de>>Y><o{=R{&4v}M<9HW_`jpX*QRCN@H;1O
z^pOnL_V@AyLUiGW=Lr^g{!_z^8^iaZJ&}P$7!_D(Ow*p|qTTVs^GwiEO~kr3>Z~5E
zQoVYIAr#*1@*#Z$iA0$0RkK;?&+RR&MNCL&e%;hL$^Ry}IY(uBG`q-c=|;24ZrdC*
z6vX^CR}H$k4t`#uibw_DN>znb5xqC36Lt0QbA7M=74EqD^2~l_t^e*R(8sp1$o}iJ
z+tvHOHn+d*|9zI{ap#b$DnhOZ=#a2`x_(Pxmj4CPMo9Fto+RX#jOI6q%?$pWb$)Wz
zc>M;woh=#%WkR_Tpz|TlhVn(=|L1vT%YW^QH%Z=p&-ky6_Eu*q{;S>jBL6?fqvmq!
zYq&Uhd(wq7I^tsrDecpg#sL)|Iec<;)lcws%e~K-yVujYt`uuTu9dC<a;(cWwNM-i
zXtEe{7B}YuT3-j4x7?KcKJK!!5K(tquY_p1+;WL^>XS>1Xj%%Pf0FiVGE!iWo^Ey>
zFDRLxK*%Q3c^W6#f7VrcAp=dt!Iws{F2;U3y58lUfX4xmPuE)cc;`%yz!!_|zv8oK
z{r?Q{KbzZI)%fqu=GM-a_5X7`Pjwu7-m?4%N3J(@to!~R&zUhoPY@flY)sI<=-QXZ
zq?Qup-5>ph*l1Ju_V#hfw%=0{MpOvxfwgycnazg7)8>OAyS(%m1l?5Z&BY8_4)Ted
z%7>>*hl0(^8(FUBHgJxP;xna?i0S6tuS?F9nZV~yn>y^Dghe#O!16{Hj&;KL<;i73
z$SzXS@3X+9uflq@pXQ9%98k;SV-r@?0IB^nHy&|0eDX9RUQI%b<bL@!su6isc1R3`
zf1>0aa|xIy4>yJF?>U63R{56;m|LL#eGdQsR(q=&|FyIEW&i*4Jh#)AHQS-LyS}s1
zc`owCJXq~3X>gy#!%*>*EU#@<D&~65l$uj1Sm<7Ls@MEmo9*~Sl`PUV3vj96)Iz&x
zanZFOs3lKVzDGXkDwuqko?5j_lDS%VmaAiCJC9t_7Xn!Zhes~s3xV8+4u_|r-221R
z#bfSPUaZ{JF?LDOT|)V-t#<Fhf4KVVczy#Grfxpr<$&AZf2=(p@oC-bc8RRZ4@mG<
zDBIP(C~exg*=T{fr0dw$<|s@hopD|oxr#=(T!)qtbz#VqtRj&D?xdZcCEY6J3vS=2
zY4pKH^urdJ+@!7@KIdi=$3Cvv<o)MXU%xz$d=}{cBOWu!AL#eB&m#SQV|%-L{^RA#
zFZn+{%TuHOTRCc2;Dcd-MdrXP^TAs>p@3mF77zS@r<4mn;G@>K)0{FjW|b@(AO`a<
zcF6Bzhs@xUsB&jV&H6dN<}!9l=@8}&aB~fp5?V`{CNvH)NxJoS-B0~kmU^hTk4a=}
z+26HIEvP#`Y1IrMA{f%*;Hdt!Oyj2By;70Q03{=_U%JOXf6=`+PZh9=G2VF;cKY=h
zMQ&yBAZPWd4<&4C?yOn50SEQ<vM=-A*e65|b7dRPe=i<dx6XqaO{W2gFm}(0mChj3
zQWQ$-X|s%1V+O>Zc@M7-(sk^wWr$O*S!z08GR~*(nKEY`+>_sn)|98bt!gTn_k)+3
zdn`8hSZ@C1{OJFxPi;=>Rxc%SF!asH`jf})0W6CD-`Sk<|G)f_|K;;MB*-1Po)QA_
zfJS_9iFd+Sxgr9d&@ROE+Urvyv(#oe*QMZN5)w(_9g|0-2m10H7;9Y}B!{s(+4qvf
zsPUlhX7%7YWirnm(q|Fv!oHF=Xmwio#A8X7@?|dUhDuf}lMoB?tRwYV!pF9}i;{y+
z0Xq4<u4oy1TRNorMp-OgB12x}icYS18kW+1448C&1<d)OFUZMXOy&6Yz+Mb)uHI1g
zkLfZ`2Q8G=qBSdR{`|^|YK1%yzEjl*kGv!c6dh{X$dZVYP_(?3m<UNnEtAl^MaD#u
zw6(F_ezm!2;9W+1!2Kj1<ZwrXRd2K^Je!8>hjHLL`C;gYu&4_nOO#svrocsWUcg5q
zCSBGOUHGA3K6{bLhzfzrmSJ@)F_Xm$4ney*6Eu9#<oF!(zh3_5g5a^DAD>0?|K-Ni
z`LFiIm-Anr<uP91OC#gC9MZHATjkUd`CT}s*I<5#MsX>d*Jn3);0u32pWWbReEUr{
z$Y0>>r7?*E+Jz6rkK#~L$b?K;FRPKG;C^cWggnSbG?wNz|F`Z>vy7=Wu{&KjQUA+d
z^E9Msx8ao*G_Ta3h6nmz2kC}ahiAhp<I?a94beimL@gcVmFM_`>LKL|ZGAItbvq_q
zy93dvU8T#FYzK?7l`gx5ardCx%LYa1S%pTWu{4Ftgsa7!#zXbl<gHwYzRN$|l=g|T
zg_dcsR54+RG8{Dr->c>|Pp|qBzh0(dnI-ZH<<~luf*7*o($@80pN~cvrny%dPd@zO
ziY1qYdRCNIAH4iS<KAmVz5K@mD^I2VFO>gVFE^_4f2Z^1{`b%Fl=T095=C5RANP;x
zjr_o3p8Dr9W%1yc>y(6Wcjxt}B(=(VFQPPLj?(x=H~+7$n=ip(mZg@^*K-E@qi62Z
zJoR^y1?))_fAh?j|DDaPt(}Ve-`aZlCI0iXJS(NAu>$)%)+(idl}6=j!)JXDbptP@
zzhqQM&+1cM_-f|21_0}KVRirT^7QcZ;OOx9;PU+B<JtZJ?CwGnD_xpOmvl^H+0;!L
z<HXbMNZmyFodNw^!QMal@Zs>{@|&~0<NfyvvU>UU;M={ANA~S=4Od9gixi$H6iVQ0
zKRF#Rjhr2PdwIO~;Q)63C$xUt`=RZ<{^?Ji`JaaI<F75<nuR6FK)2z%sKNhY?;S$@
zU&k8UkAC_8YhD`Yzt;cTY74&lN)z_%<ZlQ27ndK;j*zJLUxJ#JIMyhb!n^LvAJhSh
z%FLd)EPaOgl^kwvG<43Tu3@IGn`_yFzx<^OU(e&_qR13C7N2HuQc<EzMyF;Soh{0C
zw<V-w8u3J#6Eo1C!VTbhNHJ%(K1#PlPi>VEi8B&SA)(gH<yx=S)YO?#_kM(_2(VLw
zeMNjV8qQ#w`|M4Um5D!B*Xm^~3O%eMx^{s?wlkl43Y8&^M&73XvH>8;z;vhp)@Y1L
z%2c26)4Riq%l)I1<Acl7y^Hr+w0!gN@aXON<=exvDJ^gB=u`>K!w-A!4%GbWg8MW#
z{m!dq1K|C^(TB^A$A=de2j>@;r$-;(9UfnPe{gnwcyio@X4~KNw^X_B4v*g!@2gL9
z-1axxej7`E{N`Z);%G+U=D6c;yi_n7LLzw@9!M%=!?U}B4G$77q#dzFBVw9i>5Zgu
zXy{a)j>=%xyMzc!na@gt*F_bbK>-23(NLE1r79#UAnSqVU~)i7lnq!6EEbYPk*gOE
zGtCb;uBsi?O!=2$8}K}<9IoEZqyL@Ttc9TZfMFX0ow*15vY0w0Rswi?vj5$|+2#9_
z^NTJtWsr1Rt*fj@)0j#sx*MA>w_8oO<i*kX<^I9h#oNQPE;LJ@-ku$Pe{j|XKBj3z
zCL8$e@c823-Pzv7;mPqO_VM)O?d93Q(ZSyN!R683HwQ;uJKnpiZsD_!$Hxa}xKd6J
zs^0ZAebk0R$b&1Ib~oC7r|oxkypYAAj-iSe5nU*HRZQY)9c{VwXrHI_(&ZeIT<Ht;
zy_kD=Qz`I-#zI68WN8FFB8K>v7t%4-z&9F%xzzs>6DRp%2+h^oi<9pTjxR6%ae8pq
z%zxu?R+rOO;80&=&VHph^X%~jZRMzzy(12Ir+UN#65-A2s;7Z0I8sQSk^%JxoDU*O
z5~f4m3WC@f*0TR!y{$~%I|LlDIJ;?)QMj{}H}ch25DZ5=gg@QPz+*nHEDm!-)em2=
zfw0Lz!$_gxNSr$?;~^p*A~F{N%>p{ZFPP*phJxUE`pV7S)wSe0TyNR2!Upsw>$@-j
z22>&!>5soDQ_rLDT(sIg{^wA%HFyqxbqW`d=naOWBYjVfzdd|s+pjBZiEP9~>7D6^
z$KpOOIL-^8+2<)-GGH;>wtau6efMVwd0x+p^YCreAv2XsuBQBx$8lQ0U!fJ!aVyTE
z2sZxuRY#G#mr`=|XAlvk33L?jm^SZ&f@(MBAr-$3QksBw4QG^ulY2F$riKx`DAftd
zL@Q5~P^KgV-iIWmo{`Zs1Rhg`)%{m*EiwvTwmh4XYhR1}OwiPLxN_;Q{}~Y$=lnIG
z(k%G!8xjmVbC$&@+=N5Nn_PZ4Vt&5-P=9{Ecl7b#@*jI2jxN7FJUT$3Li&=XC5iS|
z6fi%)Gw}LQ&w}ui8UT93B((3(yL0+*8AO!CS>j{o>r@_3OXfzysfF|blF1>BB@4_u
zOhz}g>Q&dp>4k5`Qqu*es;8=Yj(Kwa{^U&kyXTeBaBf8|2BwR*kvXNBMS(7??tQ#?
ze{g(pxUX@**I1x3eqCt#Eq${G61Q1H6ud6pWT_4HJ?2kFkLGd&!N$FirOn@w43?Mj
z#w<n5!UYw}rcM>AF@g&H!m64zdSgO@D>9(qtLc<V)+d3zfyKEW$1D4+zxL(eSNuS4
z5|+|S7I)#LT9il>@$1VzVG(YS;{E@5H>_<m4}asvo<h7buIHP|EbfBX?6z8~x96Le
z-+bKv?%?7M|5g@+)-KNuPET}6E7{z_zS#81i2TZ9a*f(UsrCX*DVZp<P)9zqBv+Wp
zwFn}Hub->VT&k69cXdr^#@h4Vqu_ZFj|cD@;A)#fQ?$@E@S|UL26(MjbN#siro{H8
zWFxw}x`uw;KmEI~9}75Z`96XLh<@Dl){h-;^|k<Vr+!)d?pjUon6tGp1=ihB@V{==
zZ7?i^k*DIa$21T7$6TJKRM1#Xf8C3&$wX+Vj-=3FM^_<B!An4=_Gsx*x)vZdAxHoR
z^5fajU5mvbz0rc-6m{PG_M2u=Re3E4O^H8OriR~IFD6V%6OMVcZ%k?Mw6mZFyyvMk
zb@kSA;hl@6n8bkvk)sQqM*@qfmr|lNz2`I-a%f)goXr#(f=QlEAkE^ggPUU0(rnd!
zd<P4){uSjj+$3l|FXn0CiI_K2b*Z|!YRnK4B`l`h)!VAAzQp8G%7~+3drG2s*Gvw*
z9uJG1Ch)9_22M}TFWmQio{pf2E7-0Q?SDJ@MvLL*RH>BqcSpn+AQb?)-1%Yu{odIH
zt{y+_y6!pkW*Vkb(VB&42jA+N6_2S?xyHpu64n}T*}W&x+IY3o-r4T7WXc8unznM+
zRMj=DR7s3mu5nwNh-MSBV2-#IAuFx7G@)@w<6z>Q2PBSJJScC3{3qG#se3B>KWd_|
zLCjP7gl#O?|8H+k-T%AQ`Evi$=XqA(lt@X_7<0Yqp+}!D;Nr>Rfn6Dd-&lc*Arp4T
zR)84ND1t%6d-^y6iw7_8WQSy9iW-&kp2T5e1!6kTI`3M7oB1@<XStrO`*0FR6EyA;
zjS?g@1vT6KhX3~b@?7$i;tthl#AEn=|6J+GqM_z$3;)&VH~ikOX$$|gFNTAb`p5nh
z<G57->XG0oOY{zN<7;1BCylTD9=U3K?aNWp`1*e~R^WS*GM))Ie0v}oz7bCipM{jP
zbh(uO+-TJ3jaJ=lpk>(lXA>pm`M>{u@A%!p(aAf16h2)W^XLE0=H|=l{Xd&KJ74lY
zf0k!u1;%av<%ZvewT<@1me<+vI-BdbzLq0C8{XnT|ISPQrQdFN@PS;>`jjcH`qU)a
z^N^)ViGV&&bN4X(@NDb#>z~%{zoFUkTBWUJ(b{_bdL7n25GjX@2>6C%DZCl^J(8u^
zV<bhVAVtUPY(Ih&JAPYNF2Z1SU@3-G#RIBOcP1&7GzH#=a<WV7b-}0;B8Etb?Wdx|
z_ByN`WmiPNnUd3Q(oEn_^=rN1!ME(j;sXXBbG@m1juvrx^;9^$QlrBL8I9na1Su2p
zKmN}c-bgBG=cO44H*&Zbhg@)JFBy!oNU|itr6d?47j3uOPlM-nyR8UhlBMgy`urS(
zG!Z_tRt6ZY6^ZonsfhG)-Rbtp@x|HUHy<w!kCn*A@TH@}{e$E41MG3<se0Tg=11G#
zEar##@UZ!@?Qc3zH!Re)xA7POwC!(Ls5`Hp4C+=1YUjzIc5<k%3c5ZL>SjULomWpr
zflY@3FP{w84F}hkPloG;gX_+dLG3tDx1WpxZHEF|{??N~-SImee=7&O`9uu6gIlaQ
z*o`Nm?2iAspzO=Gi)`oBqa;Dcf!cPUzI+r^rQqy^AtXFBDJ%3k&LeHwC~?2>RN{VP
z9o7!VB!=&Zj2KCSVRi*?4zG$|rZ43~E(S$&2fsDhP_r`Wyg{chMQopFW!!q*UWc`h
zqY;&`&&CYiWa{sLjoG>*J?%)eUwfU`kCL8s`jzT7jmI!1sQ}hDH=hF&kfeOfLK><r
zzj`W_^3`jt42)?iK@KVC@aany!hps!%~|5rQ>jU>UZDmcC=eJaa~<1Z0gxm~ISGb}
zK6|H!=LcusADlrzq6qc0S5Kvayn49~YyX3UKa&v7=&yvqn_ux)TCbxWU?w2wP4b;-
zMW;_$taor}s)tv6QX`bmR8CNlv8QE#NdY}NBxA;rUALY{t=Zb@%$hrC7E3mw`w<ZW
zQyHj<qXYjHN}8TerHj8(y7(#MGKDiPekF1eTrqeP(wi-sdYPbwb+Yp+myYdM-o|6J
zuT3o-|0~X(f|%`snC-`iqRo6!a3yV$@*edfI;IgwnvPhk`!h&MKp~+i<C>gXPu01t
zby!PC%muu`|9PIG?>kLOOI={0cJZ0*6&4RFy_3U~XM-V*$a@-%%%O@Oo^5rWN{HlZ
zaEblSNz5esm0FY2TA+uginzFxDSADX0C?4@mslTgi>pV1D^Ob53-#|d{=0*sNhzzj
zX~|+d{Q^4D74h47D*SdFOLK{7`BYlRE2VY(Eh91fjf?;Izu+umzrq<G(UilRpMU0(
z4A&jCJr_wYy^WnmsqGy{ZGS4L9S7=muChKBYTGdewsK?OaZpihckQ8e0rpXv@J8X3
zi`baPRESe0n~<4PN<vn=DtY3bZN1v85o{sr;}vmv=ouab7RGT`a$-H(dbu-GC-mS@
z?>MN%mS+-ptWanD2_FAa*eQ@o43+VIwzd5d)-Hy8L<EEs-la5VR4vhPL?q8rcq8%S
zAo4h-=B<-9-?AHoZS@dO4yl<G#`&hue+_GYqbVIt;C&X$Yo1=go1cf~&wBZhU!+%D
z%BiEAU@GkA+1AUK4kJ12*?zc{f{e8Bq^NDX^RfN7nd8p#oW*y%jrOBvxx?ap8cc$S
z0#CG;vc%IY#z8N%In~ikSo=WIfJSh@f?-5ccr(J^omcIRbu$G*8nS>$8dfeGEZ`&Y
zo^5ruVeMPeV<d+2U>H*tDu8{`6KODu5mTB(EFeNhe*lIXBlpKFQk_J`Baz^G!|Z~l
zDZ$P6XIn2{!P+_LP10Y7B!-JgJn4}M9m5-8UphWRyw{ue^|=f5EmI(&T0tb&v!O=<
zNO^=B%821?7C;1U$CZw-tEM}!b|^-KMsUgn2?<=JyvN}UOYo<B+6l5<@XPjN-7f7~
z%-&iPh3ohP#V$@fjzXtB!)OSGJjJXET9w5SJhV9(^{AqXtLzCPEFYroV96?c)xZX<
zePF>5-QcmLQN-cR2w(WZyjXW+MyDW2`;k7QjsrHQ^wwh*9|T*c90xp(DV{#R9Fdz#
zGN6!<l#FmQ<k{BFtA+=sDNo2iwP16^*%_yevXqa^;J~xZotHR=C5z!C6f*sP|92Ms
z$NznW6Irs@=jvs^B6c-v3feVBEAEJ;>C!0=6;3;jOD!kQrnj;2IG0+T8^g>H#UanF
zXm}2NMx#*oTYbT}CL7VB^um}+eSWz&QU6CmzJ#^Ch~6*(-*7dXX-eS@!8fm8Zmm1+
zyiU=jM>zI({MRKXVNR%x$84u5sEUm)Y;RTnG4=`srUy{PFd!2$p?-e4z4di?UXfMl
z?(S1@yRD+lmKOW)4UeKBiBL=*^E1q}Xr=y;3yE>`dNoniHmeL%NNcS=2rZ=ZZ74|w
zLRH*=wY@YYG5noGSE@1c^ELjpUNb}JjZ6t}JgY8HRm)9)XItAHSlcHN?ZJBz3zCNL
zCQv{9q5fIN<NG{DL)+dMYF8ZOr+&nV+}Xk~kXZfkY-?w`V8nhF<7Bnj5{d|XS6SNW
zn0}ap^iY3$pkmwvxpVt9tbH5tR4tX?&@>oI9)<9xuV48+`)d6`m?#$OVzix1B2~`V
zO{V#L<~-ZlRx5T&Lv*BlpefDZP2c?XN9woT6pe9VGRAy7FausfBH}zzFxz&!myJd=
zWJJ;kr=?x%?V?~Ax2^DQ!&<mW!rnH#(f@x?!*xsB;Yb;aRA~|z*u(p%Wurgq+1BQ3
zSo@AgKNC30f}w;rSM8t4RUsZag>Jg>7-z|j|7xDVTY7X0ygCkEj}b8Scs+#l2C-c7
zbsppB&JjbXb|Yic>ufy60l0&a8q?kVj?zSlE3GG@M4ML9o^5S!+^g)29SS3^Y3hZv
z&te+7S~<d@17_?>l%<}XIj%4E+15s344x;HDC<wC{|7uqmqyOT+jd8I)9ZA+jmL1y
zPO->s+Z|yIwOuEB??o#Ev|Rvw#Fo_#2BM%?MkPPt5g$y>6J_`B^H`z46dAQJdbYK>
zp#*`D69WGr19)>qQppD?NrtayDNgRH^+`{T3)P`d81@HAidh|$W{lG(q)AG(Aw}ac
zOL>d~o(B<Y@1$PFNu0+KS?P_Lv3R76G+eCI`l!m)9V;rGA|nDpD$PN6R_XSPXf^8D
z*2e2aT$Gbr8<5&kKxOelJ21{^z~d0js!fG1{&=>v^(yCfKBj5PQ2wI!;@e|vs!pn9
zpooYVs%kG`?K`RziTxoFJcc({>X#qjuaZqyQd}j^N2Hb}&$hO9>iwR|d`@_1L!<Y3
zEa{E3I(Cw);{i`o8pvp(V7-R5@7a~)DIBp_DcS$=|BPU77zs&332(;uEh5DveC1BU
z++-<n)r09=w2@EAwzsi0r;P^^&$QBZT6wttV#nE57Q;-2{5rn0PO*MO1~|0_5%1|~
zpz|E+#P-j&Hn)`;d&5R>L4pk4j3f!Nx*jX=Xwj=ROquyO(L&nG1_Sjj54wA{wY9O(
zuvhSY&V;sh?UINZx#T+VSKGnHIYPra)_S(Jxdm(QNlKy+-e&O?jo{5N#6MIM=VgW1
z6$HZgEz}ftO>`QMzgJ2!zWXzfF=t^ed&WG<MpUcQ`fq*mPA@VskCj~{wY1WWJlopX
zSu7apoU4J%NEA&RbCRGN$5A1kZMC;xt<S{OkO~QJ>|Y9`5=)qN(Ha%L8Sz|iO=+w&
z)OY~THec=J)9@svVtB=3cq1ge+IU^>gTbx7WJpIeC6Q+im;=2bqa-p1Y)x)6-|h?;
zf3bZXu@OT8ZEY4@-b-<ssFFOBAxim(#aHO?z|ABbD_3@^Y`&VSeQv*Wr}HD+k2`L3
z)b>sxh#n1f!+~mXZNGk;>txf>F?MoM^SGVg9e0~$d%J-8@{yrI4%Dpz>dxbEb)uuT
zH}lbI?|ALU(6w!y;}r`8tz&&A%g76n?}dJsCkDuO->hd43=_9^8XjCILBL|Lr}1ml
zJhZnBkY`)%ZAZ-M^S|0RYjtAdC@fEy_5%05b#f@JqDKNhpS5}pt5;*1_SEcc7bM;&
zSa-*3KisXgU2-OFZx&#;AE$M<OHkVm)W`VXW;uiRLXybpF1Vv0s4uZv#ZcRYy)+my
zNdwh3JllNzsu+;`E)XQYW-&(%M!%jY9D7c4=CFx^_p*RTqNt|691_L9G4v>k>1b@v
z*W^pah^7O*V7#_oEOUSv*tGXusB&$GJ#va~J%-}j+9^Ce1x=`sz9bA);!IGGEM~4E
zA7-PT$6}_4@=DE~!+1<07V3G3It?ZYaa5XoIwCb<UJ7D=w)v_9YyX3e;ZP_E@a9)K
zX6mo{h4cSs@7tCe*Riv&H=hFZ-t}9av1IX}Q&&y>mTkJN*|Ox4<nB0~sWwGI62=sv
z@L;!g<tq1ih&)S@_ex>mM9PxwZuj&g+18CEngoFbV6AT*@iLkTv;~m_GS^hfZ*aQc
zFF45A<nfSoo?$AY2-r4F_+$YC5U!bGoPp`Im0!e_IMjyxjc?Tzt%fuTK%*_)sP*l$
zZ8c;f1T@;zjn=<iG*}G)%(BsjYP8;YRimy(;R5}MP=4(SV|R{Dx~B>$sR#_yVXDxC
zEYSs>PE&Nepwo;fOZqlhvnL`=_>}I8-X7`DxGIgMOM0KLgMGFL_V<wKG`EWY>D89G
zvS^CgMwmu4xZ|FILfHhhG)<?$*vlCWQdLT|C~=gf5Y$vDUG9oPv9!@r6w-ig1xrtp
ztEZ{`?G`bsQ4F{G?$h-Bs0qz&FHQfqrnI9e-THRD)M`NF$kXEh`wv|*app^;Z#s=8
zs+`~$ozM`+O9IB4<LOlYQqbPDbzff*1Hfd8j?7L7h0_Rv$WK#n-k1)U<3%${97_*)
zK;u;CeSVP8G(}54CNsg#T?bXBkssV;B*f@geU)CDS%Pu2k;Im6D7qOfg&a5ySA~(M
zDbWIt-s1!caVx_I*Qu4A$aESOs$BV5LhjH9n$iFKH++YV?~}~Gs|LR*WppEZORbuM
z;48=aI8O7a?6|E8q)?%?Hhl?FRskd`72VR<!5$V6wfq6@0QhlgZp{L-POVk5*{v;9
znfQ14+D8LA&w~X)$5~90g7xbR>I|`mpa>kI+oA{@xA|;ClHf&?TzSD2Cc$m!2LnG9
z4i#~`Rt;{tmwm`BW{<efZVCnP*!wVJS2`TSbhx4Csq{tH(z~hgDjr)`yNR*CA|g}5
z2~nA`Ev*@j-9eRp_g9)`Bt^&aTVY%P+X5<zg~P&;$W9_%Wq5Hc8yIE0&*o%>8Mp;Z
z3_F_46uX7rY33)HaJ=&P3w5h$J2t9x7fV0%BZ9^Ye?~Ay$3DLjksZl}saTp$5q;V<
zt6A%?RThyrllAt{U+ENBg}rN;$r-Ba8FF92?_3@^pr>eqk0`SnTKZqeGGD47JJ1py
zNE9)~mtt;PgYFmX?gg8k>9`iEbi;(;7`>-7VN>hF&)OV*?&c4Esr)B8?Xed@q>;#t
z1XoU~#Vd)q-jnirEvDmiq#vHmgscd&WrN#IWro{z*gl<YX1{E5K=-)~=5+M*Ic2PQ
z{&myW*{T7ZkretOj+<1+&KA=rOvh<$U$DZW&9jmiKH#3-jLPDAng4~xbjcW)qm1Q_
zG?v4dN^1XCj;XE9V2;*F>IF~b7I>8>k=V8}c%mFnN8%YxmLlTJv0PL+TaqjxYc$U2
z+K=fyIu=*t1;%jh+9@zk9smHDGTI12Vu`bA$aLy0R5@j9|0bVdf{ugrEX2WjrUU<E
zg&35I3Ne5$ISIBZ>yENhI5Mx%uGXy`t_Vg3U1drTv!IJPEj>fKJd9(g1X&2SV9m_@
zD8(CV$1b#5*R7U>#aGUIYio!Xq{aCGR0DayQ|UsF*k;v3lNzA~y6d-^^(=QszC9!D
zDxpi9EpT2;UPpNh=Z%Ka^Xb?QfBuQ1rwST@1b9jcB{{d7mx~9nb{W(=_esQ`<BEPk
zZZKH_rJsaVfyohD&yvhFwMxYqwrr%Y8m4I4E;KEdmGsfPknV+yYe$9&LxW1E`sxO)
zLW62`Sg%m+U1=|P9Pr8EMII{|lyY3dR`BHrU`V?F_2gMgGC_$Zo8iBX)#96B17LId
zZ*yasPQ8gLzpf*UKH}^*z=d}Y{F_d_cidXNngoi#^{Vv>dWgoh(}bivB1wA9rj&7K
z87~GFWbNfgrrqwSPC9DB>Yb|n%>dK|CI1N_r!gcPL&}AuFc{t{3*jw9SAhrcH@ch>
zpnrhV6gHV<p~`zqlR4`9d4`#^SfJxMyAr7jn*O#PTKg3SF<0bcY_iJ)-xGGz1xYiS
ztovk1GGyAF4yueOnEu`;IK~+|PT*&44nGSE#L^vnjoR<lwp(YRK$9QtirOGEsq`>V
zY1$pBt>6dr(NC6sjE<MV1ANncuIoNGU!kzLwOw(vU<OzIX~;KW;F2FV63{rvlLSP&
zX?M1VMaa|U-ih6>gy}S43q~1fQttRBY)63ce{+V@6%NR34R+~Zfx|q)2}Cl}xTqkn
zXvprYv5m#h4qcL%1n30c`@uiwJ~|Gk;;SN~-O*%hykhE|nq_O)VYhXwuhCVUg1vu(
zwpV_dKJsrD(hrs60>^WvADDKht^wfj0N>NujHi(@YJ;LINls^o#38vSVeUf#?rEyS
zuXGNRMun!`uA|BYWt==mUOvY$`VjdcI$qpIekk*<#ahxn9oW6>&A=JimnnO3JZF1?
zK%O3-dV)h_+Kna;$wp)BCn-8k*&qKwj)BJ+`_YD65qk>~OKGU#M<5JLw@Ds%)9Vx`
zx6qGUMurH^SM;Oz3C&mOEi!GUpgu9er;U9f7%dqKh-n6SU!Y3@Ng&3S#*#WRI>qkD
zm|y|8!9G(if6552v=O_d7oGD8k?$x4xg^R8`%DQm({49+Z&!2*L%H-<ocg8g$&z8q
z25%I9A7cez3-gmH$r3+VKXxI*n-v<fH4<hT(>Kc(M}*3YB3wAgOCSX_U7Ke-?Y8wj
z3f7#gR}_L#OuKEr)VOPF_*T?gHism=-;yef%H7}c1Pf28X}4N08+m&No8cK&$_N2f
zTmf#wlHftupvMVxE`6&2=<HVe(c4cI4%|S0cB}EsCQ@-{@f}!&X~49Gk=H%D^lD4S
zAX+NI%$7cr`m5r7Ek~$mev!ZIt8F;ugx}w^QrpcA(~J|6W+Iu5(i!7e{7bNFvB1(R
z9K9%rl;mRd*`4R?EViQu{u<!#$mmxUYYYy2v9tYnUFKJ88u=_L6~wl6PhJt^XF0{v
zF?pn;*jRryywp0AL|Fe#+qItO+Z&61j5D5DaFvjI65%=a(!h^oD2gx+JZ5Q3yqLD@
zyh2cH@cVq4$5}4M^8X(BMohb@F^8qdU3BJdR|1}*HuvSSjlWxG14Ai9D*91WJkXby
zF~y;@rI~i4v16@+)DTrZ)d^J#KY^H1nXzCuw0x`U0k&VYp12!S#7qQvn$e}qn}#0m
z3Tg?_ZMpjOEm$FV_O?97n<jUx4f|=;muXi)fL9rc@q;FotMoyuqeuIMPEy{UJn{)$
z>2Ohr6D$UZulxu6U;m1J^&`BT`sjFd$G;uCjBGFSX{umT?$Uf9*<v#l)OOn($oX-Y
zVDx7{2}#Uz>)=Z5uW&{2G^?#?QP6e1erYQ({b(_QJyknsiUxg9)n(L~?O05PCvk|5
z{luT<X))Ngpr>qunoKdVI=f7!a<I~534`6`UVp)03n5=tOB3)3Eyw$^qG=(7k1gzi
z|6JmIB;r?jP^*Y=Rqj`|jP1IbU!0&ToMEQB#^^Z0U%q_d0m_d+qrjO18e%k|ktkx5
zvbEbrm4C$R9Nl1aJYM7xS>yF9=u&WK%kur)GZr&=4sI`(saPZyju((Mx*UkIx0|*$
zH(E_i<0pc=*swQ~atlUBNfFbwEL1u3?@5S8G=(IFko`*F$5uPGcvR#Vu*Jx0)X*7v
ze>&Dn*m6;&n`DbTK_3a8Vz!dmuV&-Pr1OF?pU%+j#_0h$i9)79N#B=kTPoQzhKXg9
z%($cQS@;D_5~!ao{21+(Po!kMZ9||McVFpa1O-PGel3Y1t=5kH{p`B1d5ylREHN8F
zR0G3(P(3H3kRv>!Z2kAH?wjmo4yv60$G=YrMVEf&-!pPUwE{wy^0(gB4ZS=Zy#>E^
z`PxE9dAU{9250aHuOg;#>j!Y0B?PC%dQnQ~);mwI$s#Mym~vy<RvlGNAQ$y?LD%Sb
zx(+<g(_`0QTq<ZU8fqbb&(g3~DnzQ7V4q7*5$jik;TBkvcxVNe^VI++nQ&uCKktTX
z-L&g^Qwt1hbwG`<)oX9dXSaj7G*E|{us1iP53D3CGm2IT&2Ydl(nzuq3t~z|^hp`w
zmDNwH(|H-`3Za9RrN^L1_d!`7AzPmxdNjPATwPB-_j{MU3C}?L_4>pc4ZMjr{(Lp;
z_did1m)`Jtg3QKtL#z;=+lJU~s1Auzm8?Vcs@>kb9QarY)n2W-9*YQrl#gznJuaWE
z3*%ER?vk!XD6<ctVjR&ebc%&(wF>Y}o4LAIJy1Hhs>=w@Hkj3HJ#DgNyN!EdS<A9N
z5Ng4+^qOGI%3=pg2?uwG%%sCC!5P>)iLen{&8AUBX9-=Q7-L@T2L`|yl!)r%nK=)P
z_>viOO+v1f5N9GMirq>h5iB77&1S8otSlWxd8S_QRrGCi1>nsHv!Dt2jqSS#;F6zb
zw8|7M@SON599bvvx%BIsmfg}^n%yPF1mzppFr>&ftwvKzud_cRKSe(0>!Ik7K7F5&
zv<`RcQ>YY~XpH#DF9H&th_j547tZDDO{>u;MMN>K0uRs7e(`Lp{Xz$uuGF-ED*@?5
z)`C<5bwm^ohO!_AthW>v%JTlp<7ysf{(O!@RdvB~<%$DMg9_t}S}{Q}YQ$=?2|A}t
ztElEHP*cKC<X!2u6-u$1YFD@Q`e+w9Wtyx0LH)j29-%a&D@HNJqgwjmmVB7eMI}WA
z3z~4t4>S~{G8X_sI4!5~*i?Zt9RtSh0XcY*FIRl2Y{vk#I-{7<!kW5YO&)?!G*iOi
z&e575`N3m}1f1k$FLivYicU8zn@z_@h_x52oskzt^NyDyL1RaPH9t-BB}TpOr3huS
zEUVZBq3~_<$_THu1vu=PVb@{UI<Tdohux6V@njPgmolbhD+`>fm^_2S?u*)Bg2A*b
zN4HTgwDGcj)WJV%Bh#w4WrPUFDVu7jRkt*VkUF@E=`sO3_@a<WHzIyo@FMtWO6J^=
zXSO@MMu?Wv1q@QkmvG&}3yc3LytVb>F)~`!RW5_0Y2`>-2`<U)=~R_J1pGaAbc6<$
zsWm}@LmX$sk5XhdU0v98i`!DisG4rO05QkT=hN=#h4;BP7<;GJBagq2UmH96ve_vh
z*%GQ$8QnxAs0aq2qmNQ#g3sU?N_AjSYCNamoCcyYE(IqEL(jgd0~9kBvd;t7_vL<S
z!DRE}bmfr&oHMtiD`fL@0sil{T5OR|VszP?AOLufoFH3bn2RmB!En+$^^n<?rZ^Hy
zwNA)GF_jy2#agP4%nSt3`VbDA9YbLr%ELypf^NNSIfK*`^#$co8X-xbfpzJOqmpcg
zf``vcM_aDjc1w(Fjr~N#E(*P*ib%GfB0oytTwFF;$ZV^k>{iWf$SJhs6i!4?q?EHN
z4n@c-4QK#>oHLafc*3JHWqNrv%W4)6%ARs&9Z?}<7Q*!rhkg<k>*C1jk0t60+o>+s
zrQr(rt{J|E>Rou{C&j}#mVWHdxx6=94H&Q=+#!FpDxCUTI8+gtE%)12_A?X6<h0qg
z|EHbC^y5Dp=RcKq{C9fCGv~iquH$Z=|7JIxxAUKV#OLRq(HX~gI6<d4$;b>!Trw#;
zOvs$X=#QvR0vxB<FiyA$m`6kM7+9gK_Tr#+h;C>u-2os0<_X5qo-qS34o~4^307Al
zpm9hv2fv{?)4Ab<RA^w9Ln`g5dMCRx&8JI}WxQZz;q`|11>USH#zL<dT8}fRIhJ4&
zZ#*Q7zX4ehV3!PB&{_82C)g;$is}0CNLfb{k&By<`64?+8Ob7iD6$$doZu8RA1<y8
z7++~HH3oq<#>ZG@nnTsM$Fw^;9Tp}8C|NU%Po>Mx6@d-|dNhsb^oT2iN6PbjU>K}B
z8*UMP96FEmNN`F*oT3~I;;d_*nC5b%1?yibN9@W0qhz)qsZlt)m85b~LeT;M5OR;j
zS$yd`<J0LWI=QKiyU48-j-?31jRC)}#>OGqN{^=NYU&@kwffOP%`iU0A%!A7C0)=w
z3YlnIGrbvzNfI_IPzastsM~-}?ep(KIF$MSnfJl#53er0!Q?xh0QlVbpN_qG{-0|(
z%{Tu4BR-n_!y)PnoHD?~*>swvhGErI(hZ=*JZ8){&Cn{!=OpGQl;7UoPW^NN-}!OU
z@K61uW=M;iGbDCfRW?@sRhyGcHfz{59$dzHv*Tr|OEvlbzc*R`*L=$RU#M^2`5n*f
zf4kn=#D7lRt-tO6AMu$iFsSeXI-tsBZ*pK5r*yRjNP{ZD0n=UERZw7yaLc&T$@U}#
zcr{&1v~>tM(NJP^;U{x^2qxHgjaJ;-K&P2cfX(<QpsTeZ;DSP596+Wi4G5U!%LW2C
ztQS?7@ZKAXC-x2wxhc_)3?bO%zrb=sbHFcILcmpUi1@kStPk?v5D*|7Tno%WU25>8
zf<x%%AzIRq%-CNH!-B)>)5T%I2zAKdn*b+(1&<&sAc~BDt_V*<EcWhD;6q-$AQL14
z!_>n<6ogSDA*nITlbECn4uC_7QhK->FlvbX&M+pB$xH7sjD=6I07}pWHUWha3JOE{
zJXcg4q|UId!7j<+B<%HR=7Yfvt!To5?8Y!_hB3MD(0F)0`PdzKs5eGeqv40%nRkZv
zx?|KE?;WC#y~)M!dV)T7N2Bgwa)XBFs5`hpzxD=ahsgVftC2Szqv6QtU0(Hj-q|7Q
z4Nm*lXT8CDbaFjGgW&{$-_JWklObX+6ixNKF>CD78=YQs2b1neuiu;892)1n$$+(a
zJ{+Mgy6TQ5z0>P{cZ9C4M_0qKhq{9^G#CzggY!{u@ZJM(gn9!s7$Wb3H<+ODMYrE)
zuQIyVlZ)Yq^$(p6uWm-Y_ZJg%G3=jtqcJ-1P`}qb>3jTDgBx_(@AfVa(OLJh``&}6
zhLa0#WU$+K@6g8!k6mK#>kd%&bkZ9R*f0RHc26gVXfhm4)T1AJWA6}kN4+s4$oXh^
zd1x?l4$s*wy#ae};PF-%sZnW0h9mfWJ@!<C=*;W(dxQ65)EkthuV(x%@bUlkPg(w7
z`gfSI*6;g{=j=Z%*V&Z+ZmaPo|9`~ieQ(n5o_tm&+Rq=n(U@_E|Nkf9D>gQ7L4QKE
zY`HqxjA5$&QrXqofnn6HE{21fcQQ-|e^$>Kk1xGL_zQSjbxR|!?{&u>>sN^Hw?6au
z{RhTRKg-k4m@tg-!{f*y<EP^-Pok;_1gMe_H66RtY<18-89)7`Y8m`edDOcDeg{;d
zAo08kNr_b`g^CljcmJtg?fm5rwbGwG{tUONSHZ_35{QpfS0Rs>-=?SycNP!qH;gUA
zc!!4L&y$-gAlxsNbb+G?<q)S<P0_!gEJ6F9-sP(mPTu`xpM8($1AIT&-rU*n<Dft6
zo_)R^_0gZup499_{m|N+(s_ja6-kR`ClOtjQ5vO>7S7QV3uoIZ6C*mP`pdBC?rrTS
zoA{nS-tL!5vEK*CPq(j@<K<mQ5>#C&T7@J5YHhil-4AKo)wGZHHeRuZs+3)P^wb`E
zYO$mt`s0@!HyBKztul@F9s2oa<ncmr=sG5us4y4Nz>lJ}@zZfx0j|!_KHPEi2XLV5
zquSGAy3GH%yY74QnCJ9A*ReMEzuj`&H~#-4J|Cg%2A+f4kLwOX$CI#Ks10AQB%ahh
zyeWxqO5&T6_`6mTtJSJuoYMrnWZ8lwAzJwf<dQ5`GzO;|1cj_<0()2$JKf+zhbUXn
z6dQ%-*izqcD6t1A_$?uGhx02{`f<AEH$22R5i8H|SC9k@DO9rQ-;Z)zmjB8V_+8)e
zod3sl8=Lx{W7%)=|3`c_iyi4&R!k6(RD=xiK)@9F8@GdhCk`;*wQHIug(P<)h;pVu
z))3qOP=KpY%IgrVMA;;KPw)f!#2zjQaP9pKX^_?m&TMgvap^SUvZ`@VGYsY1;;yYL
v{yHx8(5GTp>&9!#ZqS3;-+PkYK5w75&)es3@cHim0096094yJg00sg8!GK?}
literal 0
HcmV?d00001
diff --git a/chart/charts/gluon-0.5.12.tgz b/chart/charts/gluon-0.5.12.tgz
deleted file mode 100644
index 002bdc40c2d4eb3144041bde2fab7d61a60c84d4..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 4658
zcmV-263y)&iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PH<!bK5wU`K({@mT_e)Z%9h=)vKxAt#p#kWY#$<$z*#f)s=!s
zNJ2~!Yygy_cCx>H3*aH}rVbyI6{_M$<ii8-fOp^>_RNcDU_YHBCafj$y$3hY27|%i
z?BqoKKNt*({||;I=MRP_=cD29>|}6u{9rH~9gmJ5z~Ck(Q*03zh&>o=JyvmX{~`^A
z<RfOB&|nOUQP0KPVI&ml`xCez6NcCl{)Rmt9C=7!N*Vk@X1}0d)(eo2$Doc-Pb@<`
z1~2Z=TckJ#)~Pid_3nC^`&QFp{ukH}JtQ!<KSzRiJC+1({C|FYR^b1Wlfhum|F_Yu
zuT8Lzdg>ThYVUo_W*DxB=Ry2YTv7PvlUEmzof1HS3p5g8BtXnDFw7%QSiKK(!a<-*
z1p$aLv;;Z@F=rUV0(lYU<DRLy2pWPz1A)Ja^htspq*RH!VW11l7;!O&Ll<*F0whIK
zzp2XvaSVr?M$Eze-jV(NdrvOX#ZwYsFp4WRAOSd#QyTvaQ^L3aD|@_}f_%xS|4-z5
za7Y5ji(D)}xcDnrFzhQ7efTEFLXjun&?Sz5{%VBKYe6z<MIvb2HQpO-b`pCAg#%Z9
zY~TMP|4$~Sz+7<qv$G5t=G>vdl+1h-ZY~sB_<wkOKFss~XmC0_+w=czv@&a`?YENM
zH&@#)`6^=;G6n0SVrXkJQ9bJ4SU5lv532*2GdG64OA@$ac&f&Dg~FbX1#*!<;~qe4
zTo~8aV8!O?Ysuu_znl4~89e|L1XL)=z-3PWV~#!F;&XdW>7_9SIS-RZj)OTb1DIEs
z%;v%vgJGT;>OCheb`Y}&7lc}b+9ddb9We%Diad@bkcTGNOU9Gf6yJ;?S!}WZ9wG;i
zK`!DQ_AugDEkiw)^hg(beGP}!uf)ULdg0Lt7%>wjOSSO`+eb#<dctE`!8Zt`$Or_C
z3M^m!u|fpa?Q<qkR+2Fm-BNTNCepF5ZFlmz{ybCz=*L0<CbF<XLLZ_qlnb#sozbEY
ztp0e{jCW63tNafaj)#c9jY-%d|3_!1r$zZc8lLRs|82B3xezWKON8Fmg1-hL8Kxb=
zLQIe;avH}=VMD26xWGXyWV=J_Gd4}LT3x+O;l)SlMLvEi`C~oR6)qg3qlUPj+Kq?U
ziS<@z(sDr=nn`MLp3tKQP<$FwVq<igfCoT|BCn{6lZBY@4kPz}7!mkQ;NTv}n~S<A
zBmfNm5y=tbZ`thDoz#2sC+?(#*7?|~!X>NTnewg$EOU4>U?rosbgAa|?wyKkznwXf
zip+ktYr8rFHz5C8^*@V(0JE(;Le2VrG(0~&F6#fm`Dm~IZ=<ydm1O%1CP08eX$m+z
zEU;HU?b+9vDp8!&Eo#)Yw5A;3F4ShCH4|4^tQnrg-WfiIxey^A+xCozc{H&c>f1`M
zCO;=0o!CC&0yEo30hz`ZJGnp}gUI`fVAM;#xr94Xj4$m(eo5AQcyW9-GB1wL{sYtm
zlv^vE)D;o)@=nCsy>BJTzHeo^4z#{fc{^cL@yJS*VfxM}nGGSMUzbnc{=<kjBG>5~
z{1H(h_W~ZK)EdKZFz~a1GDV#q*CRgZGU|ndQ$y?Bs>dA-8V0VIhmU>Ameo(Y66TeH
zPH0o?T0@@EPd;g%S2q&H<FBYx>|M7*qm%kM)P3z}E^_QdjELpa*z=nhT~Y9a|AS+u
zj>lm2>;<Dys6Ct(p48t*+6>b!Fc$tAQkLT5m@SBdpEwSU0<p4Gt0fgjMO(D~i{ySp
z0?aZaHE6*ur<oe4RRopIK_QwDj|hVK>M4NBXsCZT;mO5C_MKtmz6reLJ4%J}MlHF(
z{ul&{a01js^!oRC!plbdHp5y$XpV4$;ThqAEr*uNspS*To{-rD1vAqjsjF-}Jhq0X
z*1*WmNISO`57bC+BhPzFJ>o3K@N)W^ink1N9Hf+XsPCh|O=)L>VNXb4PY|CQt7oRO
z`tmI!t6(UEzc>-|z~o^525;ZI|DY7d*tR|DAa72&7!OYegMs}=L`3=zzI{`){|h{S
z_bx*hA53`u+shB1pT2qa{O3XTiemvL&c3#saF=k&p9$}O$Zw<?$(d6ylJ^kr^c*cP
zOfU{0>Fyf2@vyWDa#)-YY|b3}$a0p}7Y?>Wr297W{q>yzIsH$cz;wZOA}**8zyJPM
z5OW+928iF*j{zC{lvE%ufj@c#W&p;)p;v({8)o#Mwu={b5P4qTsG8c<Ozz0r0t$JU
zXpor>42Lv#s7-mQr4)A~N7x~9F3}8gJ2uu$o1v@Jq=+%u$?4?Q7p@I{7=<<vbPz
zV44#~uQ+Dl%o+7DnC2WK*OTubJt`lpga7KwBUtfV8>LMmtRodV9NL^%);97onqWtG
zAPJs%gykOA*@!7+%oO9J)n=CV5i<NP_OQU44WS{_PT>l-!!X(uH<;#>QQw>r4<|du
z?E+Z~ytVGbTioTG7a+IKl3}YE)1xzPAGPyjD%Yko3fzo8WN#IkRZ--SYGO?`|I#H4
zOetyf;TkR=THi(WOuM1dH&F`Lij@Skune`by2a#<UL!@h!!Qo`oQf?7t07s7zWU&s
zkvTv8wGgjI^xP76MEeDCG2MdfasRa_o(#Dev9tMhMYkS_)8%xh?p6X%!?cCnrkQL+
zz`=E<LDPX2DuVDz-YGOQJ-q_N%H1VQo2xHj-y$&|SK1UM91^A@2Hg_Nrl8$9cnuQH
zobs@K*f6Re)(#})SC`4=;8G+SA9le}1)idc&s!HP1;`XZ!$RiN$96znY+FI-ceU1I
z3s+j{+Bwb0r(Wt;!{VSZMA6jNP_=9L?)rTb?Or?y8BpDVVz{QuL-$9!T)6Vb)h^w2
zi6AsU-bao1%koHs9vmjgURECtw3LsZHd|uu5e^n*dGp(|7oVTLdHw6l7oY$3=GAj;
zM#>dA21By0QMY5C)&1milKWd&&w+ZG_<mvhGZ+Kw)H*TBD`zN};ner>42M{*+98-1
zRZy}k_z#F(B(VeAD1udu|1((W#|os~v_?vk>+1sY@869bJ4+Hc%Ia@L!GhPm<k(?Y
zJeMFjlrg0bE+50eLT*VT@(ND9zE;Qd;1UihNt3=`sN<V@8=KrR4Kkx{5jjR_?OV%9
z?Ovkx2Zd;I>yk<yd8mj%gK}_0jjpl`QRZM)PW=+iWs9A_>!M2>;uRQUZ}Midjr;Cs
zt_iZbnO6CxYH4kZjEZR(CohQ6w($0@xpTuX7l?_}^Y|Jsur!-u!?55It}@1)G<kA0
zku@?WYYaB*hhq7RurXYJ&(EM>k=6p{&CYs!Wvj0iwrs7{g62%JTBxQ$JKJLEajG}O
zns=zn0IT@p%3^C)E!`B$+E!Z90R?WS+^e-xu1bWgF$2S@^eZj!A-}%vn1EF!7uv>`
zS3YHdW<!R`9yL;f)PQRJu=dwoZ0}mOXp?5mE6$S*7L`R=-YacfkZmC&3nZ|a26;Bk
zf=Ut=c9N~Web%Dptgc8ZD$IO>93w6~Nt2Lj*58aq%h<3wB^Y(3=?{=xw*G#kODyk7
zk(!%ljA>ie?=-b6D_5J{X4zw{`CoDwe7l0cw*2ptQvL7w`DkDNcPp)p^*K_^UYQ8}
zK9>_wk;~PRAaNJz&ufW2>fzGrrBtv`B<7TnKh?CX%b&PKsGZT}9rf^9)Q|(+5j|Ms
z#YLGYBr3axkKvPH{GQ8=hEGNolH}^$0<%f{TtzI6$6(B`kpFpvtN-ILsqy>T6rYg5
zCBbY{!v7L?Uz`5Puy?f$)Wh%aRANduqG8270PUo8JYPJTe8G-Tn_bDjJLKB6_FSpi
zE?Q5@qMUiutiBcZt_Po;y`tfC*JAp{TD|^{e-XqE%70tyf6tCf^<T%wr+fW>8?BBz
z<K5q={I|+G5Th%5sM{;VlAcL6;Eqa&bF2HID~J>FZC5?qMVyxo%<gZC@?h26@6z+N
z?S-;*+BUn`RdY|b!sOf4I&JcQ2jxF4@_#rQ3`WKK-`V+aFaK|&wXk!}n`Yhv>Azhi
zQL?JLDkK^X)+nvLky?p4;{T18DVf1g+9`>c*Kc6<JyvGgwk5H363nCx{Q?Pmg_cUd
zdz4;AAsCCH0Y-AuFp>eyxUL}knslGV-HpCFX({U2dx1oxv_@eZi^p$PB?9VK<>-Ac
zC~|*69ts@HVhjm7%hTU9V0al1nRM3iS;=g)-tzLB>;0=zbJ=ed((u&{ne4z}vQrrj
zgM>!E#2<=&apyVZ;)zEPkE4brkT6M3NKjZL%wkCrSe^cH=BH26E~*BwB)AqFFw@As
zwF>-ScdK@}-mLURW87p8w_o|Ps#sA=Z<JJ8K17$|k}JwCNib6ZNIMrg%oUwfmz@*}
zPx7TFJ1;&d)tKm26r4Hv!U<LO(Ita5s}V_(>$I1pq|SR#Y>=!ss~phRoaWwlT6dg;
zTP_cXDY8OUk<h=pWY<zAvejkkQ_3Jd^*{nR`YX7!kav|4>fkyC{9cU-;wZTwL4^NW
zc#~VD0-XEQg@6CLLRtWbQ-@8{G%8=bi-LdzvsHJ?vZ^5~P*`^Ls4fj~-PUZMKir%p
ztjWeM8M?d9c3h8piqZA*$=Byye7j+?<7!wbXq&U4x2IET?RLouO|`~7$qKE{GfXF1
znP-^3tV+?-5>30L9OlNktCYj0^|YlNmiumza@aMYFdcO3gu)V{?Gg$b(Cs3ju#A3-
zgu+^6yGbY<R%QhbyCf90cHKCkutIgLlTTQ3quxqdT0yHcYn1xs6yS~ZbF`|JO2<^f
zmc<s7$l40zUZ!%HntQY9bDNX7oR4Jwe|0hI4!VA40_&ge+5@?7ciAfZ|5u0z`?LJH
zi{NjU`0vTE=>I=G-~ay4TWMuUD>q*KFu%}AhXAky{X3o1gaDGar4T^+ygmd_=(*bf
zuv%Y?xl{Nzq+FOJ-~xHxWA!BpXAHUcCSt)U@pl#qRvdkU5#YKbvuy~t`e;=H)#>N@
zgVu~^bN$@NK=&;M+$jIQ(8(_T6i7?__jq(%%>O+*8JzFs|82DE>n2{V5B%P#)Sn>X
z%vWijf2Wg@)Nc>#HtU8jbaI1=VJMG?Q2`QX&6=UQyc=Us4^?OxyV!j^!Bfhxsh+CL
zTS9}!G0+qdJ$jsSbUbUFIsgg=vN&4#7uz)u#pK9XIj5=|4FGlb!^S&ec3sa!1hq?c
zGJy<J`4`C5o}FBmmQY+F7$<SALW?^H$L%;+ri67}<Y6Dx>4swcs7}c-3zh!6#Dh1m
zPV+&(#D_N={q#yFM3wh&Eflpu@%pfM5*UY1#*>Q+mD|6XO>0OT()5$pG>~A`FAMo9
z+8ZrLW%c{{s-s;^F`Rr9N3sL}RP|h0{k*pODpr<rnKsWrclv2Vw+vk2oP;KStA1;N
zd|S(=G)+^Q@r_nINB30ucP~F`S7SR$0Nd_%xMK?dMS`mHoTtwRdWnOCKX-jr81?Wy
zJuRD;Yc-u7Ra^3do}Y?}uwF#~BBg$anNPSRHn*}K`k${;IdMjO@r5)TkwhZOVTfWV
zYo%p7&0rM(EzKaLE;nG4X(YvNUFV>{%j3_m6xwlp9Ds2p?=Txs<tBJHDSP_YX5sq6
zzcx-ztG<3vhVESWw;O$_l`>WoDRz;nT`C~gW`j1j<@V9UAHZ9=O&l>TvTQLb_hi<L
z>&+?MN@``3?TMYUPH*mD>soYA^eVGrpPX<nTO9wfq{TsI0cH3G#%PKE4^E5q-^0=A
z@xK1=R@y^&i-f=|;2<c(M*yzoIDkn+JjuS0{`m>3_Yl-yc;`_VXW;QU_B@z*bOOG-
z&X8dC7#Q}DAPcO1Et>Wm1#a&l1bC+GI5-R$o|3QFjW1OH*0<nI;4Og$s;8V1gqVRx
z0&MlHXYW717nI@NLwFkh@r;j8--AmS?^!b<Z1ppqe$Sfx$!zsAeK4Qd@<;lWF9Lgo
zXo8%}D1<5TFz+2%{3`4nSrc^GJF<i?KT}3#y`%r_J%o>l5gKuL`RqCGSs|m+u<lvJ
o#mJ7q8U50;7TlpOw)fI&-}Y_a?sNOU00030|L1z)?*NJb0P)xo-T(jq
diff --git a/chart/charts/gluon-0.5.14.tgz b/chart/charts/gluon-0.5.14.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..c99d9e0f44b4d35311fda2b49ee005cbbea4fb67
GIT binary patch
literal 4680
zcmV-O61VLiiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PH<!bK5wU`K({@mT_e)Z%9h=)vKxAt#p#kWY$SsNhaG<sV)~p
zLK0$<U<05Wx0C(tTL2G%H+A@!tXLICBp)7t2fPFCkY-*)1N-?LF=1UJ-+Ocm*I+Oh
zoE#mg{|AFX@&Cc_==9O>==5kb7z_ueCyxfh(cx(D2nM$?nBo<2f!L$L#(fnh_b+mx
zkbJ_76B>+RG3vRPJB)-v-9LjfGGT~a!{4yygCjQyOeuq3$m|ys%z6Rx@fg$=>WS+R
zkHL!@^cE@3fpu&Rk9zk#&D~XV#r!X@A9_e&ZeK)#cw3ePZTx?Fcv9g1qr=nV9sl3O
zb#r5aeb7_ez*1}PV>ZKZMLZAUkK&5LKcBrhgKU=o3S6L(2qOVvj)7qwdBW;_oD&WL
zT`CAbjG=3wQxJ28F)WZ5VLtAes)?W>I5ZIWt4N<D*g;B_xEThzz>E<WbJ%w=7bHMZ
zH1(UBOc2Mg&uPRQ-0vOO-@o_dBwaiu0S2QuQv(u!JvpTD&oCv73$U`s%OS{@jQamX
zz6bjxaJ<OH@`H=Nf(66ALeYnBvM&^Q0`^_v2<R_+2)!00qgEt>#!ch3(MBh+XHYnB
z<;V8*FY^CnVhYR!w=bOQkYUap8cfN|N8$QHp@sj4ho{3l|BnX8!^0i_-^EpC4YmAM
zvijz7`6XXv%tEGMeNqf<O(v>E{TmAhXyReDA#>)&uy;uUcMQ)}A8%0D^RYlK5@_55
zh>Z*5<_4_TJbf#f{QGw^KQyBUfP#PuB^kJE31G~z=UaSk&ndk$#vsRG^2l*8=Vbu%
z3X|Df7-KNZV?({?#KjI`7U6<Wi%^>cU$7&_U`&z6u>|ta1baz;5}V?iF(i{sCcs1F
z;4#QayvH6!9II)l$C4iDWN&U@-};q!m|L$rIsqeQ!epv89%1{y=v&WtOe^>XffN~m
zfKh?vt3OtVz`AwLB+61U#-dw_uKh$h_O<0sUf1u3Y5;v(D8NJ(R!Hc56ozslR;N8$
z6oS<s@0;-+$ki(U!-eA^;%{OSw#fg{$?<Vf{*Q*ko&3Lxt4%J13&#?nx3S=_fk?V(
zhp-S6WQv@|{!-Xbsu(VC5DVGv(E5l?)2vok=PA7SM7_wz&n17Xrn<s~V|3II4^zAG
z5IeEn>P%WLC_^(zEzT2q^Z<%aV@j-zP809|NKxbsb#XEg6W(Lw{tqJpzY84P19@^$
z2ZaQH;XfkTV|<s5Zq-43Ab;XcN@$gjttwoy>b)uNTEH@gHv?8OdP|dPe(&C>$o89=
zBdN&jXREfYJ#Y*1zg7RUC<rjy$RpIO|3|~q<HMr<ADo=-^#5I4Z9*kk{(=b*U{IO@
z_V)|y)lXaYb*4%bCv}S&btSDSJGc+EnP|<#RTgW87qNGSk6|uE$j7!lBVry+EQk8G
z(yPheiAN{4kGR0h_EA8l@xe|`kjEhM{300jk~^1hM~d-lJCR?K^&X!co{Y@1!;}92
zH2~$-N(XgC#Js!`v3BoUiL&oonXUt^tyJDl7*#y7Qe~LFGfHMd$mrMW=jZ=0;)TdH
z`UZbQRLHe}$0@bOFdPj0tfNd(=lk`DPrCGaCgD`qdb8?&M}vlrE5_ktpR()fr(Fs2
zMnNaEDK@Pk&*&$gw2!MBiQ@j3R4TTvTcOcW{TS+QJDQ6eI}sz|`g!d6O^mK6c*g(1
zF;m-PuzdE4(J0g&P76=!&m(PyX%`p^e+?;1@o~%+#KF%Them-|TB_BOild?}T7M(C
zACUmF%t#Gdu*+el25J>S<>jCdO^8PX!F>4?z-2Vl?@f4ic9z{UjNEsDcm1AHp}bMo
zTws3;f<-t1Y9f05`#j<0Mf^6yT0v-zaD(9);euTcEtgZvC!Reavk3}jrbAL!*?4$p
z4Nt9skspz^Zz~?Cp3WoBJEtCTuE+3t`j(1whB*#WN;}l|QQ)SuGr_PYB(Nul&yD3X
z(^=kp%g8Di3gItK#5^!Ln7_gKyAL0g;uzbuM;+wNDHr46@nA5p|A>f4|G~F!iuQkj
zm+#+a=;DnDFMoUe@#6Wr7cYMvWUn|DVB+kyWrw?jOa4rF|6_h3RZq^Gf|0z3c%|oP
zfnkDi07-M#$n}S%U68}#gkW>#*awz#ZGGWjOGLVFGv8ic8IZ&O{25FaY$xJ^`tbYj
ze+4neL7{{AZG9h*!B0sA@)G!yCtwC(?CpCM$g*xm|7p8;VF!`t^^K~bUCrc*oEK2Y
z%|wIDbYM87xlL`#T`i@!8#%%bk#mV=nA@?jZrTi8r6xs;$xe1Bx4v+#^Zg+F3MuEY
zC;-!(FnYx?182^tkHIwO7`dK&|Kv$|W9|J{Uv9yQ=UOjq5@8jo&|%Z&#Im-Km(c_}
z!UIY0%p)w<u+BzIDPyJ>pDY)%w2qMBcd>^BUat!cp|%T`xE+Sky12nKr;PgMlz2E<
zF>V*gTHvi!AKu|A=ez*9b(RcU&6pmYar>a1CsVmLrBUE!{2^Pb(5#9ghg1`5^71cT
z!oZZ0M(?iS0HU>BRFAY9Dt!^9aIKh0Knv4QGpn0SZtFEtlsgRLfX}JefUp{pmFTN?
zz8;zL!(R#UYDCXXaZ9vc5Es)8$R4*}iQ-9@>k&H}Z&!4ykvN@Bcj|5=@H9*t*ln80
zMg;8LWEwQ>XrUqqZ{(RmGt<)}K&;$d!nCpa680R4`MA=iDB+MW9Wm&ZST+Rh%)x7r
zaORY|^}~i<{jjzpDZjc5HV2m?(fF_njw<jJRlMK2U@1VR2pT3br#`j=>SEgpLcgoE
z9$UE5O4s&jMn3gYKN=Q0jUkGrwuY)*!*|#3>uC4lPRM}jCKSUp9Ui(r+UCTSKdyG_
zu1f@=0rEa+ykC|_BJ^NCN%pe(u&1Sb{IuQ_bB}PaD9fAQUc9<^{_gFsuU}pK?cJM~
z+K7}ZatwxKU88QrF4XztBFX(N%x6!%OnkpE{uzvcb!;6O<(V@S%y8=ac!5JKXYCNo
ziz+Bt75oRpE|S=RZ4|+(`u`cM^kW6mZdxOy$<0jx`S<U}mYpRD9A)*VqF}*mUvlg)
zEM7{G9Lku|dzVjPZy}eY5qSlt-rT5dx_1eCm841EFVyx;y^T$7nFg6rH;Ejhw6?9~
zq;@Y+`-4I>xphh<k33Ywpg}n}qDEI)hA49|E2n;m=JJZ2z^kH59O4xiV{h_$qmA2c
zX{-sdx{+4-rfO+zjEst57)P&&(Khk+rn!B?Fc*l4)bscjFR(P5V#BcD60S1FoHTiI
zIgk}HCu<Bg?1$p|1z}^j`JNv^!6K~%%$uF{_{vsaEo|9Zs|C%OWVKLDop!dx((P1l
zh&8WJmkyTk$EC&AtXjG$mX)ovqyY-tPPtbrrCgN=Sz`u<Rq0n+;6vWN?U;a7B^TQI
zmq$Kjfo5HX${saRgVca({jl=wHkNlKTeL~D<`w7B8k5SREFY9MF37f!kp&XiOoKe@
zW<ezh3tP!n-#lwkb5>U*6%|H4L5>j@o}@`gHS=#qqh)MZof3??()0&NE?a#)(kYf#
zrAW>7Gsd(f>vtMjmX)iGZoTZW*8DFy4Zc}HU|at8QK|m-^mMqZ|GSf`jrBQF%wCxY
z{UMhVQIX5lk|1#(>CY>PJ?i1o?4?w&P$cG*kw4Y2tjnLcMW~(8<vsQAO4N`Y-4i`n
z<i$mqC?qPohL7R1Vf>!UjfT%g7Lw%Z-2$^o{9HvWji+GDu#o?GgscDKFsbqT$`qfF
zz$L+KUBdqoH(#0lNw@d44AjH#@l;|;7ouUtJpgT|b=+S(ntZ{IP>Ws3zgy(mmDXIT
z*)Cd7%A%Zk)U3W0_pSz??Y*Mmbl+n7)~<T}AAb?V7RrBH>wixUOZ8uehohbTzl*Dm
zJLA<~tNgdhI}oEQd#Kwh#FCatHsF>@h;y_1p(}_J@@-Z<+(n$1Hq7=<i*jStobS^8
zwdsMfwA<D@*i~~+x5DJR)jDnRe+%V5E%JXj8Vp9o^WVwI$xi;?#nr;jId7Wz0HptB
zl|;#`?yHb!I9Q>y_Eu^o=7|3{zD~&uhSE++#Jqk1v-?<?Y0H+x)=4mvHuNhb@D;jN
z0^XzaG77<13=J@nlZKIWXvTE~*=^E%7B@HgYNw^BXCDL-k<uE4ek>lpS(XT>ugcNe
zo>Aoff;<#Bn8g?pbe5;TX~6J0?lNht<Fk^{XszYpH`n@CrRK7471Hq4b(yTdezH;-
z4ugb7zr-JkesSYD<>Hw~5RapVCXg^mPDoH#B+Oz-5?Jm2aptE_(k`kxuq3z^95B<!
zzO@Ye-*l^XxmmCDMPuA#40m7ovaDE9Q*V@1T0TUV;*u-ME=e#`0Z2O+I?NTFRF|C;
z3QzK-CtEK*Db<+hRTP{#`N9cR_R%GSHLDRxlIygWrKHXWP;8LQH>(`b=bYx=cba#c
zgj+5Th$*r}RguuYy=2!?CbHFK=u^rd-t|BNIQT2Lw2*g|5o+%y2K-))3F0WZAVGxx
zT6mM2r2?G$)P;Zlx<pz4h*O76(=;kyypMu_1hZvx%d)B=D^OT=b+0ZBaNW{uo<H22
zC9KKDE*ZMp&URdldy3KZ^3K=CU3|M{vg5K_DQKIsp*N>fYVCH(3Qe`f1IY@l&ofL1
zTA62<zN|{o(-KX)q#Wk@xv!MNrunp`9G2T|kaE~Hp)l=q<AlNzqRkQt8_;bdp|Fg8
zgM`9bWZOw799Cup4!a~2wl-Zmp|C=AtddVya--f!T3SJ?G;5Ul=@j6N)pN9}l}g7{
z!j{Pvl*q~o<Uyu#nVNgE>2sTtxtxz={(p5b>khhpX9DY=@7n{pyYBO<@c&;SBJ2zK
zcN@XqF7e-^VbTA8e7gJo&pWxwl2$If`eS~flMVr33Ho<BsR;ojZ%ZM7^m%;<pwM!=
z0bn)17;~raZ%DZ?Nx%j2yr=3W3TF(t_%>p}De<=!3RWC_ixJ?uEwgC|xO!_<1J&v0
z`i<6%XMO$L$UqM*2HYtBztG7xehQ=|{(E>hEXx0r-S2<g(RFjv#LM-8-+Pt%6C|AZ
zGVSy4bW)P~?P1+!-SCA@Zc#A|<rXn2K;o=fGgOCnV+`t{3N2$7yH6*0N*OlQQ<Zs3
zXz(-!nj)e{k5i70N3Bx_K*2y3M=O7^T?0`}j*O*qs>;y-P<K9TJR@eu^;|?yJ7gyV
z$S{?^K(2Q0<eIdE;tIhyiE|lR+(I~R%fT`wtm`5VyQoe#6st#dN{(5m^xq{Oyn%I`
z5BeoOyy57lH##AzyoW2Hs11q(AkU*$=Zq|fhiCXDcaVqTpLtU@sP1&E37{t-bogvM
zJ3CWV0LyW=2G1c)RC!AS30D2GklCWW(Xv^V-{e;v7i)_4<l{Y(c>tiQ<??*MYnv~l
zYB}d>^9XeJpw@Lu#}#f&X!6YJ=NrghD_NhWX-b2?(cb6iftm^33zgax-j-6uHakad
z*;YW2plUzo>GP3Z;vnJAZSNIEJ^Vm-%ld^~O}j@`q5Poxr=oVOR}rd6sUKqI6E2C(
zt*nLqLw72B&WMl5kOnT2m_<2YQ4D%5^>L>WEJLNG5rov`2COrTq%5xM7!-K9{~4A-
zJFcVyFs|fjXAP>{2Ja>XQvcd4TwfyC#>r`Y*bmCkol69_qc63h$BJ^sE>g8it>nsV
z(B|OWJnr}d_%%0)IHu*8Ek@;z%$jk%KBZept!%O#v2)hx?QLvbi|&YCWmfFc81C?j
z<3E<PBgibE4BtW@E%E=sak2h;I65Bf>i_QKdJN}C2+RTwf<n9n;A)Nom_)>rObO}F
zPguRjpnl<<M`4_S$LHAdVCK;Y`0|iKg4t7G*h7LWu=-jw?KukE-eU;xOj&2JA2K{8
zU$Gk>lm4x5!Mnh_1{$cAa!3$j1|A8p)w5oFxcDF_!@bAwJpS>FPtQMqOBnB2Ga_vD
zHy(b^n*7OZ^*4PmpV{(HddnAqy+kxY&SezBlz5o;4lI5Z_71EGy6hcT!k3>ZBeUMY
z|MnikC&UPiIJ|!GlJ~5TQE4vsEaGBh$KZ^9=~)ZzP#4=fnY6oh*Y0}A*Z&0o0RR6v
KeLEuniU0uMmp>~2
literal 0
HcmV?d00001
diff --git a/chart/requirements.lock b/chart/requirements.lock
index e89ef718c..b3a85663b 100644
--- a/chart/requirements.lock
+++ b/chart/requirements.lock
@@ -22,7 +22,7 @@ dependencies:
version: 12.5.2
- name: gitlab-runner
repository: https://charts.gitlab.io/
- version: 0.71.0
+ version: 0.72.0
- name: redis
repository: https://charts.bitnami.com/bitnami
version: 16.13.2
@@ -37,12 +37,12 @@ dependencies:
version: 1.4.3
- name: gluon
repository: oci://registry1.dso.mil/bigbang
- version: 0.5.12
+ version: 0.5.14
- name: traefik
repository: https://helm.traefik.io/traefik
version: 10.19.4
- name: kubernetes-ingress
repository: https://haproxytech.github.io/helm-charts
version: 1.32.0
-digest: sha256:21dd06b33ea0567bdece9abb2a3dff308e4d9111d4f3c91667e8d12c7d7e92d0
-generated: "2025-01-15T13:08:24.330905-05:00"
+digest: sha256:c426626626761ac60ff8acc301c56da4af0a16aaf92c915c0ff04c40a30ea109
+generated: "2025-01-24T17:56:34.90962225-06:00"
diff --git a/chart/requirements.yaml b/chart/requirements.yaml
index 6e15725a7..81c452430 100644
--- a/chart/requirements.yaml
+++ b/chart/requirements.yaml
@@ -40,7 +40,7 @@ dependencies:
repository: https://charts.gitlab.io/
condition: gitlab-zoekt.install
- name: gluon
- version: "0.5.12"
+ version: "0.5.14"
repository: "oci://registry1.dso.mil/bigbang"
- name: traefik
repository: https://helm.traefik.io/traefik
--
GitLab