From 6d37547bbca0c3b3389faabd291370c0c43e98c9 Mon Sep 17 00:00:00 2001 From: schristoff <28318173+schristoff@users.noreply.github.com> Date: Thu, 26 Sep 2024 01:45:31 -0600 Subject: [PATCH 01/74] fix: nightly by removing logline no longer printed (#3038) Signed-off-by: schristoff <28318173+schristoff@users.noreply.github.com> --- src/test/nightly/ecr_publish_test.go | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/test/nightly/ecr_publish_test.go b/src/test/nightly/ecr_publish_test.go index f6d53cf470..3cf5876960 100644 --- a/src/test/nightly/ecr_publish_test.go +++ b/src/test/nightly/ecr_publish_test.go @@ -59,10 +59,9 @@ func TestECRPublishing(t *testing.T) { require.NoError(t, err, stdOut, stdErr) // Ensure we get a warning when trying to inspect the online published package - stdOut, stdErr, err = e2e.Zarf(t, "package", "inspect", upstreamPackageURL, keyFlag, "--sbom-out", tmpDir) + stdOut, stdErr, err = e2e.Zarf(t, "package", "inspect", upstreamPackageURL, keyFlag, "--sbom-out", tmpDir, "--skip-signature-validation") require.NoError(t, err, stdOut, stdErr) require.Contains(t, stdErr, "Validating SBOM checksums") - require.Contains(t, stdErr, "Package signature validated!") // Validate that we can pull the package down from ECR stdOut, stdErr, err = e2e.Zarf(t, "package", "pull", upstreamPackageURL) From cd634e8982f1b9e91c0a668b68c33df5ff9e1ba2 Mon Sep 17 00:00:00 2001 From: Austin Abro <37223396+AustinAbro321@users.noreply.github.com> Date: Thu, 26 Sep 2024 07:28:10 -0600 Subject: [PATCH 02/74] feat: pass context to helm install & upgrade (#3031) Signed-off-by: Austin Abro --- src/internal/packager/helm/chart.go | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/src/internal/packager/helm/chart.go b/src/internal/packager/helm/chart.go index 656b5560b5..e1a8dc6c5a 100644 --- a/src/internal/packager/helm/chart.go +++ b/src/internal/packager/helm/chart.go @@ -70,14 +70,14 @@ func (h *Helm) InstallOrUpgradeChart(ctx context.Context) (types.ConnectStrings, // No prior release, try to install it. spinner.Updatef("Attempting chart installation") - _, err = h.installChart(postRender) + _, err = h.installChart(ctx, postRender) } else if histErr == nil && len(releases) > 0 { // Otherwise, there is a prior release so upgrade it. spinner.Updatef("Attempting chart upgrade") lastRelease := releases[len(releases)-1] - _, err = h.upgradeChart(lastRelease, postRender) + _, err = h.upgradeChart(ctx, lastRelease, postRender) } else { // 😭 things aren't working return fmt.Errorf("unable to verify the chart installation status: %w", histErr) @@ -172,7 +172,7 @@ func (h *Helm) TemplateChart(ctx context.Context) (manifest string, chartValues } // Perform the loadedChart installation. - templatedChart, err := client.Run(loadedChart, chartValues) + templatedChart, err := client.RunWithContext(ctx, loadedChart, chartValues) if err != nil { return "", nil, fmt.Errorf("error generating helm chart template: %w", err) } @@ -241,7 +241,7 @@ func (h *Helm) UpdateReleaseValues(ctx context.Context, updatedValues map[string client.Wait = true // Perform the loadedChart upgrade. - _, err = client.Run(h.chart.ReleaseName, lastRelease.Chart, updatedValues) + _, err = client.RunWithContext(ctx, h.chart.ReleaseName, lastRelease.Chart, updatedValues) if err != nil { return err } @@ -254,7 +254,7 @@ func (h *Helm) UpdateReleaseValues(ctx context.Context, updatedValues map[string return fmt.Errorf("unable to find the %s helm release", h.chart.ReleaseName) } -func (h *Helm) installChart(postRender *renderer) (*release.Release, error) { +func (h *Helm) installChart(ctx context.Context, postRender *renderer) (*release.Release, error) { // Bind the helm action. client := action.NewInstall(h.actionConfig) @@ -282,10 +282,10 @@ func (h *Helm) installChart(postRender *renderer) (*release.Release, error) { } // Perform the loadedChart installation. - return client.Run(loadedChart, chartValues) + return client.RunWithContext(ctx, loadedChart, chartValues) } -func (h *Helm) upgradeChart(lastRelease *release.Release, postRender *renderer) (*release.Release, error) { +func (h *Helm) upgradeChart(ctx context.Context, lastRelease *release.Release, postRender *renderer) (*release.Release, error) { // Migrate any deprecated APIs (if applicable) err := h.migrateDeprecatedAPIs(lastRelease) if err != nil { @@ -315,7 +315,7 @@ func (h *Helm) upgradeChart(lastRelease *release.Release, postRender *renderer) } // Perform the loadedChart upgrade. - return client.Run(h.chart.ReleaseName, loadedChart, chartValues) + return client.RunWithContext(ctx, h.chart.ReleaseName, loadedChart, chartValues) } func (h *Helm) rollbackChart(name string, version int) error { From 2c8b67170ea234acc7b15a113d0d901fa145398b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 26 Sep 2024 10:28:19 -0400 Subject: [PATCH 03/74] chore(deps): bump actions/checkout from 4.1.7 to 4.2.0 (#3035) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/build-rust-injector.yml | 2 +- .github/workflows/check-go-mod.yml | 2 +- .github/workflows/commitlint.yml | 2 +- .github/workflows/dependency-review.yml | 2 +- .github/workflows/nightly-ecr.yml | 2 +- .github/workflows/nightly-eks.yml | 2 +- .github/workflows/publish-application-packages.yml | 2 +- .github/workflows/release.yml | 6 +++--- .github/workflows/scan-codeql.yml | 2 +- .github/workflows/scan-docs-and-schema.yml | 2 +- .github/workflows/scan-lint.yml | 2 +- .github/workflows/scorecard.yaml | 2 +- .github/workflows/test-bigbang.yml | 4 ++-- .github/workflows/test-e2e.yml | 12 ++++++------ .github/workflows/test-external.yml | 2 +- .github/workflows/test-import.yaml | 2 +- .github/workflows/test-site.yml | 2 +- .github/workflows/test-unit.yml | 2 +- .github/workflows/test-upgrade.yml | 4 ++-- .github/workflows/test-windows.yml | 4 ++-- 20 files changed, 30 insertions(+), 30 deletions(-) diff --git a/.github/workflows/build-rust-injector.yml b/.github/workflows/build-rust-injector.yml index a302c1dfa0..42110de191 100644 --- a/.github/workflows/build-rust-injector.yml +++ b/.github/workflows/build-rust-injector.yml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-latest steps: - name: "Checkout Repo" - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Install tools uses: ./.github/actions/install-tools diff --git a/.github/workflows/check-go-mod.yml b/.github/workflows/check-go-mod.yml index b7f4c12b97..b6cb942da4 100644 --- a/.github/workflows/check-go-mod.yml +++ b/.github/workflows/check-go-mod.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Setup golang uses: ./.github/actions/golang diff --git a/.github/workflows/commitlint.yml b/.github/workflows/commitlint.yml index 283059a80b..947de04e96 100644 --- a/.github/workflows/commitlint.yml +++ b/.github/workflows/commitlint.yml @@ -16,7 +16,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 with: fetch-depth: 0 diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index ed74def218..dc05dc27c3 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -10,6 +10,6 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Dependency Review uses: actions/dependency-review-action@5a2ce3f5b92ee19cbb1541a4984c76d921601d7c # v4.3.4 diff --git a/.github/workflows/nightly-ecr.yml b/.github/workflows/nightly-ecr.yml index ca9bf97ca4..f0dd7dac9f 100644 --- a/.github/workflows/nightly-ecr.yml +++ b/.github/workflows/nightly-ecr.yml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Setup golang uses: ./.github/actions/golang diff --git a/.github/workflows/nightly-eks.yml b/.github/workflows/nightly-eks.yml index 35b94721b9..55ef9c1d44 100644 --- a/.github/workflows/nightly-eks.yml +++ b/.github/workflows/nightly-eks.yml @@ -27,7 +27,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Setup golang uses: ./.github/actions/golang diff --git a/.github/workflows/publish-application-packages.yml b/.github/workflows/publish-application-packages.yml index 680fd2eee4..60e0e25d61 100644 --- a/.github/workflows/publish-application-packages.yml +++ b/.github/workflows/publish-application-packages.yml @@ -14,7 +14,7 @@ jobs: packages: write steps: - name: "Checkout Repo" - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Auth with AWS uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index e2194a24f9..9e08726384 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -17,7 +17,7 @@ jobs: steps: # Checkout the repo and setup the tooling for this job - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 with: fetch-depth: 0 @@ -96,7 +96,7 @@ jobs: steps: # Checkout the repo and setup the tooling for this job - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 with: fetch-depth: 0 @@ -135,7 +135,7 @@ jobs: steps: # Checkout the repo and setup the tooling for this job - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 with: fetch-depth: 0 diff --git a/.github/workflows/scan-codeql.yml b/.github/workflows/scan-codeql.yml index 1a1848f923..ef766bd7d9 100644 --- a/.github/workflows/scan-codeql.yml +++ b/.github/workflows/scan-codeql.yml @@ -36,7 +36,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Setup golang uses: ./.github/actions/golang diff --git a/.github/workflows/scan-docs-and-schema.yml b/.github/workflows/scan-docs-and-schema.yml index c4819b6525..db383effd8 100644 --- a/.github/workflows/scan-docs-and-schema.yml +++ b/.github/workflows/scan-docs-and-schema.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Setup golang uses: ./.github/actions/golang diff --git a/.github/workflows/scan-lint.yml b/.github/workflows/scan-lint.yml index 95642fe5cc..1e5ebe0a81 100644 --- a/.github/workflows/scan-lint.yml +++ b/.github/workflows/scan-lint.yml @@ -11,6 +11,6 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Run golangci-lint uses: golangci/golangci-lint-action@aaa42aa0628b4ae2578232a66b541047968fac86 # v6.1.0 diff --git a/.github/workflows/scorecard.yaml b/.github/workflows/scorecard.yaml index 6bdb4a7cf4..78159a9ec2 100644 --- a/.github/workflows/scorecard.yaml +++ b/.github/workflows/scorecard.yaml @@ -22,7 +22,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 with: persist-credentials: false diff --git a/.github/workflows/test-bigbang.yml b/.github/workflows/test-bigbang.yml index 1c0b820ea6..fb83764515 100644 --- a/.github/workflows/test-bigbang.yml +++ b/.github/workflows/test-bigbang.yml @@ -34,7 +34,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Setup golang uses: ./.github/actions/golang @@ -74,7 +74,7 @@ jobs: needs: build-bigbang steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Download build artifacts uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 diff --git a/.github/workflows/test-e2e.yml b/.github/workflows/test-e2e.yml index 24b5e4bd76..f0797a81d2 100644 --- a/.github/workflows/test-e2e.yml +++ b/.github/workflows/test-e2e.yml @@ -35,7 +35,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Setup golang uses: ./.github/actions/golang @@ -58,7 +58,7 @@ jobs: needs: build-e2e steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Download build artifacts uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 @@ -93,7 +93,7 @@ jobs: needs: build-e2e steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Download build artifacts uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 @@ -135,7 +135,7 @@ jobs: needs: build-e2e steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Download build artifacts uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 @@ -173,7 +173,7 @@ jobs: needs: build-e2e steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Download build artifacts uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 @@ -217,7 +217,7 @@ jobs: needs: build-e2e steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Download build artifacts uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 diff --git a/.github/workflows/test-external.yml b/.github/workflows/test-external.yml index 8fcb4c5683..b73b33731e 100644 --- a/.github/workflows/test-external.yml +++ b/.github/workflows/test-external.yml @@ -34,7 +34,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Setup golang uses: ./.github/actions/golang diff --git a/.github/workflows/test-import.yaml b/.github/workflows/test-import.yaml index c5571593fe..625c3c46dc 100644 --- a/.github/workflows/test-import.yaml +++ b/.github/workflows/test-import.yaml @@ -15,7 +15,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Setup Go uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 diff --git a/.github/workflows/test-site.yml b/.github/workflows/test-site.yml index d17f9f6d85..62c1eb0f1d 100644 --- a/.github/workflows/test-site.yml +++ b/.github/workflows/test-site.yml @@ -19,7 +19,7 @@ jobs: working-directory: ./site steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Setup Node.js uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4 diff --git a/.github/workflows/test-unit.yml b/.github/workflows/test-unit.yml index 4690674604..18637cda2c 100644 --- a/.github/workflows/test-unit.yml +++ b/.github/workflows/test-unit.yml @@ -38,7 +38,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Setup golang uses: ./.github/actions/golang diff --git a/.github/workflows/test-upgrade.yml b/.github/workflows/test-upgrade.yml index c060598796..25fedf599e 100644 --- a/.github/workflows/test-upgrade.yml +++ b/.github/workflows/test-upgrade.yml @@ -34,7 +34,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Setup golang uses: ./.github/actions/golang @@ -57,7 +57,7 @@ jobs: needs: build-upgrade steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Download build artifacts uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 diff --git a/.github/workflows/test-windows.yml b/.github/workflows/test-windows.yml index d9d9172a75..d2bac74914 100644 --- a/.github/workflows/test-windows.yml +++ b/.github/workflows/test-windows.yml @@ -34,7 +34,7 @@ jobs: runs-on: windows-latest steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Run Windows unit tests run: make test-unit @@ -44,7 +44,7 @@ jobs: runs-on: windows-latest steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Build Windows binary and zarf packages uses: ./.github/actions/packages From fce521d6abd0b8ed3cd42348c68e68b5a3d17580 Mon Sep 17 00:00:00 2001 From: Austin Abro <37223396+AustinAbro321@users.noreply.github.com> Date: Thu, 26 Sep 2024 11:31:12 -0600 Subject: [PATCH 04/74] test: fix external git flake (#3039) Signed-off-by: Austin Abro --- src/test/external/common.go | 9 ++++----- src/test/external/docker-compose.yml | 5 +++++ src/test/external/ext_out_cluster_test.go | 7 +++---- 3 files changed, 12 insertions(+), 9 deletions(-) diff --git a/src/test/external/common.go b/src/test/external/common.go index 0209ddadb2..5fd2e294f2 100644 --- a/src/test/external/common.go +++ b/src/test/external/common.go @@ -5,6 +5,7 @@ package external import ( + "errors" "path" "path/filepath" "strings" @@ -31,7 +32,7 @@ func createPodInfoPackageWithInsecureSources(t *testing.T, temp string) { exec.CmdWithPrint(zarfBinPath, "package", "create", temp, "--confirm", "--output", temp) } -func verifyWaitSuccess(t *testing.T, timeoutMinutes time.Duration, cmd string, args []string, condition string, onTimeout string) bool { +func waitForCondition(t *testing.T, timeoutMinutes time.Duration, cmd string, args []string, condition string) error { timeout := time.After(timeoutMinutes * time.Minute) for { // delay check 3 seconds @@ -39,9 +40,7 @@ func verifyWaitSuccess(t *testing.T, timeoutMinutes time.Duration, cmd string, a select { // on timeout abort case <-timeout: - t.Error(onTimeout) - - return false + return errors.New("timed out waiting for condition") // after delay, try running default: @@ -52,7 +51,7 @@ func verifyWaitSuccess(t *testing.T, timeoutMinutes time.Duration, cmd string, a t.Log(string(stdOut), err) } if strings.Contains(string(stdOut), condition) { - return true + return nil } } } diff --git a/src/test/external/docker-compose.yml b/src/test/external/docker-compose.yml index 7e180fdbab..fcca987da7 100644 --- a/src/test/external/docker-compose.yml +++ b/src/test/external/docker-compose.yml @@ -21,6 +21,11 @@ services: ports: - "3000:3000" - "222:22" + healthcheck: + test: ["CMD", "curl", "-f", "http://gitea.localhost:3000/api/healthz"] + interval: 5s + timeout: 5s + retries: 20 init: image: gitea/gitea:1.18.1 container_name: gitea.init diff --git a/src/test/external/ext_out_cluster_test.go b/src/test/external/ext_out_cluster_test.go index e2cbaccefb..1eee15e718 100644 --- a/src/test/external/ext_out_cluster_test.go +++ b/src/test/external/ext_out_cluster_test.go @@ -81,10 +81,9 @@ func (suite *ExtOutClusterTestSuite) SetupSuite() { suite.NoError(err, "unable to install the gitea-server") // Wait for gitea to deploy properly - giteaArgs := []string{"inspect", "-f", "{{.State.Status}}", "gitea.init"} - giteaErrStr := "unable to verify the gitea container installed successfully" - success := verifyWaitSuccess(suite.T(), 2, "docker", giteaArgs, "exited", giteaErrStr) - suite.True(success, giteaErrStr) + giteaArgs := []string{"inspect", "-f", "{{.State.Health.Status}}", "gitea.localhost"} + err = waitForCondition(suite.T(), 2, "docker", giteaArgs, "healthy") + suite.NoError(err) // Connect gitea to the k3d network err = exec.CmdWithPrint("docker", "network", "connect", "--ip", giteaIP, network, giteaHost) From d119cef98b9b765e42e361b2ef8ecedb4e4ea22e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 26 Sep 2024 22:43:05 -0600 Subject: [PATCH 05/74] chore(deps): bump github.com/fluxcd/pkg/apis/meta from 1.5.0 to 1.6.1 (#3034) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: schristoff <28318173+schristoff@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 59185260da..e8cd5285c6 100644 --- a/go.mod +++ b/go.mod @@ -26,7 +26,7 @@ require ( github.com/fatih/color v1.17.0 github.com/fluxcd/gitkit v0.6.0 github.com/fluxcd/helm-controller/api v1.0.1 - github.com/fluxcd/pkg/apis/meta v1.5.0 + github.com/fluxcd/pkg/apis/meta v1.6.1 github.com/fluxcd/source-controller/api v1.3.0 github.com/go-git/go-git/v5 v5.12.0 github.com/goccy/go-yaml v1.12.0 diff --git a/go.sum b/go.sum index af5e68a6e5..f48474a5c1 100644 --- a/go.sum +++ b/go.sum @@ -733,8 +733,8 @@ github.com/fluxcd/pkg/apis/acl v0.3.0 h1:UOrKkBTOJK+OlZX7n8rWt2rdBmDCoTK+f5TY2Lc github.com/fluxcd/pkg/apis/acl v0.3.0/go.mod h1:WVF9XjSMVBZuU+HTTiSebGAWMgM7IYexFLyVWbK9bNY= github.com/fluxcd/pkg/apis/kustomize v1.5.0 h1:ah4sfqccnio+/5Edz/tVz6LetFhiBoDzXAElj6fFCzU= github.com/fluxcd/pkg/apis/kustomize v1.5.0/go.mod h1:nEzhnhHafhWOUUV8VMFLojUOH+HHDEsL75y54mt/c30= -github.com/fluxcd/pkg/apis/meta v1.5.0 h1:/G82d2Az5D9op3F+wJUpD8jw/eTV0suM6P7+cSURoUM= -github.com/fluxcd/pkg/apis/meta v1.5.0/go.mod h1:Y3u7JomuuKtr5fvP1Iji2/50FdRe5GcBug2jawNVkdM= +github.com/fluxcd/pkg/apis/meta v1.6.1 h1:maLhcRJ3P/70ArLCY/LF/YovkxXbX+6sTWZwZQBeNq0= +github.com/fluxcd/pkg/apis/meta v1.6.1/go.mod h1:YndB/gxgGZmKfqpAfFxyCDNFJFP0ikpeJzs66jwq280= github.com/fluxcd/source-controller/api v1.3.0 h1:Z5Lq0aJY87yg0cQDEuwGLKS60GhdErCHtsi546HUt10= github.com/fluxcd/source-controller/api v1.3.0/go.mod h1:+tfd0vltjcVs/bbnq9AlYR9AAHSVfM/Z4v4TpQmdJf4= github.com/fortytw2/leaktest v1.3.0 h1:u8491cBMTQ8ft8aeV+adlcytMZylmA5nnwwkRZjI8vw= From 508a1c8ec44fd92536b5e8c889a65b48ae096d27 Mon Sep 17 00:00:00 2001 From: Austin Abro <37223396+AustinAbro321@users.noreply.github.com> Date: Fri, 27 Sep 2024 11:20:05 -0400 Subject: [PATCH 06/74] chore: resolve cosign cves (#3029) Signed-off-by: Austin Abro --- go.mod | 166 +++++++++++++------------ go.sum | 385 +++++++++++++++++++++++++++++---------------------------- 2 files changed, 283 insertions(+), 268 deletions(-) diff --git a/go.mod b/go.mod index e8cd5285c6..69d222f42c 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/zarf-dev/zarf -go 1.22.4 +go 1.22.7 // TODO (@AABRO): Pending merge into github.com/gojsonschema/gojsonschema (https://github.com/gojsonschema/gojsonschema/pull/5) replace github.com/xeipuuv/gojsonschema => github.com/defenseunicorns/gojsonschema v0.0.0-20231116163348-e00f069122d6 @@ -30,7 +30,7 @@ require ( github.com/fluxcd/source-controller/api v1.3.0 github.com/go-git/go-git/v5 v5.12.0 github.com/goccy/go-yaml v1.12.0 - github.com/gofrs/flock v0.8.1 + github.com/gofrs/flock v0.12.1 github.com/google/go-containerregistry v0.20.2 github.com/gosuri/uitable v0.0.4 github.com/invopop/jsonschema v0.12.0 @@ -38,14 +38,14 @@ require ( github.com/moby/moby v27.2.1+incompatible github.com/opencontainers/image-spec v1.1.0 github.com/pkg/errors v0.9.1 - github.com/prometheus/client_golang v1.19.1 + github.com/prometheus/client_golang v1.20.2 github.com/pterm/pterm v0.12.79 github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 - github.com/sigstore/cosign/v2 v2.2.3 - github.com/sigstore/sigstore/pkg/signature/kms/aws v1.8.1 - github.com/sigstore/sigstore/pkg/signature/kms/azure v1.8.1 - github.com/sigstore/sigstore/pkg/signature/kms/gcp v1.8.7 - github.com/sigstore/sigstore/pkg/signature/kms/hashivault v1.8.7 + github.com/sigstore/cosign/v2 v2.4.0 + github.com/sigstore/sigstore/pkg/signature/kms/aws v1.8.8 + github.com/sigstore/sigstore/pkg/signature/kms/azure v1.8.8 + github.com/sigstore/sigstore/pkg/signature/kms/gcp v1.8.8 + github.com/sigstore/sigstore/pkg/signature/kms/hashivault v1.8.8 github.com/spf13/cobra v1.8.1 github.com/spf13/pflag v1.0.5 github.com/spf13/viper v1.19.0 @@ -71,8 +71,12 @@ require ( require ( github.com/anchore/go-collections v0.0.0-20240216171411-9321230ce537 // indirect github.com/bshuster-repo/logrus-logstash-hook v1.0.0 // indirect + github.com/buildkite/roko v1.2.0 // indirect github.com/charmbracelet/x/ansi v0.2.3 // indirect github.com/charmbracelet/x/term v0.2.0 // indirect + github.com/containerd/containerd/api v1.7.19 // indirect + github.com/containerd/errdefs v0.1.0 // indirect + github.com/containerd/platforms v0.2.1 // indirect github.com/coreos/go-systemd/v22 v22.5.0 // indirect github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect github.com/elliotchance/phpserialize v1.4.0 // indirect @@ -86,20 +90,26 @@ require ( github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 // indirect github.com/hashicorp/golang-lru/arc/v2 v2.0.5 // indirect github.com/hashicorp/golang-lru/v2 v2.0.7 // indirect + github.com/in-toto/attestation v1.1.0 // indirect github.com/jedib0t/go-pretty/v6 v6.5.9 // indirect github.com/moby/docker-image-spec v1.3.1 // indirect + github.com/moby/sys/userns v0.1.0 // indirect github.com/ncruces/go-strftime v0.1.9 // indirect github.com/onsi/gomega v1.33.1 // indirect github.com/redis/go-redis/extra/rediscmd/v9 v9.0.5 // indirect github.com/redis/go-redis/extra/redisotel/v9 v9.0.5 // indirect - github.com/redis/go-redis/v9 v9.3.0 // indirect + github.com/redis/go-redis/v9 v9.5.1 // indirect + github.com/rogpeppe/go-internal v1.12.0 // indirect github.com/secDre4mer/pkcs7 v0.0.0-20240322103146-665324a4461d // indirect + github.com/sigstore/protobuf-specs v0.3.2 // indirect + github.com/sigstore/sigstore-go v0.6.1 // indirect + github.com/theupdateframework/go-tuf/v2 v2.0.0 // indirect github.com/x448/float16 v0.8.4 // indirect go.opentelemetry.io/contrib/exporters/autoexport v0.46.1 // indirect go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v0.44.0 // indirect go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v0.44.0 // indirect go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.28.0 // indirect - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.27.0 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.28.0 // indirect go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.21.0 // indirect go.opentelemetry.io/otel/exporters/prometheus v0.44.0 // indirect go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v0.44.0 // indirect @@ -114,25 +124,25 @@ require ( atomicgo.dev/keyboard v0.2.9 // indirect atomicgo.dev/schedule v0.1.0 // indirect cloud.google.com/go v0.115.0 // indirect - cloud.google.com/go/auth v0.6.1 // indirect - cloud.google.com/go/auth/oauth2adapt v0.2.2 // indirect - cloud.google.com/go/compute/metadata v0.3.0 // indirect - cloud.google.com/go/iam v1.1.9 // indirect - cloud.google.com/go/kms v1.18.2 // indirect - cloud.google.com/go/longrunning v0.5.7 // indirect + cloud.google.com/go/auth v0.7.3 // indirect + cloud.google.com/go/auth/oauth2adapt v0.2.3 // indirect + cloud.google.com/go/compute/metadata v0.5.0 // indirect + cloud.google.com/go/iam v1.1.12 // indirect + cloud.google.com/go/kms v1.18.4 // indirect + cloud.google.com/go/longrunning v0.5.11 // indirect cloud.google.com/go/storage v1.42.0 // indirect - cuelabs.dev/go/oci/ociregistry v0.0.0-20231103182354-93e78c079a13 // indirect - cuelang.org/go v0.7.0 // indirect + cuelabs.dev/go/oci/ociregistry v0.0.0-20240404174027-a39bec0462d2 // indirect + cuelang.org/go v0.9.2 // indirect dario.cat/mergo v1.0.1 // indirect filippo.io/edwards25519 v1.1.0 // indirect github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 // indirect github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20230306123547-8075edf89bb0 // indirect github.com/AliyunContainerService/ack-ram-tool/pkg/credentials/alibabacloudsdkgo/helper v0.2.0 // indirect github.com/Azure/azure-sdk-for-go v68.0.0+incompatible // indirect - github.com/Azure/azure-sdk-for-go/sdk/azcore v1.12.0 // indirect + github.com/Azure/azure-sdk-for-go/sdk/azcore v1.13.0 // indirect github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0 // indirect - github.com/Azure/azure-sdk-for-go/sdk/internal v1.9.0 // indirect - github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.0.1 // indirect + github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 // indirect + github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.1.0 // indirect github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.0.0 // indirect github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect github.com/Azure/go-autorest v14.2.0+incompatible // indirect @@ -152,8 +162,8 @@ require ( github.com/Masterminds/semver v1.5.0 // indirect github.com/Masterminds/sprig/v3 v3.3.0 // indirect github.com/Masterminds/squirrel v1.5.4 // indirect - github.com/Microsoft/go-winio v0.6.1 // indirect - github.com/Microsoft/hcsshim v0.11.4 // indirect + github.com/Microsoft/go-winio v0.6.2 // indirect + github.com/Microsoft/hcsshim v0.11.7 // indirect github.com/OneOfOne/xxhash v1.2.8 // indirect github.com/ProtonMail/go-crypto v1.0.0 // indirect github.com/ThalesIgnite/crypto11 v1.2.5 // indirect @@ -181,29 +191,29 @@ require ( github.com/anchore/go-version v1.2.2-0.20210903204242-51efa5b487c4 // indirect github.com/anchore/grype v0.77.0 // indirect github.com/anchore/packageurl-go v0.1.1-0.20240507183024-848e011fc24f // indirect - github.com/andybalholm/brotli v1.0.6 // indirect + github.com/andybalholm/brotli v1.1.0 // indirect github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect github.com/aquasecurity/go-pep440-version v0.0.0-20210121094942-22b2f8951d46 // indirect github.com/aquasecurity/go-version v0.0.0-20210121072130-637058cfe492 // indirect github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect github.com/atotto/clipboard v0.1.4 // indirect - github.com/aws/aws-sdk-go v1.54.9 // indirect - github.com/aws/aws-sdk-go-v2 v1.27.2 // indirect - github.com/aws/aws-sdk-go-v2/config v1.27.18 // indirect - github.com/aws/aws-sdk-go-v2/credentials v1.17.18 // indirect - github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.5 // indirect - github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.9 // indirect - github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.9 // indirect + github.com/aws/aws-sdk-go v1.55.5 // indirect + github.com/aws/aws-sdk-go-v2 v1.30.3 // indirect + github.com/aws/aws-sdk-go-v2/config v1.27.27 // indirect + github.com/aws/aws-sdk-go-v2/credentials v1.17.27 // indirect + github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.11 // indirect + github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.15 // indirect + github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.15 // indirect github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 // indirect github.com/aws/aws-sdk-go-v2/service/ecr v1.20.2 // indirect github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.18.2 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.11 // indirect - github.com/aws/aws-sdk-go-v2/service/kms v1.27.9 // indirect - github.com/aws/aws-sdk-go-v2/service/sso v1.20.11 // indirect - github.com/aws/aws-sdk-go-v2/service/ssooidc v1.24.5 // indirect - github.com/aws/aws-sdk-go-v2/service/sts v1.28.12 // indirect - github.com/aws/smithy-go v1.20.2 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.3 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.17 // indirect + github.com/aws/aws-sdk-go-v2/service/kms v1.35.3 // indirect + github.com/aws/aws-sdk-go-v2/service/sso v1.22.4 // indirect + github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.4 // indirect + github.com/aws/aws-sdk-go-v2/service/sts v1.30.3 // indirect + github.com/aws/smithy-go v1.20.3 // indirect github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20231024185945-8841054dbdb8 // indirect github.com/aymanbagabas/go-osc52/v2 v2.0.1 // indirect github.com/bahlo/generic-list-go v0.2.0 // indirect @@ -215,9 +225,9 @@ require ( github.com/bmatcuk/doublestar/v2 v2.0.4 // indirect github.com/bmatcuk/doublestar/v4 v4.6.1 // indirect github.com/buger/jsonparser v1.1.1 // indirect - github.com/buildkite/agent/v3 v3.62.0 // indirect - github.com/buildkite/go-pipeline v0.3.2 // indirect - github.com/buildkite/interpolate v0.0.0-20200526001904-07f35b4ae251 // indirect + github.com/buildkite/agent/v3 v3.76.2 // indirect + github.com/buildkite/go-pipeline v0.10.0 // indirect + github.com/buildkite/interpolate v0.1.3 // indirect github.com/cenkalti/backoff/v3 v3.2.2 // indirect github.com/cenkalti/backoff/v4 v4.3.0 // indirect github.com/cespare/xxhash/v2 v2.3.0 // indirect @@ -233,12 +243,12 @@ require ( github.com/common-nighthawk/go-figure v0.0.0-20210622060536-734e95fb86be // indirect github.com/containerd/cgroups v1.1.0 // indirect github.com/containerd/console v1.0.4-0.20230313162750-1ae8d489ac81 // indirect - github.com/containerd/containerd v1.7.12 // indirect + github.com/containerd/containerd v1.7.21 // indirect github.com/containerd/continuity v0.4.2 // indirect github.com/containerd/fifo v1.1.0 // indirect github.com/containerd/log v0.1.0 // indirect github.com/containerd/stargz-snapshotter/estargz v0.14.3 // indirect - github.com/containerd/ttrpc v1.2.2 // indirect + github.com/containerd/ttrpc v1.2.5 // indirect github.com/containerd/typeurl/v2 v2.1.1 // indirect github.com/coreos/go-oidc/v3 v3.11.0 // indirect github.com/cpuguy83/go-md2man/v2 v2.0.4 // indirect @@ -291,16 +301,16 @@ require ( github.com/go-ini/ini v1.67.0 // indirect github.com/go-jose/go-jose/v3 v3.0.3 // indirect github.com/go-logr/stdr v1.2.2 // indirect - github.com/go-openapi/analysis v0.22.0 // indirect - github.com/go-openapi/errors v0.21.0 // indirect - github.com/go-openapi/jsonpointer v0.20.2 // indirect - github.com/go-openapi/jsonreference v0.20.4 // indirect - github.com/go-openapi/loads v0.21.5 // indirect - github.com/go-openapi/runtime v0.27.1 // indirect - github.com/go-openapi/spec v0.20.13 // indirect - github.com/go-openapi/strfmt v0.22.0 // indirect - github.com/go-openapi/swag v0.22.9 // indirect - github.com/go-openapi/validate v0.22.4 // indirect + github.com/go-openapi/analysis v0.23.0 // indirect + github.com/go-openapi/errors v0.22.0 // indirect + github.com/go-openapi/jsonpointer v0.21.0 // indirect + github.com/go-openapi/jsonreference v0.21.0 // indirect + github.com/go-openapi/loads v0.22.0 // indirect + github.com/go-openapi/runtime v0.28.0 // indirect + github.com/go-openapi/spec v0.21.0 // indirect + github.com/go-openapi/strfmt v0.23.0 // indirect + github.com/go-openapi/swag v0.23.0 // indirect + github.com/go-openapi/validate v0.24.0 // indirect github.com/go-piv/piv-go v1.11.0 // indirect github.com/go-restruct/restruct v1.2.0-alpha // indirect github.com/go-test/deep v1.1.1 // indirect @@ -313,7 +323,7 @@ require ( github.com/golang/protobuf v1.5.4 // indirect github.com/golang/snappy v0.0.4 // indirect github.com/google/btree v1.1.2 // indirect - github.com/google/certificate-transparency-go v1.1.7 // indirect + github.com/google/certificate-transparency-go v1.2.1 // indirect github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49 // indirect github.com/google/go-cmp v0.6.0 // indirect github.com/google/go-github/v55 v55.0.0 // indirect @@ -321,11 +331,11 @@ require ( github.com/google/gofuzz v1.2.0 // indirect github.com/google/licensecheck v0.3.1 // indirect github.com/google/pprof v0.0.0-20240525223248-4bfdf5a9a2af // indirect - github.com/google/s2a-go v0.1.7 // indirect + github.com/google/s2a-go v0.1.8 // indirect github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect github.com/google/uuid v1.6.0 // indirect github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect - github.com/googleapis/gax-go/v2 v2.12.5 // indirect + github.com/googleapis/gax-go/v2 v2.13.0 // indirect github.com/gookit/color v1.5.4 // indirect github.com/gorilla/mux v1.8.1 // indirect github.com/gorilla/websocket v1.5.0 // indirect @@ -401,24 +411,23 @@ require ( github.com/moby/sys/mountinfo v0.7.2 // indirect github.com/moby/sys/sequential v0.5.0 // indirect github.com/moby/sys/signal v0.7.0 // indirect - github.com/moby/sys/user v0.1.0 // indirect + github.com/moby/sys/user v0.3.0 // indirect github.com/moby/term v0.5.0 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect github.com/mozillazg/docker-credential-acr-helper v0.3.0 // indirect - github.com/mpvl/unique v0.0.0-20150818121801-cbe035fff7de // indirect github.com/muesli/ansi v0.0.0-20230316100256-276c6243b2f6 // indirect github.com/muesli/cancelreader v0.2.2 // indirect github.com/muesli/termenv v0.15.2 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect github.com/nozzle/throttler v0.0.0-20180817012639-2ea982251481 // indirect - github.com/nwaples/rardecode v1.1.0 // indirect + github.com/nwaples/rardecode v1.1.3 // indirect github.com/oklog/ulid v1.3.1 // indirect github.com/oleiade/reflections v1.0.1 // indirect github.com/olekukonko/tablewriter v0.0.5 // indirect - github.com/open-policy-agent/opa v0.61.0 // indirect + github.com/open-policy-agent/opa v0.68.0 // indirect github.com/opencontainers/go-digest v1.0.0 // indirect github.com/opencontainers/runtime-spec v1.1.0 // indirect github.com/opencontainers/selinux v1.11.0 // indirect @@ -432,7 +441,7 @@ require ( github.com/pelletier/go-toml v1.9.5 // indirect github.com/pelletier/go-toml/v2 v2.2.2 // indirect github.com/peterbourgon/diskv v2.0.1+incompatible // indirect - github.com/pierrec/lz4/v4 v4.1.19 // indirect + github.com/pierrec/lz4/v4 v4.1.21 // indirect github.com/pjbgf/sha1cd v0.3.0 // indirect github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect github.com/pkg/profile v1.7.0 // indirect @@ -461,10 +470,10 @@ require ( github.com/segmentio/ksuid v1.0.4 // indirect github.com/shibumi/go-pathspec v1.3.0 // indirect github.com/shopspring/decimal v1.4.0 // indirect - github.com/sigstore/fulcio v1.4.3 // indirect - github.com/sigstore/rekor v1.3.4 // indirect - github.com/sigstore/sigstore v1.8.7 // indirect - github.com/sigstore/timestamp-authority v1.2.1 // indirect + github.com/sigstore/fulcio v1.5.1 // indirect + github.com/sigstore/rekor v1.3.6 // indirect + github.com/sigstore/sigstore v1.8.9 // indirect + github.com/sigstore/timestamp-authority v1.2.2 // indirect github.com/sirupsen/logrus v1.9.3 github.com/skeema/knownhosts v1.2.2 // indirect github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966 // indirect @@ -472,7 +481,7 @@ require ( github.com/spdx/tools-golang v0.5.5 // indirect github.com/spf13/afero v1.11.0 // indirect github.com/spf13/cast v1.7.0 // indirect - github.com/spiffe/go-spiffe/v2 v2.1.7 // indirect + github.com/spiffe/go-spiffe/v2 v2.3.0 // indirect github.com/subosito/gotenv v1.6.0 // indirect github.com/sylabs/sif/v2 v2.17.1 // indirect github.com/sylabs/squashfs v1.0.0 // indirect @@ -492,7 +501,7 @@ require ( github.com/wagoodman/go-presenter v0.0.0-20211015174752-f9c01afc824b // indirect github.com/wagoodman/go-progress v0.0.0-20230925121702-07e42b3cdba0 // indirect github.com/wk8/go-ordered-map/v2 v2.1.8 // indirect - github.com/xanzy/go-gitlab v0.96.0 // indirect + github.com/xanzy/go-gitlab v0.107.0 // indirect github.com/xanzy/ssh-agent v0.3.3 // indirect github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect @@ -504,7 +513,7 @@ require ( github.com/zclconf/go-cty v1.14.0 // indirect github.com/zeebo/errs v1.3.0 // indirect github.com/zyedidia/generic v1.2.2-0.20230320175451-4410d2372cb1 // indirect - go.mongodb.org/mongo-driver v1.13.1 // indirect + go.mongodb.org/mongo-driver v1.14.0 // indirect go.opencensus.io v0.24.0 // indirect go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.52.0 // indirect go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0 // indirect @@ -513,23 +522,22 @@ require ( go.opentelemetry.io/otel/sdk v1.28.0 // indirect go.opentelemetry.io/otel/trace v1.28.0 // indirect go.starlark.net v0.0.0-20230525235612-a134d8f9ddca // indirect - go.step.sm/crypto v0.42.1 // indirect + go.step.sm/crypto v0.51.1 // indirect go.uber.org/multierr v1.11.0 // indirect - go.uber.org/zap v1.26.0 // indirect + go.uber.org/zap v1.27.0 // indirect golang.org/x/exp v0.0.0-20240112132812-db7319d0e0e3 // indirect golang.org/x/mod v0.21.0 // indirect golang.org/x/net v0.29.0 // indirect - golang.org/x/oauth2 v0.21.0 // indirect + golang.org/x/oauth2 v0.22.0 // indirect golang.org/x/sys v0.25.0 // indirect golang.org/x/text v0.18.0 // indirect - golang.org/x/time v0.5.0 // indirect - golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect + golang.org/x/time v0.6.0 // indirect golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 // indirect - google.golang.org/api v0.187.0 // indirect - google.golang.org/genproto v0.0.0-20240624140628-dc46fd24d27d // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20240624140628-dc46fd24d27d // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094 // indirect - google.golang.org/grpc v1.65.0 // indirect + google.golang.org/api v0.190.0 // indirect + google.golang.org/genproto v0.0.0-20240730163845-b1a4ccb954bf // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20240725223205-93522f1f2a9f // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240730163845-b1a4ccb954bf // indirect + google.golang.org/grpc v1.66.0 // indirect google.golang.org/protobuf v1.34.2 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/ini.v1 v1.67.0 // indirect @@ -553,6 +561,6 @@ require ( sigs.k8s.io/controller-runtime v0.18.1 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect sigs.k8s.io/kustomize/kustomize/v5 v5.4.2 // indirect - sigs.k8s.io/release-utils v0.7.7 // indirect + sigs.k8s.io/release-utils v0.8.4 // indirect sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect ) diff --git a/go.sum b/go.sum index f48474a5c1..0ab8bfe712 100644 --- a/go.sum +++ b/go.sum @@ -55,10 +55,10 @@ cloud.google.com/go/asset v1.8.0/go.mod h1:mUNGKhiqIdbr8X7KNayoYvyc4HbbFO9URsjby cloud.google.com/go/assuredworkloads v1.5.0/go.mod h1:n8HOZ6pff6re5KYfBXcFvSViQjDwxFkAkmUFffJRbbY= cloud.google.com/go/assuredworkloads v1.6.0/go.mod h1:yo2YOk37Yc89Rsd5QMVECvjaMKymF9OP+QXWlKXUkXw= cloud.google.com/go/assuredworkloads v1.7.0/go.mod h1:z/736/oNmtGAyU47reJgGN+KVoYoxeLBoj4XkKYscNI= -cloud.google.com/go/auth v0.6.1 h1:T0Zw1XM5c1GlpN2HYr2s+m3vr1p2wy+8VN+Z1FKxW38= -cloud.google.com/go/auth v0.6.1/go.mod h1:eFHG7zDzbXHKmjJddFG/rBlcGp6t25SwRUiEQSlO4x4= -cloud.google.com/go/auth/oauth2adapt v0.2.2 h1:+TTV8aXpjeChS9M+aTtN/TjdQnzJvmzKFt//oWu7HX4= -cloud.google.com/go/auth/oauth2adapt v0.2.2/go.mod h1:wcYjgpZI9+Yu7LyYBg4pqSiaRkfEK3GQcpb7C/uyF1Q= +cloud.google.com/go/auth v0.7.3 h1:98Vr+5jMaCZ5NZk6e/uBgf60phTk/XN84r8QEWB9yjY= +cloud.google.com/go/auth v0.7.3/go.mod h1:HJtWUx1P5eqjy/f6Iq5KeytNpbAcGolPhOgyop2LlzA= +cloud.google.com/go/auth/oauth2adapt v0.2.3 h1:MlxF+Pd3OmSudg/b1yZ5lJwoXCEaeedAguodky1PcKI= +cloud.google.com/go/auth/oauth2adapt v0.2.3/go.mod h1:tMQXOfZzFuNuUxOypHlQEXgdfX5cuhwU+ffUuXRJE8I= cloud.google.com/go/automl v1.5.0/go.mod h1:34EjfoFGMZ5sgJ9EoLsRtdPSNZLcfflJR39VbVNS2M0= cloud.google.com/go/automl v1.6.0/go.mod h1:ugf8a6Fx+zP0D59WLhqgTDsQI9w07o64uf/Is3Nh5p8= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= @@ -81,8 +81,8 @@ cloud.google.com/go/compute v1.6.0/go.mod h1:T29tfhtVbq1wvAPo0E3+7vhgmkOYeXjhFvz cloud.google.com/go/compute v1.6.1/go.mod h1:g85FgpzFvNULZ+S8AYq87axRKuf2Kh7deLqV/jJ3thU= cloud.google.com/go/compute v1.7.0/go.mod h1:435lt8av5oL9P3fv1OEzSbSUe+ybHXGMPQHHZWZxy9U= cloud.google.com/go/compute v1.10.0/go.mod h1:ER5CLbMxl90o2jtNbGSbtfOpQKR0t15FOtRsugnLrlU= -cloud.google.com/go/compute/metadata v0.3.0 h1:Tz+eQXMEqDIKRsmY3cHTL6FVaynIjX2QxYC4trgAKZc= -cloud.google.com/go/compute/metadata v0.3.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k= +cloud.google.com/go/compute/metadata v0.5.0 h1:Zr0eK8JbFv6+Wi4ilXAR8FJ3wyNdpxHKJNPos6LTZOY= +cloud.google.com/go/compute/metadata v0.5.0/go.mod h1:aHnloV2TPI38yx4s9+wAZhHykWvVCfu7hQbF+9CWoiY= cloud.google.com/go/containeranalysis v0.5.1/go.mod h1:1D92jd8gRR/c0fGMlymRgxWD3Qw9C1ff6/T7mLgVL8I= cloud.google.com/go/containeranalysis v0.6.0/go.mod h1:HEJoiEIu+lEXM+k7+qLCci0h33lX3ZqoYFdmPcoO7s4= cloud.google.com/go/datacatalog v1.3.0/go.mod h1:g9svFY6tuR+j+hrTw3J2dNcmI0dzmSiyOzm8kpLq0a0= @@ -121,16 +121,16 @@ cloud.google.com/go/gkehub v0.10.0/go.mod h1:UIPwxI0DsrpsVoWpLB0stwKCP+WFVG9+y97 cloud.google.com/go/grafeas v0.2.0/go.mod h1:KhxgtF2hb0P191HlY5besjYm6MqTSTj3LSI+M+ByZHc= cloud.google.com/go/iam v0.3.0/go.mod h1:XzJPvDayI+9zsASAFO68Hk07u3z+f+JrT2xXNdp4bnY= cloud.google.com/go/iam v0.5.0/go.mod h1:wPU9Vt0P4UmCux7mqtRu6jcpPAb74cP1fh50J3QpkUc= -cloud.google.com/go/iam v1.1.9 h1:oSkYLVtVme29uGYrOcKcvJRht7cHJpYD09GM9JaR0TE= -cloud.google.com/go/iam v1.1.9/go.mod h1:Nt1eDWNYH9nGQg3d/mY7U1hvfGmsaG9o/kLGoLoLXjQ= -cloud.google.com/go/kms v1.18.2 h1:EGgD0B9k9tOOkbPhYW1PHo2W0teamAUYMOUIcDRMfPk= -cloud.google.com/go/kms v1.18.2/go.mod h1:YFz1LYrnGsXARuRePL729oINmN5J/5e7nYijgvfiIeY= +cloud.google.com/go/iam v1.1.12 h1:JixGLimRrNGcxvJEQ8+clfLxPlbeZA6MuRJ+qJNQ5Xw= +cloud.google.com/go/iam v1.1.12/go.mod h1:9LDX8J7dN5YRyzVHxwQzrQs9opFFqn0Mxs9nAeB+Hhg= +cloud.google.com/go/kms v1.18.4 h1:dYN3OCsQ6wJLLtOnI8DGUwQ5shMusXsWCCC+s09ATsk= +cloud.google.com/go/kms v1.18.4/go.mod h1:SG1bgQ3UWW6/KdPo9uuJnzELXY5YTTMJtDYvajiQ22g= cloud.google.com/go/language v1.4.0/go.mod h1:F9dRpNFQmJbkaop6g0JhSBXCNlO90e1KWx5iDdxbWic= cloud.google.com/go/language v1.6.0/go.mod h1:6dJ8t3B+lUYfStgls25GusK04NLh3eDLQnWM3mdEbhI= cloud.google.com/go/lifesciences v0.5.0/go.mod h1:3oIKy8ycWGPUyZDR/8RNnTOYevhaMLqh5vLUXs9zvT8= cloud.google.com/go/lifesciences v0.6.0/go.mod h1:ddj6tSX/7BOnhxCSd3ZcETvtNr8NZ6t/iPhY2Tyfu08= -cloud.google.com/go/longrunning v0.5.7 h1:WLbHekDbjK1fVFD3ibpFFVoyizlLRl73I7YKuAKilhU= -cloud.google.com/go/longrunning v0.5.7/go.mod h1:8GClkudohy1Fxm3owmBGid8W0pSgodEMwEAztp38Xng= +cloud.google.com/go/longrunning v0.5.11 h1:Havn1kGjz3whCfoD8dxMLP73Ph5w+ODyZB9RUsDxtGk= +cloud.google.com/go/longrunning v0.5.11/go.mod h1:rDn7//lmlfWV1Dx6IB4RatCPenTwwmqXuiP0/RgoEO4= cloud.google.com/go/mediatranslation v0.5.0/go.mod h1:jGPUhGTybqsPQn91pNXw0xVHfuJ3leR1wj37oU3y1f4= cloud.google.com/go/mediatranslation v0.6.0/go.mod h1:hHdBCTYNigsBxshbznuIMFNe5QXEowAuNmmC7h8pu5w= cloud.google.com/go/memcache v1.4.0/go.mod h1:rTOfiGZtJX1AaFUrOgsMHX5kAzaTQ8azHiuDoTPzNsE= @@ -200,10 +200,10 @@ cloud.google.com/go/webrisk v1.4.0/go.mod h1:Hn8X6Zr+ziE2aNd8SliSDWpEnSS1u4R9+xX cloud.google.com/go/webrisk v1.5.0/go.mod h1:iPG6fr52Tv7sGk0H6qUFzmL3HHZev1htXuWDEEsqMTg= cloud.google.com/go/workflows v1.6.0/go.mod h1:6t9F5h/unJz41YqfBmqSASJSXccBLtD1Vwf+KmJENM0= cloud.google.com/go/workflows v1.7.0/go.mod h1:JhSrZuVZWuiDfKEFxU0/F1PQjmpnpcoISEXH2bcHC3M= -cuelabs.dev/go/oci/ociregistry v0.0.0-20231103182354-93e78c079a13 h1:zkiIe8AxZ/kDjqQN+mDKc5BxoVJOqioSdqApjc+eB1I= -cuelabs.dev/go/oci/ociregistry v0.0.0-20231103182354-93e78c079a13/go.mod h1:XGKYSMtsJWfqQYPwq51ZygxAPqpEUj/9bdg16iDPTAA= -cuelang.org/go v0.7.0 h1:gMztinxuKfJwMIxtboFsNc6s8AxwJGgsJV+3CuLffHI= -cuelang.org/go v0.7.0/go.mod h1:ix+3dM/bSpdG9xg6qpCgnJnpeLtciZu+O/rDbywoMII= +cuelabs.dev/go/oci/ociregistry v0.0.0-20240404174027-a39bec0462d2 h1:BnG6pr9TTr6CYlrJznYUDj6V7xldD1W+1iXPum0wT/w= +cuelabs.dev/go/oci/ociregistry v0.0.0-20240404174027-a39bec0462d2/go.mod h1:pK23AUVXuNzzTpfMCA06sxZGeVQ/75FdVtW249de9Uo= +cuelang.org/go v0.9.2 h1:pfNiry2PdRBr02G/aKm5k2vhzmqbAOoaB4WurmEbWvs= +cuelang.org/go v0.9.2/go.mod h1:qpAYsLOf7gTM1YdEg6cxh553uZ4q9ZDWlPbtZr9q1Wk= dario.cat/mergo v1.0.1 h1:Ra4+bf83h2ztPIQYNP99R6m+Y7KfnARDfID+a+vLl4s= dario.cat/mergo v1.0.1/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= @@ -213,22 +213,22 @@ github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 h1:bvDV9 github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24/go.mod h1:8o94RPi1/7XTJvwPpRSzSUedZrtlirdB3r9Z20bi2f8= github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20230306123547-8075edf89bb0 h1:59MxjQVfjXsBpLy+dbd2/ELV5ofnUkUZBvWSC85sheA= github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20230306123547-8075edf89bb0/go.mod h1:OahwfttHWG6eJ0clwcfBAHoDI6X/LV/15hx/wlMZSrU= -github.com/AdamKorcz/go-fuzz-headers-1 v0.0.0-20230618160516-e936619f9f18 h1:rd389Q26LMy03gG4anandGFC2LW/xvjga5GezeeaxQk= -github.com/AdamKorcz/go-fuzz-headers-1 v0.0.0-20230618160516-e936619f9f18/go.mod h1:fgJuSBrJP5qZtKqaMJE0hmhS2tmRH+44IkfZvjtaf1M= +github.com/AdamKorcz/go-fuzz-headers-1 v0.0.0-20230919221257-8b5d3ce2d11d h1:zjqpY4C7H15HjRPEenkS4SAn3Jy2eRRjkjZbGR30TOg= +github.com/AdamKorcz/go-fuzz-headers-1 v0.0.0-20230919221257-8b5d3ce2d11d/go.mod h1:XNqJ7hv2kY++g8XEHREpi+JqZo3+0l+CH2egBVN4yqM= github.com/AlecAivazis/survey/v2 v2.3.7 h1:6I/u8FvytdGsgonrYsVn2t8t4QiRnh6QSTqkkhIiSjQ= github.com/AlecAivazis/survey/v2 v2.3.7/go.mod h1:xUTIdE4KCOIjsBAE1JYsUPoCqYdZ1reCfTwbto0Fduo= github.com/AliyunContainerService/ack-ram-tool/pkg/credentials/alibabacloudsdkgo/helper v0.2.0 h1:8+4G8JaejP8Xa6W46PzJEwisNgBXMvFcz78N6zG/ARw= github.com/AliyunContainerService/ack-ram-tool/pkg/credentials/alibabacloudsdkgo/helper v0.2.0/go.mod h1:GgeIE+1be8Ivm7Sh4RgwI42aTtC9qrcj+Y9Y6CjJhJs= github.com/Azure/azure-sdk-for-go v68.0.0+incompatible h1:fcYLmCpyNYRnvJbPerq7U0hS+6+I79yEDJBqVNcqUzU= github.com/Azure/azure-sdk-for-go v68.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= -github.com/Azure/azure-sdk-for-go/sdk/azcore v1.12.0 h1:1nGuui+4POelzDwI7RG56yfQJHCnKvwfMoU7VsEp+Zg= -github.com/Azure/azure-sdk-for-go/sdk/azcore v1.12.0/go.mod h1:99EvauvlcJ1U06amZiksfYz/3aFGyIhWGHVyiZXtBAI= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.13.0 h1:GJHeeA2N7xrG3q30L2UXDyuWRzDM900/65j70wcM4Ww= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.13.0/go.mod h1:l38EPgmsp71HHLq9j7De57JcKOWPyhrsW1Awm1JS6K0= github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0 h1:tfLQ34V6F7tVSwoTf/4lH5sE0o6eCJuNDTmH09nDpbc= github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0/go.mod h1:9kIvujWAA58nmPmWB1m23fyWic1kYZMxD9CxaWn4Qpg= -github.com/Azure/azure-sdk-for-go/sdk/internal v1.9.0 h1:H+U3Gk9zY56G3u872L82bk4thcsy2Gghb9ExT4Zvm1o= -github.com/Azure/azure-sdk-for-go/sdk/internal v1.9.0/go.mod h1:mgrmMSgaLp9hmax62XQTd0N4aAqSE5E0DulSpVYK7vc= -github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.0.1 h1:MyVTgWR8qd/Jw1Le0NZebGBUCLbtak3bJ3z1OlqZBpw= -github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.0.1/go.mod h1:GpPjLhVR9dnUoJMyHWSPy71xY9/lcmpzIPZXmF0FCVY= +github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 h1:ywEEhmNahHBihViHepv3xPBn1663uRv2t2q/ESv9seY= +github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0/go.mod h1:iZDifYGJTIgIIkYRNWPENUnqx6bJ2xnSDFI2tjwZNuY= +github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.1.0 h1:DRiANoJTiW6obBQe3SqZizkuV1PEgfiiGivmVocDy64= +github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.1.0/go.mod h1:qLIye2hwb/ZouqhpSD9Zn3SJipvpEnz1Ywl3VUk9Y0s= github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.0.0 h1:D3occbWoio4EBLkbkevetNMAVX197GkzbUMtqjGWn80= github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.0.0/go.mod h1:bTSOgj05NGRuHHhQwAdPnYr9TOdNmKlZTgGLL6nyAdI= github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 h1:L/gRVlceqvL25UVaW/CKtUDjefjrs0SPonmDGUVOYP0= @@ -292,10 +292,10 @@ github.com/Masterminds/sprig/v3 v3.3.0/go.mod h1:Zy1iXRYNqNLUolqCpL4uhk6SHUMAOSC github.com/Masterminds/squirrel v1.5.4 h1:uUcX/aBc8O7Fg9kaISIUsHXdKuqehiXAMQTYX8afzqM= github.com/Masterminds/squirrel v1.5.4/go.mod h1:NNaOrjSoIDfDA40n7sr2tPNZRfjzjA400rg+riTZj10= github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY= -github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow= -github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM= -github.com/Microsoft/hcsshim v0.11.4 h1:68vKo2VN8DE9AdN4tnkWnmdhqdbpUFM8OF3Airm7fz8= -github.com/Microsoft/hcsshim v0.11.4/go.mod h1:smjE4dvqPX9Zldna+t5FG3rnoHhaB7QYxPRqGcpAD9w= +github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY= +github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU= +github.com/Microsoft/hcsshim v0.11.7 h1:vl/nj3Bar/CvJSYo7gIQPyRWc9f3c6IeSNavBTSZNZQ= +github.com/Microsoft/hcsshim v0.11.7/go.mod h1:MV8xMfmECjl5HdO7U/3/hFVnkmSBjAjmA09d4bExKcU= github.com/Netflix/go-expect v0.0.0-20220104043353-73e0943537d2 h1:+vx7roKuyA63nhn5WAunQHLTznkw5W8b1Xc0dNjp83s= github.com/Netflix/go-expect v0.0.0-20220104043353-73e0943537d2/go.mod h1:HBCaDeC1lPdgDeDbhX8XFpy1jqjK0IBG8W5K+xYqA0w= github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= @@ -397,8 +397,8 @@ github.com/anchore/syft v1.12.2 h1:K5YXJ2Ox4C3+Q+rA4jDpsLAoYNd27RMfinvY2JmbEiM= github.com/anchore/syft v1.12.2/go.mod h1:xFMGMFmhWTK0CJvaKwz6OPVgRdcyCkl7QO/3O/JAXI0= github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8= github.com/andybalholm/brotli v1.0.1/go.mod h1:loMXtMfwqflxFJPmdbJO0a3KNoPuLBgiu3qAvBg8x/Y= -github.com/andybalholm/brotli v1.0.6 h1:Yf9fFpf49Zrxb9NlQaluyE92/+X7UVHlhMNJN2sxfOI= -github.com/andybalholm/brotli v1.0.6/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig= +github.com/andybalholm/brotli v1.1.0 h1:eLKJA0d02Lf0mVpIDgYnqXcUn0GqVmEFny3VuID1U3M= +github.com/andybalholm/brotli v1.1.0/go.mod h1:sms7XGricyQI9K10gOSf56VKKWS4oLer58Q+mhRPtnY= github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8= github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4= github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= @@ -425,44 +425,44 @@ github.com/atotto/clipboard v0.1.4/go.mod h1:ZY9tmq7sm5xIbd9bOK4onWV4S6X0u6GY7Vn github.com/avast/retry-go/v4 v4.6.0 h1:K9xNA+KeB8HHc2aWFuLb25Offp+0iVRXEvFx8IinRJA= github.com/avast/retry-go/v4 v4.6.0/go.mod h1:gvWlPhBVsvBbLkVGDg/KwvBv0bEkCOLRRSHKIr2PyOE= github.com/aws/aws-sdk-go v1.44.122/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo= -github.com/aws/aws-sdk-go v1.54.9 h1:e0Czh9AhrCVPuyaIUnibYmih3cYexJKlqlHSJ2eMKbI= -github.com/aws/aws-sdk-go v1.54.9/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU= +github.com/aws/aws-sdk-go v1.55.5 h1:KKUZBfBoyqy5d3swXyiC7Q76ic40rYcbqH7qjh59kzU= +github.com/aws/aws-sdk-go v1.55.5/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU= github.com/aws/aws-sdk-go-v2 v1.21.2/go.mod h1:ErQhvNuEMhJjweavOYhxVkn2RUx7kQXVATHrjKtxIpM= -github.com/aws/aws-sdk-go-v2 v1.27.2 h1:pLsTXqX93rimAOZG2FIYraDQstZaaGVVN4tNw65v0h8= -github.com/aws/aws-sdk-go-v2 v1.27.2/go.mod h1:ffIFB97e2yNsv4aTSGkqtHnppsIJzw7G7BReUZ3jCXM= -github.com/aws/aws-sdk-go-v2/config v1.27.18 h1:wFvAnwOKKe7QAyIxziwSKjmer9JBMH1vzIL6W+fYuKk= -github.com/aws/aws-sdk-go-v2/config v1.27.18/go.mod h1:0xz6cgdX55+kmppvPm2IaKzIXOheGJhAufacPJaXZ7c= -github.com/aws/aws-sdk-go-v2/credentials v1.17.18 h1:D/ALDWqK4JdY3OFgA2thcPO1c9aYTT5STS/CvnkqY1c= -github.com/aws/aws-sdk-go-v2/credentials v1.17.18/go.mod h1:JuitCWq+F5QGUrmMPsk945rop6bB57jdscu+Glozdnc= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.5 h1:dDgptDO9dxeFkXy+tEgVkzSClHZje/6JkPW5aZyEvrQ= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.5/go.mod h1:gjvE2KBUgUQhcv89jqxrIxH9GaKs1JbZzWejj/DaHGA= +github.com/aws/aws-sdk-go-v2 v1.30.3 h1:jUeBtG0Ih+ZIFH0F4UkmL9w3cSpaMv9tYYDbzILP8dY= +github.com/aws/aws-sdk-go-v2 v1.30.3/go.mod h1:nIQjQVp5sfpQcTc9mPSr1B0PaWK5ByX9MOoDadSN4lc= +github.com/aws/aws-sdk-go-v2/config v1.27.27 h1:HdqgGt1OAP0HkEDDShEl0oSYa9ZZBSOmKpdpsDMdO90= +github.com/aws/aws-sdk-go-v2/config v1.27.27/go.mod h1:MVYamCg76dFNINkZFu4n4RjDixhVr51HLj4ErWzrVwg= +github.com/aws/aws-sdk-go-v2/credentials v1.17.27 h1:2raNba6gr2IfA0eqqiP2XiQ0UVOpGPgDSi0I9iAP+UI= +github.com/aws/aws-sdk-go-v2/credentials v1.17.27/go.mod h1:gniiwbGahQByxan6YjQUMcW4Aov6bLC3m+evgcoN4r4= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.11 h1:KreluoV8FZDEtI6Co2xuNk/UqI9iwMrOx/87PBNIKqw= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.11/go.mod h1:SeSUYBLsMYFoRvHE0Tjvn7kbxaUhl75CJi1sbfhMxkU= github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.43/go.mod h1:auo+PiyLl0n1l8A0e8RIeR8tOzYPfZZH/JNlrJ8igTQ= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.9 h1:cy8ahBJuhtM8GTTSyOkfy6WVPV1IE+SS5/wfXUYuulw= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.9/go.mod h1:CZBXGLaJnEZI6EVNcPd7a6B5IC5cA/GkRWtu9fp3S6Y= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.15 h1:SoNJ4RlFEQEbtDcCEt+QG56MY4fm4W8rYirAmq+/DdU= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.15/go.mod h1:U9ke74k1n2bf+RIgoX1SXFed1HLs51OgUSs+Ph0KJP8= github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.37/go.mod h1:Qe+2KtKml+FEsQF/DHmDV+xjtche/hwoF75EG4UlHW8= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.9 h1:A4SYk07ef04+vxZToz9LWvAXl9LW0NClpPpMsi31cz0= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.9/go.mod h1:5jJcHuwDagxN+ErjQ3PU3ocf6Ylc/p9x+BLO/+X4iXw= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.15 h1:C6WHdGnTDIYETAm5iErQUiVNsclNx9qbJVPIt03B6bI= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.15/go.mod h1:ZQLZqhcu+JhSrA9/NXRm8SkDvsycE+JkV3WGY41e+IM= github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 h1:hT8rVHwugYE2lEfdFE0QWVo81lF7jMrYJVDWI+f+VxU= github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0/go.mod h1:8tu/lYfQfFe6IGnaOdrpVgEL2IrrDOf6/m9RQum4NkY= github.com/aws/aws-sdk-go-v2/service/ecr v1.20.2 h1:y6LX9GUoEA3mO0qpFl1ZQHj1rFyPWVphlzebiSt2tKE= github.com/aws/aws-sdk-go-v2/service/ecr v1.20.2/go.mod h1:Q0LcmaN/Qr8+4aSBrdrXXePqoX0eOuYpJLbYpilmWnA= github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.18.2 h1:PpbXaecV3sLAS6rjQiaKw4/jyq3Z8gNzmoJupHAoBp0= github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.18.2/go.mod h1:fUHpGXr4DrXkEDpGAjClPsviWf+Bszeb0daKE0blxv8= -github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2 h1:Ji0DY1xUsUr3I8cHps0G+XM3WWU16lP6yG8qu1GAZAs= -github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2/go.mod h1:5CsjAbs3NlGQyZNFACh+zztPDI7fU6eW9QsxjfnuBKg= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.11 h1:o4T+fKxA3gTMcluBNZZXE9DNaMkJuUL1O3mffCUjoJo= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.11/go.mod h1:84oZdJ+VjuJKs9v1UTC9NaodRZRseOXCTgku+vQJWR8= -github.com/aws/aws-sdk-go-v2/service/kms v1.27.9 h1:W9PbZAZAEcelhhjb7KuwUtf+Lbc+i7ByYJRuWLlnxyQ= -github.com/aws/aws-sdk-go-v2/service/kms v1.27.9/go.mod h1:2tFmR7fQnOdQlM2ZCEPpFnBIQD1U8wmXmduBgZbOag0= -github.com/aws/aws-sdk-go-v2/service/sso v1.20.11 h1:gEYM2GSpr4YNWc6hCd5nod4+d4kd9vWIAWrmGuLdlMw= -github.com/aws/aws-sdk-go-v2/service/sso v1.20.11/go.mod h1:gVvwPdPNYehHSP9Rs7q27U1EU+3Or2ZpXvzAYJNh63w= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.24.5 h1:iXjh3uaH3vsVcnyZX7MqCoCfcyxIrVE9iOQruRaWPrQ= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.24.5/go.mod h1:5ZXesEuy/QcO0WUnt+4sDkxhdXRHTu2yG0uCSH8B6os= -github.com/aws/aws-sdk-go-v2/service/sts v1.28.12 h1:M/1u4HBpwLuMtjlxuI2y6HoVLzF5e2mfxHCg7ZVMYmk= -github.com/aws/aws-sdk-go-v2/service/sts v1.28.12/go.mod h1:kcfd+eTdEi/40FIbLq4Hif3XMXnl5b/+t/KTfLt9xIk= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.3 h1:dT3MqvGhSoaIhRseqw2I0yH81l7wiR2vjs57O51EAm8= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.3/go.mod h1:GlAeCkHwugxdHaueRr4nhPuY+WW+gR8UjlcqzPr1SPI= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.17 h1:HGErhhrxZlQ044RiM+WdoZxp0p+EGM62y3L6pwA4olE= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.17/go.mod h1:RkZEx4l0EHYDJpWppMJ3nD9wZJAa8/0lq9aVC+r2UII= +github.com/aws/aws-sdk-go-v2/service/kms v1.35.3 h1:UPTdlTOwWUX49fVi7cymEN6hDqCwe3LNv1vi7TXUutk= +github.com/aws/aws-sdk-go-v2/service/kms v1.35.3/go.mod h1:gjDP16zn+WWalyaUqwCCioQ8gU8lzttCCc9jYsiQI/8= +github.com/aws/aws-sdk-go-v2/service/sso v1.22.4 h1:BXx0ZIxvrJdSgSvKTZ+yRBeSqqgPM89VPlulEcl37tM= +github.com/aws/aws-sdk-go-v2/service/sso v1.22.4/go.mod h1:ooyCOXjvJEsUw7x+ZDHeISPMhtwI3ZCB7ggFMcFfWLU= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.4 h1:yiwVzJW2ZxZTurVbYWA7QOrAaCYQR72t0wrSBfoesUE= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.4/go.mod h1:0oxfLkpz3rQ/CHlx5hB7H69YUpFiI1tql6Q6Ne+1bCw= +github.com/aws/aws-sdk-go-v2/service/sts v1.30.3 h1:ZsDKRLXGWHk8WdtyYMoGNO7bTudrvuKpDKgMVRlepGE= +github.com/aws/aws-sdk-go-v2/service/sts v1.30.3/go.mod h1:zwySh8fpFyXp9yOr/KVzxOl8SRqgf/IDw5aUt9UKFcQ= github.com/aws/smithy-go v1.15.0/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA= -github.com/aws/smithy-go v1.20.2 h1:tbp628ireGtzcHDDmLT/6ADHidqnwgF57XOXZe6tp4Q= -github.com/aws/smithy-go v1.20.2/go.mod h1:krry+ya/rV9RDcV/Q16kpu6ypI4K2czasz0NC3qS14E= +github.com/aws/smithy-go v1.20.3 h1:ryHwveWzPV5BIof6fyDvor6V3iUL7nTfiTKXHiW05nE= +github.com/aws/smithy-go v1.20.3/go.mod h1:krry+ya/rV9RDcV/Q16kpu6ypI4K2czasz0NC3qS14E= github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20231024185945-8841054dbdb8 h1:SoFYaT9UyGkR0+nogNyD/Lj+bsixB+SNuAS4ABlEs6M= github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20231024185945-8841054dbdb8/go.mod h1:2JF49jcDOrLStIXN/j/K1EKRq8a8R2qRnlZA6/o/c7c= github.com/aymanbagabas/go-osc52/v2 v2.0.1 h1:HwpRHbFMcZLEVr42D4p7XBqjyuxQH5SMiErDT4WkJ2k= @@ -498,12 +498,14 @@ github.com/bsm/gomega v1.27.10 h1:yeMWxP2pV2fG3FgAODIY8EiRE3dy0aeFYt4l7wh6yKA= github.com/bsm/gomega v1.27.10/go.mod h1:JyEr/xRbxbtgWNi8tIEVPUYZ5Dzef52k01W3YH0H+O0= github.com/buger/jsonparser v1.1.1 h1:2PnMjfWD7wBILjqQbt530v576A/cAbQvEW9gGIpYMUs= github.com/buger/jsonparser v1.1.1/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx27UK13J/0= -github.com/buildkite/agent/v3 v3.62.0 h1:yvzSjI8Lgifw883I8m9u8/L/Thxt4cLFd5aWPn3gg70= -github.com/buildkite/agent/v3 v3.62.0/go.mod h1:jN6SokGXrVNNIpI0BGQ+j5aWeI3gin8F+3zwA5Q6gqM= -github.com/buildkite/go-pipeline v0.3.2 h1:SW4EaXNwfjow7xDRPGgX0Rcx+dPj5C1kV9LKCLjWGtM= -github.com/buildkite/go-pipeline v0.3.2/go.mod h1:iY5jzs3Afc8yHg6KDUcu3EJVkfaUkd9x/v/OH98qyUA= -github.com/buildkite/interpolate v0.0.0-20200526001904-07f35b4ae251 h1:k6UDF1uPYOs0iy1HPeotNa155qXRWrzKnqAaGXHLZCE= -github.com/buildkite/interpolate v0.0.0-20200526001904-07f35b4ae251/go.mod h1:gbPR1gPu9dB96mucYIR7T3B7p/78hRVSOuzIWLHK2Y4= +github.com/buildkite/agent/v3 v3.76.2 h1:SweFq3e0N20RikWsVeOXzTjfr0AoOskxm9c0bcNyI0E= +github.com/buildkite/agent/v3 v3.76.2/go.mod h1:9ffbmJD7d7C/nOcElj6Qm+uIj1QoYh3NNvka4rkKkss= +github.com/buildkite/go-pipeline v0.10.0 h1:EDffu+LfMY2k5u+iEdo6Jn3obGKsrL5wicc1O/yFeRs= +github.com/buildkite/go-pipeline v0.10.0/go.mod h1:eMH1kiav5VeiTiu0Mk2/M7nZhKyFeL4iGj7Y7rj4f3w= +github.com/buildkite/interpolate v0.1.3 h1:OFEhqji1rNTRg0u9DsSodg63sjJQEb1uWbENq9fUOBM= +github.com/buildkite/interpolate v0.1.3/go.mod h1:UNVe6A+UfiBNKbhAySrBbZFZFxQ+DXr9nWen6WVt/A8= +github.com/buildkite/roko v1.2.0 h1:hbNURz//dQqNl6Eo9awjQOVOZwSDJ8VEbBDxSfT9rGQ= +github.com/buildkite/roko v1.2.0/go.mod h1:23R9e6nHxgedznkwwfmqZ6+0VJZJZ2Sg/uVcp2cP46I= github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= github.com/bytecodealliance/wasmtime-go/v3 v3.0.2 h1:3uZCA/BLTIu+DqCfguByNMJa2HVHpXvjfy0Dy7g6fuA= github.com/bytecodealliance/wasmtime-go/v3 v3.0.2/go.mod h1:RnUjnIXxEJcL6BgCvNyzCCRzZcxCgsZCi+RNlvYor5Q= @@ -570,18 +572,24 @@ github.com/containerd/cgroups v1.1.0/go.mod h1:6ppBcbh/NOOUU+dMKrykgaBnK9lCIBxHq github.com/containerd/console v1.0.3/go.mod h1:7LqA/THxQ86k76b8c/EMSiaJ3h1eZkMkXar0TQ1gf3U= github.com/containerd/console v1.0.4-0.20230313162750-1ae8d489ac81 h1:q2hJAaP1k2wIvVRd/hEHD7lacgqrCPS+k8g1MndzfWY= github.com/containerd/console v1.0.4-0.20230313162750-1ae8d489ac81/go.mod h1:YynlIjWYF8myEu6sdkwKIvGQq+cOckRm6So2avqoYAk= -github.com/containerd/containerd v1.7.12 h1:+KQsnv4VnzyxWcfO9mlxxELaoztsDEjOuCMPAuPqgU0= -github.com/containerd/containerd v1.7.12/go.mod h1:/5OMpE1p0ylxtEUGY8kuCYkDRzJm9NO1TFMWjUpdevk= +github.com/containerd/containerd v1.7.21 h1:USGXRK1eOC/SX0L195YgxTHb0a00anxajOzgfN0qrCA= +github.com/containerd/containerd v1.7.21/go.mod h1:e3Jz1rYRUZ2Lt51YrH9Rz0zPyJBOlSvB3ghr2jbVD8g= +github.com/containerd/containerd/api v1.7.19 h1:VWbJL+8Ap4Ju2mx9c9qS1uFSB1OVYr5JJrW2yT5vFoA= +github.com/containerd/containerd/api v1.7.19/go.mod h1:fwGavl3LNwAV5ilJ0sbrABL44AQxmNjDRcwheXDb6Ig= github.com/containerd/continuity v0.4.2 h1:v3y/4Yz5jwnvqPKJJ+7Wf93fyWoCB3F5EclWG023MDM= github.com/containerd/continuity v0.4.2/go.mod h1:F6PTNCKepoxEaXLQp3wDAjygEnImnZ/7o4JzpodfroQ= +github.com/containerd/errdefs v0.1.0 h1:m0wCRBiu1WJT/Fr+iOoQHMQS/eP5myQ8lCv4Dz5ZURM= +github.com/containerd/errdefs v0.1.0/go.mod h1:YgWiiHtLmSeBrvpw+UfPijzbLaB77mEG1WwJTDETIV0= github.com/containerd/fifo v1.1.0 h1:4I2mbh5stb1u6ycIABlBw9zgtlK8viPI9QkQNRQEEmY= github.com/containerd/fifo v1.1.0/go.mod h1:bmC4NWMbXlt2EZ0Hc7Fx7QzTFxgPID13eH0Qu+MAb2o= github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I= github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo= +github.com/containerd/platforms v0.2.1 h1:zvwtM3rz2YHPQsF2CHYM8+KtB5dvhISiXh5ZpSBQv6A= +github.com/containerd/platforms v0.2.1/go.mod h1:XHCb+2/hzowdiut9rkudds9bE5yJ7npe7dG/wG+uFPw= github.com/containerd/stargz-snapshotter/estargz v0.14.3 h1:OqlDCK3ZVUO6C3B/5FSkDwbkEETK84kQgEeFwDC+62k= github.com/containerd/stargz-snapshotter/estargz v0.14.3/go.mod h1:KY//uOCIkSuNAHhJogcZtrNHdKrA99/FCCRjE3HD36o= -github.com/containerd/ttrpc v1.2.2 h1:9vqZr0pxwOF5koz6N0N3kJ0zDHokrcPxIR/ZR2YFtOs= -github.com/containerd/ttrpc v1.2.2/go.mod h1:sIT6l32Ph/H9cvnJsfXM5drIVzTr5A2flTf1G5tYZak= +github.com/containerd/ttrpc v1.2.5 h1:IFckT1EFQoFBMG4c3sMdT8EP3/aKfumK1msY+Ze4oLU= +github.com/containerd/ttrpc v1.2.5/go.mod h1:YCXHsb32f+Sq5/72xHubdiJRQY9inL4a4ZQrAbN1q9o= github.com/containerd/typeurl/v2 v2.1.1 h1:3Q4Pt7i8nYwy2KmQWIw2+1hTvwTE/6w9FqcttATPO/4= github.com/containerd/typeurl/v2 v2.1.1/go.mod h1:IDp2JFvbwZ31H8dQbEIY7sDl2L3o3HZj1hsSQlywkQ0= github.com/coreos/go-oidc/v3 v3.11.0 h1:Ia3MxdwpSw702YW0xgfmP1GVCMA9aEFWu12XUZ3/OtI= @@ -595,8 +603,8 @@ github.com/cpuguy83/go-md2man/v2 v2.0.1/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46t github.com/cpuguy83/go-md2man/v2 v2.0.4 h1:wfIWP927BUkWJb2NmU/kNDYIBTh/ziUX91+lVfRxZq4= github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/creack/pty v1.1.17/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4= -github.com/creack/pty v1.1.21 h1:1/QdRyBaHHJP61QkWMXlOIBfsgdDeeKfK8SYVUWJKf0= -github.com/creack/pty v1.1.21/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4= +github.com/creack/pty v1.1.19 h1:tUN6H7LWqNx4hQVxomd0CVsDwaDr9gaRQaI4GpSmrsA= +github.com/creack/pty v1.1.19/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4= github.com/cyberphone/json-canonicalization v0.0.0-20231011164504-785e29786b46 h1:2Dx4IHfC1yHWI12AxQDJM1QbRCDfk6M+blLzlZCXdrc= github.com/cyberphone/json-canonicalization v0.0.0-20231011164504-785e29786b46/go.mod h1:uzvlm1mxhHkdfqitSA92i7Se+S9ksOn3a3qmv/kyOCw= github.com/cyphar/filepath-securejoin v0.2.4 h1:Ugdm7cg7i6ZK6x3xDF1oEu1nfkyfH53EtKeQYTC3kyg= @@ -739,8 +747,8 @@ github.com/fluxcd/source-controller/api v1.3.0 h1:Z5Lq0aJY87yg0cQDEuwGLKS60GhdEr github.com/fluxcd/source-controller/api v1.3.0/go.mod h1:+tfd0vltjcVs/bbnq9AlYR9AAHSVfM/Z4v4TpQmdJf4= github.com/fortytw2/leaktest v1.3.0 h1:u8491cBMTQ8ft8aeV+adlcytMZylmA5nnwwkRZjI8vw= github.com/fortytw2/leaktest v1.3.0/go.mod h1:jDsjWgpAGjm2CA7WthBh/CdZYEPF31XHquHwclZch5g= -github.com/foxcpp/go-mockdns v1.0.0 h1:7jBqxd3WDWwi/6WhDvacvH1XsN3rOLXyHM1uhvIx6FI= -github.com/foxcpp/go-mockdns v1.0.0/go.mod h1:lgRN6+KxQBawyIghpnl5CezHFGS9VLzvtVlwxvzXTQ4= +github.com/foxcpp/go-mockdns v1.1.0 h1:jI0rD8M0wuYAxL7r/ynTrCQQq0BVqfB99Vgk7DlmewI= +github.com/foxcpp/go-mockdns v1.1.0/go.mod h1:IhLeSFGed3mJIAXPH2aiRQB+kqz7oqu8ld2qVbOu7Wk= github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8= github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= @@ -806,43 +814,43 @@ github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ= github.com/go-logr/zapr v1.3.0/go.mod h1:YKepepNBd1u/oyhd/yQmtjVXmm9uML4IXUgMOwR8/Gg= -github.com/go-openapi/analysis v0.22.0 h1:wQ/d07nf78HNj4u+KiSY0sT234IAyePPbMgpUjUJQR0= -github.com/go-openapi/analysis v0.22.0/go.mod h1:acDnkkCI2QxIo8sSIPgmp1wUlRohV7vfGtAIVae73b0= -github.com/go-openapi/errors v0.21.0 h1:FhChC/duCnfoLj1gZ0BgaBmzhJC2SL/sJr8a2vAobSY= -github.com/go-openapi/errors v0.21.0/go.mod h1:jxNTMUxRCKj65yb/okJGEtahVd7uvWnuWfj53bse4ho= -github.com/go-openapi/jsonpointer v0.20.2 h1:mQc3nmndL8ZBzStEo3JYF8wzmeWffDH4VbXz58sAx6Q= -github.com/go-openapi/jsonpointer v0.20.2/go.mod h1:bHen+N0u1KEO3YlmqOjTT9Adn1RfD91Ar825/PuiRVs= -github.com/go-openapi/jsonreference v0.20.4 h1:bKlDxQxQJgwpUSgOENiMPzCTBVuc7vTdXSSgNeAhojU= -github.com/go-openapi/jsonreference v0.20.4/go.mod h1:5pZJyJP2MnYCpoeoMAql78cCHauHj0V9Lhc506VOpw4= -github.com/go-openapi/loads v0.21.5 h1:jDzF4dSoHw6ZFADCGltDb2lE4F6De7aWSpe+IcsRzT0= -github.com/go-openapi/loads v0.21.5/go.mod h1:PxTsnFBoBe+z89riT+wYt3prmSBP6GDAQh2l9H1Flz8= -github.com/go-openapi/runtime v0.27.1 h1:ae53yaOoh+fx/X5Eaq8cRmavHgDma65XPZuvBqvJYto= -github.com/go-openapi/runtime v0.27.1/go.mod h1:fijeJEiEclyS8BRurYE1DE5TLb9/KZl6eAdbzjsrlLU= -github.com/go-openapi/spec v0.20.13 h1:XJDIN+dLH6vqXgafnl5SUIMnzaChQ6QTo0/UPMbkIaE= -github.com/go-openapi/spec v0.20.13/go.mod h1:8EOhTpBoFiask8rrgwbLC3zmJfz4zsCUueRuPM6GNkw= -github.com/go-openapi/strfmt v0.22.0 h1:Ew9PnEYc246TwrEspvBdDHS4BVKXy/AOVsfqGDgAcaI= -github.com/go-openapi/strfmt v0.22.0/go.mod h1:HzJ9kokGIju3/K6ap8jL+OlGAbjpSv27135Yr9OivU4= -github.com/go-openapi/swag v0.22.9 h1:XX2DssF+mQKM2DHsbgZK74y/zj4mo9I99+89xUmuZCE= -github.com/go-openapi/swag v0.22.9/go.mod h1:3/OXnFfnMAwBD099SwYRk7GD3xOrr1iL7d/XNLXVVwE= -github.com/go-openapi/validate v0.22.4 h1:5v3jmMyIPKTR8Lv9syBAIRxG6lY0RqeBPB1LKEijzk8= -github.com/go-openapi/validate v0.22.4/go.mod h1:qm6O8ZIcPVdSY5219468Jv7kBdGvkiZLPOmqnqTUZ2A= +github.com/go-openapi/analysis v0.23.0 h1:aGday7OWupfMs+LbmLZG4k0MYXIANxcuBTYUC03zFCU= +github.com/go-openapi/analysis v0.23.0/go.mod h1:9mz9ZWaSlV8TvjQHLl2mUW2PbZtemkE8yA5v22ohupo= +github.com/go-openapi/errors v0.22.0 h1:c4xY/OLxUBSTiepAg3j/MHuAv5mJhnf53LLMWFB+u/w= +github.com/go-openapi/errors v0.22.0/go.mod h1:J3DmZScxCDufmIMsdOuDHxJbdOGC0xtUynjIx092vXE= +github.com/go-openapi/jsonpointer v0.21.0 h1:YgdVicSA9vH5RiHs9TZW5oyafXZFc6+2Vc1rr/O9oNQ= +github.com/go-openapi/jsonpointer v0.21.0/go.mod h1:IUyH9l/+uyhIYQ/PXVA41Rexl+kOkAPDdXEYns6fzUY= +github.com/go-openapi/jsonreference v0.21.0 h1:Rs+Y7hSXT83Jacb7kFyjn4ijOuVGSvOdF2+tg1TRrwQ= +github.com/go-openapi/jsonreference v0.21.0/go.mod h1:LmZmgsrTkVg9LG4EaHeY8cBDslNPMo06cago5JNLkm4= +github.com/go-openapi/loads v0.22.0 h1:ECPGd4jX1U6NApCGG1We+uEozOAvXvJSF4nnwHZ8Aco= +github.com/go-openapi/loads v0.22.0/go.mod h1:yLsaTCS92mnSAZX5WWoxszLj0u+Ojl+Zs5Stn1oF+rs= +github.com/go-openapi/runtime v0.28.0 h1:gpPPmWSNGo214l6n8hzdXYhPuJcGtziTOgUpvsFWGIQ= +github.com/go-openapi/runtime v0.28.0/go.mod h1:QN7OzcS+XuYmkQLw05akXk0jRH/eZ3kb18+1KwW9gyc= +github.com/go-openapi/spec v0.21.0 h1:LTVzPc3p/RzRnkQqLRndbAzjY0d0BCL72A6j3CdL9ZY= +github.com/go-openapi/spec v0.21.0/go.mod h1:78u6VdPw81XU44qEWGhtr982gJ5BWg2c0I5XwVMotYk= +github.com/go-openapi/strfmt v0.23.0 h1:nlUS6BCqcnAk0pyhi9Y+kdDVZdZMHfEKQiS4HaMgO/c= +github.com/go-openapi/strfmt v0.23.0/go.mod h1:NrtIpfKtWIygRkKVsxh7XQMDQW5HKQl6S5ik2elW+K4= +github.com/go-openapi/swag v0.23.0 h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+GrE= +github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ= +github.com/go-openapi/validate v0.24.0 h1:LdfDKwNbpB6Vn40xhTdNZAnfLECL81w+VX3BumrGD58= +github.com/go-openapi/validate v0.24.0/go.mod h1:iyeX1sEufmv3nPbBdX3ieNviWnOZaJ1+zquzJEf2BAQ= github.com/go-piv/piv-go v1.11.0 h1:5vAaCdRTFSIW4PeqMbnsDlUZ7odMYWnHBDGdmtU/Zhg= github.com/go-piv/piv-go v1.11.0/go.mod h1:NZ2zmjVkfFaL/CF8cVQ/pXdXtuj110zEKGdJM6fJZZM= github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA= github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY= github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY= github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY= -github.com/go-playground/validator/v10 v10.16.0 h1:x+plE831WK4vaKHO/jpgUGsvLKIqRRkz6M78GuJAfGE= -github.com/go-playground/validator/v10 v10.16.0/go.mod h1:9iXMNT7sEkjXb0I+enO7QXmzG6QCsPWY4zveKFVRSyU= +github.com/go-playground/validator/v10 v10.18.0 h1:BvolUXjp4zuvkZ5YN5t7ebzbhlUtPsPm2S9NAZ5nl9U= +github.com/go-playground/validator/v10 v10.18.0/go.mod h1:dbuPbCMFw/DrkbEynArYaCwl3amGuJotoKCe95atGMM= github.com/go-quicktest/qt v1.101.0 h1:O1K29Txy5P2OK0dGo59b7b0LR6wKfIhttaAhHUyn7eI= github.com/go-quicktest/qt v1.101.0/go.mod h1:14Bz/f7NwaXPtdYEgzsx46kqSxVwTbzVZsDC26tQJow= github.com/go-restruct/restruct v1.2.0-alpha h1:2Lp474S/9660+SJjpVxoKuWX09JsXHSrdV7Nv3/gkvc= github.com/go-restruct/restruct v1.2.0-alpha/go.mod h1:KqrpKpn4M8OLznErihXTGLlsXFGeLxHUrLRRI/1YjGk= -github.com/go-rod/rod v0.116.1 h1:BDMZY3qm/14SmvHBV7DoFUhXeJ2MbUYgumQ88b+v2WE= -github.com/go-rod/rod v0.116.1/go.mod h1:3Ash9fYwznqz9S1uLQgQRStur4fCXjoxxGW+ym6TYjU= +github.com/go-rod/rod v0.116.2 h1:A5t2Ky2A+5eD/ZJQr1EfsQSe5rms5Xof/qj296e+ZqA= +github.com/go-rod/rod v0.116.2/go.mod h1:H+CMO9SCNc2TJ2WfrG+pKhITz57uGNYU43qYHh438Mg= github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg= -github.com/go-sql-driver/mysql v1.7.1 h1:lUIinVbN1DY0xBg0eMOzmmtGoHwWBbvnWubQUrtU8EI= -github.com/go-sql-driver/mysql v1.7.1/go.mod h1:OXbVy3sEdcQ2Doequ6Z5BW6fXNQTmx+9S1MCJN5yJMI= +github.com/go-sql-driver/mysql v1.8.1 h1:LedoTUt/eveggdHS9qUFC1EFSa8bU2+1pZjSRpvNJ1Y= +github.com/go-sql-driver/mysql v1.8.1/go.mod h1:wEBSXgmK//2ZFJyE+qWnIsVGmvmEKlqwuVSjsCm7DZg= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE= github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI= @@ -865,8 +873,8 @@ github.com/goccy/go-yaml v1.12.0/go.mod h1:wKnAMd44+9JAAnGQpWVEgBzGt3YuTaQ4uXoHv github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/godbus/dbus/v5 v5.1.0 h1:4KLkAxT3aOY8Li4FRJe/KvhoNFFxo0m6fNuFUO8QJUk= github.com/godbus/dbus/v5 v5.1.0/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= -github.com/gofrs/flock v0.8.1 h1:+gYjHKf32LDeiEEFhQaotPbLuUXjY5ZqxKgXy7n59aw= -github.com/gofrs/flock v0.8.1/go.mod h1:F1TvTiK9OcQqauNUHlbJvyl9Qa1QvF/gOUDKA14jxHU= +github.com/gofrs/flock v0.12.1 h1:MTLVXXHf8ekldpJk3AKicLij9MdwOWkZ+a/jHHZby9E= +github.com/gofrs/flock v0.12.1/go.mod h1:9zxTsyu5xtJ9DK+1tFZyibEV7y3uwDxPPfbxeeHCoD0= github.com/gofrs/uuid v4.2.0+incompatible h1:yyYWMnhkhrKwwr8gAOcOCYxOOscHgDS9yZgBrnJfGa0= github.com/gofrs/uuid v4.2.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM= github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= @@ -914,7 +922,6 @@ github.com/golang/protobuf v1.5.1/go.mod h1:DopwsBzvsk0Fs44TXzsVbJyPhcCPeIwnvohx github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= -github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/golang/snappy v0.0.2/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM= @@ -928,8 +935,8 @@ github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Z github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.1.2 h1:xf4v41cLI2Z6FxbKm+8Bu+m8ifhj15JuZ9sa0jZCMUU= github.com/google/btree v1.1.2/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4= -github.com/google/certificate-transparency-go v1.1.7 h1:IASD+NtgSTJLPdzkthwvAG1ZVbF2WtFg4IvoA68XGSw= -github.com/google/certificate-transparency-go v1.1.7/go.mod h1:FSSBo8fyMVgqptbfF6j5p/XNdgQftAhSmXcIxV9iphE= +github.com/google/certificate-transparency-go v1.2.1 h1:4iW/NwzqOqYEEoCBEFP+jPbBXbLqMpq3CifMyOnDUME= +github.com/google/certificate-transparency-go v1.2.1/go.mod h1:bvn/ytAccv+I6+DGkqpvSsEdiVGramgaSC6RD3tEmeE= github.com/google/flatbuffers v2.0.8+incompatible h1:ivUb1cGomAB101ZM1T0nOiWz9pSrTMoa9+EiY7igmkM= github.com/google/flatbuffers v2.0.8+incompatible/go.mod h1:1AeVuKshWv4vARoZatz6mlQ0JxURH0Kv5+zNeJKJCa8= github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49 h1:0VpGH+cDhbDtdcweoyCVsF3fhN8kejK6rFe/2FFX2nU= @@ -988,14 +995,14 @@ github.com/google/pprof v0.0.0-20211214055906-6f57359322fd/go.mod h1:KgnwoLYCZ8I github.com/google/pprof v0.0.0-20240525223248-4bfdf5a9a2af h1:kmjWCqn2qkEml422C2Rrd27c3VGxi6a/6HNq8QmHRKM= github.com/google/pprof v0.0.0-20240525223248-4bfdf5a9a2af/go.mod h1:K1liHPHnj73Fdn/EKuT8nrFqBihUSKXoLYU0BuatOYo= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= -github.com/google/s2a-go v0.1.7 h1:60BLSyTrOV4/haCDW4zb1guZItoSq8foHCXrAnjBo/o= -github.com/google/s2a-go v0.1.7/go.mod h1:50CgR4k1jNlWBu4UfS4AcfhVe1r6pdZPygJ3R8F0Qdw= +github.com/google/s2a-go v0.1.8 h1:zZDs9gcbt9ZPLV0ndSyQk6Kacx2g/X+SKYovpnz3SMM= +github.com/google/s2a-go v0.1.8/go.mod h1:6iNWHTpQ+nfNRN5E00MSdfDwVesa8hhS32PhPO8deJA= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ= github.com/google/tink/go v1.7.0 h1:6Eox8zONGebBFcCBqkVmt60LaWZa6xg1cl/DwAh/J1w= github.com/google/tink/go v1.7.0/go.mod h1:GAUOd+QE3pgj9q8VKIGTCP33c/B7eb4NhxLcgTJZStM= -github.com/google/trillian v1.5.3 h1:3ioA5p09qz+U9/t2riklZtaQdZclaStp0/eQNfewNRg= -github.com/google/trillian v1.5.3/go.mod h1:p4tcg7eBr7aT6DxrAoILpc3uXNfcuAvZSnQKonVg+Eo= +github.com/google/trillian v1.6.0 h1:jMBeDBIkINFvS2n6oV5maDqfRlxREAc6CW9QYWQ0qT4= +github.com/google/trillian v1.6.0/go.mod h1:Yu3nIMITzNhhMJEHjAtp6xKiu+H/iHu2Oq5FjV2mCWI= github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= @@ -1015,8 +1022,8 @@ github.com/googleapis/gax-go/v2 v2.3.0/go.mod h1:b8LNqSzNabLiUpXKkY7HAR5jr6bIT99 github.com/googleapis/gax-go/v2 v2.4.0/go.mod h1:XOTVJ59hdnfJLIP/dh8n5CGryZR2LxK9wbMD5+iXC6c= github.com/googleapis/gax-go/v2 v2.5.1/go.mod h1:h6B0KMMFNtI2ddbGJn3T3ZbwkeT6yqEF02fYlzkUCyo= github.com/googleapis/gax-go/v2 v2.6.0/go.mod h1:1mjbznJAPHFpesgE5ucqfYEscaz5kMdcIDwU/6+DDoY= -github.com/googleapis/gax-go/v2 v2.12.5 h1:8gw9KZK8TiVKB6q3zHY3SBzLnrGp6HQjyfYBYGmXdxA= -github.com/googleapis/gax-go/v2 v2.12.5/go.mod h1:BUDKcWo+RaKq5SC9vVYL0wLADa3VcfswbOMMRmB9H3E= +github.com/googleapis/gax-go/v2 v2.13.0 h1:yitjD5f7jQHhyDsnhKEBU52NdvvdSeGzlAnDPT0hH1s= +github.com/googleapis/gax-go/v2 v2.13.0/go.mod h1:Z/fvTZXF8/uw7Xu5GuslPw+bplx6SS338j1Is2S+B7A= github.com/googleapis/go-type-adapters v1.0.0/go.mod h1:zHW75FOG2aur7gAO2B+MLby+cLsWGBF62rFAi7WjWO4= github.com/gookit/color v1.2.5/go.mod h1:AhIE+pS6D4Ql0SQWbBeXPHw7gY0/sjHoA4s/n1KB7xg= github.com/gookit/color v1.4.2/go.mod h1:fqRyamkC1W8uxl+lxCQxOT09l/vYfZ+QeiX3rKQHCoQ= @@ -1120,6 +1127,8 @@ github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1: github.com/ianlancetaylor/demangle v0.0.0-20210905161508-09a460cdf81d/go.mod h1:aYm2/VgdVmcIU8iMfdMvDMsRAQjcfZSKFby6HOFvi/w= github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4= github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY= +github.com/in-toto/attestation v1.1.0 h1:oRWzfmZPDSctChD0VaQV7MJrywKOzyNrtpENQFq//2Q= +github.com/in-toto/attestation v1.1.0/go.mod h1:DB59ytd3z7cIHgXxwpSX2SABrU6WJUKg/grpdgHVgVs= github.com/in-toto/in-toto-golang v0.9.0 h1:tHny7ac4KgtsfrG6ybU8gVOZux2H8jN05AXJ9EBM1XU= github.com/in-toto/in-toto-golang v0.9.0/go.mod h1:xsBVrVsHNsB61++S6Dy2vWosKhuA3lUTQd+eF9HdeMo= github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= @@ -1176,7 +1185,6 @@ github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/klauspost/compress v1.4.1/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0guNDohfE1A= github.com/klauspost/compress v1.11.4/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= -github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk= github.com/klauspost/compress v1.15.11/go.mod h1:QPwzmACJjUTFsnSHH934V6woptycfrDDJnH7hvFVbGM= github.com/klauspost/compress v1.17.9 h1:6KIumPrER1LHsvBVuDa0r5xaG0Es51mhhB9BQB2qeMA= github.com/klauspost/compress v1.17.9/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw= @@ -1213,8 +1221,8 @@ github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 h1:SOEGU9fKiNWd/HOJuq github.com/lann/builder v0.0.0-20180802200727-47ae307949d0/go.mod h1:dXGbAdH5GtBTC4WfIxhKZfyBF/HBFgRZSWwZ9g/He9o= github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 h1:P6pPBnrTSX3DEVR4fDembhRWSsG5rVo6hYhAB/ADZrk= github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0/go.mod h1:vmVJ0l/dxyfGW6FmdpVm2joNMFikkuWg0EoCKLGUMNw= -github.com/leodido/go-urn v1.2.4 h1:XlAE/cm/ms7TE/VMVoduSpNBoyc2dOxHs5MZSwAN63Q= -github.com/leodido/go-urn v1.2.4/go.mod h1:7ZrI8mTSeBSHl/UaRyKQW1qZeMgak41ANeCNaVckg+4= +github.com/leodido/go-urn v1.4.0 h1:WT9HwE9SGECu3lg4d/dIA+jxlljEa1/ffXKmRjqdmIQ= +github.com/leodido/go-urn v1.4.0/go.mod h1:bvxc+MVxLKB4z00jd1z+Dvzr47oO32F/QSNjSBOlFxI= github.com/letsencrypt/boulder v0.0.0-20240620165639-de9c06129bec h1:2tTW6cDth2TSgRbAhD7yjZzTQmcN25sDRPEeinR51yQ= github.com/letsencrypt/boulder v0.0.0-20240620165639-de9c06129bec/go.mod h1:TmwEoGCwIti7BCeJ9hescZgRtatxRE+A72pCoPfmcfk= github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= @@ -1329,8 +1337,10 @@ github.com/moby/sys/sequential v0.5.0 h1:OPvI35Lzn9K04PBbCLW0g4LcFAJgHsvXsRyewg5 github.com/moby/sys/sequential v0.5.0/go.mod h1:tH2cOOs5V9MlPiXcQzRC+eEyab644PWKGRYaaV5ZZlo= github.com/moby/sys/signal v0.7.0 h1:25RW3d5TnQEoKvRbEKUGay6DCQ46IxAVTT9CUMgmsSI= github.com/moby/sys/signal v0.7.0/go.mod h1:GQ6ObYZfqacOwTtlXvcmh9A26dVRul/hbOZn88Kg8Tg= -github.com/moby/sys/user v0.1.0 h1:WmZ93f5Ux6het5iituh9x2zAG7NFY9Aqi49jjE1PaQg= -github.com/moby/sys/user v0.1.0/go.mod h1:fKJhFOnsCN6xZ5gSfbM6zaHGgDJMrqt9/reuj4T7MmU= +github.com/moby/sys/user v0.3.0 h1:9ni5DlcW5an3SvRSx4MouotOygvzaXbaSrc/wGDFWPo= +github.com/moby/sys/user v0.3.0/go.mod h1:bG+tYYYJgaMtRKgEmuueC0hJEAZWwtIbZTB+85uoHjs= +github.com/moby/sys/userns v0.1.0 h1:tVLXkFOxVu9A64/yh59slHVv9ahO9UIev4JZusOLG/g= +github.com/moby/sys/userns v0.1.0/go.mod h1:IHUYgu/kao6N8YZlp9Cf444ySSvCmDlmzUcYfDHOl28= github.com/moby/term v0.5.0 h1:xt8Q1nalod/v7BqbG21f8mQPqH+xAaC9C3N3wfWbVP0= github.com/moby/term v0.5.0/go.mod h1:8FzsFHVUBGZdbDsJw/ot+X+d5HLUbvklYLJ9uGfcI3Y= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= @@ -1342,13 +1352,10 @@ github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9G github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 h1:n6/2gBQ3RWajuToeY6ZtZTIKv2v7ThUy5KKusIT0yc0= github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00/go.mod h1:Pm3mSP3c5uWn86xMLZ5Sa7JB9GsEZySvHYXCTK4E9q4= -github.com/montanaflynn/stats v0.0.0-20171201202039-1bf9dbcd8cbe/go.mod h1:wL8QJuTMNUDYhXwkmfOly8iTdp5TEcJFWZD2D7SIkUc= github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A= github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc= github.com/mozillazg/docker-credential-acr-helper v0.3.0 h1:DVWFZ3/O8BP6Ue3iS/Olw+G07u1hCq1EOVCDZZjCIBI= github.com/mozillazg/docker-credential-acr-helper v0.3.0/go.mod h1:cZlu3tof523ujmLuiNUb6JsjtHcNA70u1jitrrdnuyA= -github.com/mpvl/unique v0.0.0-20150818121801-cbe035fff7de h1:D5x39vF5KCwKQaw+OC9ZPiLVHXz3UFw2+psEX+gYcto= -github.com/mpvl/unique v0.0.0-20150818121801-cbe035fff7de/go.mod h1:kJun4WP5gFuHZgRjZUWWuH1DTxCtxbHDOIJsudS8jzY= github.com/muesli/ansi v0.0.0-20230316100256-276c6243b2f6 h1:ZK8zHtRHOkbHy6Mmr5D264iyp3TiX5OmNcI5cIARiQI= github.com/muesli/ansi v0.0.0-20230316100256-276c6243b2f6/go.mod h1:CJlz5H+gyd6CUWT45Oy4q24RdLyn7Md9Vj2/ldJBSIo= github.com/muesli/cancelreader v0.2.2 h1:3I4Kt4BQjOR54NavqnDogx/MIoWBFa0StPA8ELUXHmA= @@ -1365,8 +1372,9 @@ github.com/ncruces/go-strftime v0.1.9/go.mod h1:Fwc5htZGVVkseilnfgOVb9mKy6w1naJm github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno= github.com/nozzle/throttler v0.0.0-20180817012639-2ea982251481 h1:Up6+btDp321ZG5/zdSLo48H9Iaq0UQGthrhWC6pCxzE= github.com/nozzle/throttler v0.0.0-20180817012639-2ea982251481/go.mod h1:yKZQO8QE2bHlgozqWDiRVqTFlLQSj30K/6SAK8EeYFw= -github.com/nwaples/rardecode v1.1.0 h1:vSxaY8vQhOcVr4mm5e8XllHWTiM4JF507A0Katqw7MQ= github.com/nwaples/rardecode v1.1.0/go.mod h1:5DzqNKiOdpKKBH87u8VlvAnPZMXcGRhxWkRpHbbfGS0= +github.com/nwaples/rardecode v1.1.3 h1:cWCaZwfM5H7nAD6PyEdcVnczzV8i/JtotnyW/dD9lEc= +github.com/nwaples/rardecode v1.1.3/go.mod h1:5DzqNKiOdpKKBH87u8VlvAnPZMXcGRhxWkRpHbbfGS0= github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A= github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU= github.com/nxadm/tail v1.4.11 h1:8feyoE3OzPrcshW5/MJ4sGESc5cqmGkGCWlco4l0bqY= @@ -1391,8 +1399,8 @@ github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAl github.com/onsi/gomega v1.19.0/go.mod h1:LY+I3pBVzYsTBU1AnDwOSxaYi9WoWiqgwooUqq9yPro= github.com/onsi/gomega v1.33.1 h1:dsYjIxxSR755MDmKVsaFQTE22ChNBcuuTWgkUDSubOk= github.com/onsi/gomega v1.33.1/go.mod h1:U4R44UsT+9eLIaYRB2a5qajjtQYn0hauxvRm16AVYg0= -github.com/open-policy-agent/opa v0.61.0 h1:nhncQ2CAYtQTV/SMBhDDPsCpCQsUW+zO/1j+T5V7oZg= -github.com/open-policy-agent/opa v0.61.0/go.mod h1:7OUuzJnsS9yHf8lw0ApfcbrnaRG1EkN3J2fuuqi4G/E= +github.com/open-policy-agent/opa v0.68.0 h1:Jl3U2vXRjwk7JrHmS19U3HZO5qxQRinQbJ2eCJYSqJQ= +github.com/open-policy-agent/opa v0.68.0/go.mod h1:5E5SvaPwTpwt2WM177I9Z3eT7qUpmOGjk1ZdHs+TZ4w= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= github.com/opencontainers/image-spec v1.1.0 h1:8SG7/vwALn54lVB/0yZ/MMwhFrPYtpEHQb2IpWsCzug= @@ -1431,8 +1439,8 @@ github.com/petergtz/pegomock v2.9.0+incompatible/go.mod h1:nuBLWZpVyv/fLo56qTwt/ github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5 h1:Ii+DKncOVM8Cu1Hc+ETb5K+23HdAMvESYE3ZJ5b5cMI= github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5/go.mod h1:iIss55rKnNBTvrwdmkUpLnDpZoAHvWaiq5+iMmen4AE= github.com/pierrec/lz4/v4 v4.1.2/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4= -github.com/pierrec/lz4/v4 v4.1.19 h1:tYLzDnjDXh9qIxSTKHwXwOYmm9d887Y7Y1ZkyXYHAN4= -github.com/pierrec/lz4/v4 v4.1.19/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4= +github.com/pierrec/lz4/v4 v4.1.21 h1:yOVMLb6qSIDP67pl/5F7RepeKYu/VmTyEXvuMI5d9mQ= +github.com/pierrec/lz4/v4 v4.1.21/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4= github.com/pjbgf/sha1cd v0.3.0 h1:4D5XXmUUBUl/xQ6IjCkEAbqXskkq/4O7LmGn0AqMDs4= github.com/pjbgf/sha1cd v0.3.0/go.mod h1:nZ1rrWOcGJ5uZgEEVL1VUM9iRQiZvWdbZjkKyFzPPsI= github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c h1:+mdjkGKdHQG3305AYmdv1U2eRNDiU2ErMBj1gwrq8eQ= @@ -1457,8 +1465,8 @@ github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXP github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= github.com/prometheus/client_golang v1.1.0/go.mod h1:I1FGZT9+L76gKKOs5djB6ezCbFQP1xR9D75/vuwEF3g= github.com/prometheus/client_golang v1.4.0/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU= -github.com/prometheus/client_golang v1.19.1 h1:wZWJDwK+NameRJuPGDhlnFgx8e8HN3XHQeLaYJFJBOE= -github.com/prometheus/client_golang v1.19.1/go.mod h1:mP78NwGzrVks5S2H6ab8+ZZGJLZUq1hoULYBAYBw1Ho= +github.com/prometheus/client_golang v1.20.2 h1:5ctymQzZlyOON1666svgwn3s6IKWgfbjsejTMiXIyjg= +github.com/prometheus/client_golang v1.20.2/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE= github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= @@ -1474,7 +1482,6 @@ github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.3/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ= github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A= -github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc= github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk= github.com/protocolbuffers/txtpbfmt v0.0.0-20231025115547-084445ff1adf h1:014O62zIzQwvoD7Ekj3ePDF5bv9Xxy0w6AZk0qYbjUk= @@ -1497,8 +1504,8 @@ github.com/redis/go-redis/extra/rediscmd/v9 v9.0.5/go.mod h1:fyalQWdtzDBECAQFBJu github.com/redis/go-redis/extra/redisotel/v9 v9.0.5 h1:EfpWLLCyXw8PSM2/XNJLjI3Pb27yVE+gIAfeqp8LUCc= github.com/redis/go-redis/extra/redisotel/v9 v9.0.5/go.mod h1:WZjPDy7VNzn77AAfnAfVjZNvfJTYfPetfZk5yoSTLaQ= github.com/redis/go-redis/v9 v9.0.5/go.mod h1:WqMKv5vnQbRuZstUwxQI195wHy+t4PuXDOjzMvcuQHk= -github.com/redis/go-redis/v9 v9.3.0 h1:RiVDjmig62jIWp7Kk4XVLs0hzV6pI3PyTnnL0cnn0u0= -github.com/redis/go-redis/v9 v9.3.0/go.mod h1:hdY0cQFCN4fnSYT6TkisLufl/4W5UIXyv0b/CLO2V2M= +github.com/redis/go-redis/v9 v9.5.1 h1:H1X4D3yHPaYrkL5X06Wh6xNVM/pX0Ft4RV0vMGvLBh8= +github.com/redis/go-redis/v9 v9.5.1/go.mod h1:hdY0cQFCN4fnSYT6TkisLufl/4W5UIXyv0b/CLO2V2M= github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec h1:W09IVJc94icq4NjY3clb7Lk8O1qJ8BdBEF8z0ibU0rE= github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo= github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= @@ -1537,8 +1544,8 @@ github.com/sassoftware/go-rpmutils v0.4.0 h1:ojND82NYBxgwrV+mX1CWsd5QJvvEZTKddtC github.com/sassoftware/go-rpmutils v0.4.0/go.mod h1:3goNWi7PGAT3/dlql2lv3+MSN5jNYPjT5mVcQcIsYzI= github.com/sassoftware/relic v7.2.1+incompatible h1:Pwyh1F3I0r4clFJXkSI8bOyJINGqpgjJU3DYAZeI05A= github.com/sassoftware/relic v7.2.1+incompatible/go.mod h1:CWfAxv73/iLZ17rbyhIEq3K9hs5w6FpNMdUT//qR+zk= -github.com/sassoftware/relic/v7 v7.6.1 h1:O5s8ewCgq5QYNpv45dK4u6IpBmDM9RIcsbf/G1uXepQ= -github.com/sassoftware/relic/v7 v7.6.1/go.mod h1:NxwtWxWxlUa9as2qZi635Ye6bBT/tGnMALLq7dSfOOU= +github.com/sassoftware/relic/v7 v7.6.2 h1:rS44Lbv9G9eXsukknS4mSjIAuuX+lMq/FnStgmZlUv4= +github.com/sassoftware/relic/v7 v7.6.2/go.mod h1:kjmP0IBVkJZ6gXeAu35/KCEfca//+PKM6vTAsyDPY+k= github.com/scylladb/go-set v1.0.3-0.20200225121959-cc7b2070d91e h1:7q6NSFZDeGfvvtIRwBrU/aegEYJYmvev0cHAwo17zZQ= github.com/scylladb/go-set v1.0.3-0.20200225121959-cc7b2070d91e/go.mod h1:DkpGd78rljTxKAnTDPFqXSGxvETQnJyuSOQwsHycqfs= github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc= @@ -1559,28 +1566,31 @@ github.com/shibumi/go-pathspec v1.3.0/go.mod h1:Xutfslp817l2I1cZvgcfeMQJG5QnU2lh github.com/shopspring/decimal v1.4.0 h1:bxl37RwXBklmTi0C79JfXCEBD1cqqHt0bbgBAGFp81k= github.com/shopspring/decimal v1.4.0/go.mod h1:gawqmDU56v4yIKSwfBSFip1HdCCXN8/+DMd9qYNcwME= github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= -github.com/sigstore/cosign/v2 v2.2.3 h1:WX7yawI+EXu9h7S5bZsfYCbB9XW6Jc43ctKy/NoOSiA= -github.com/sigstore/cosign/v2 v2.2.3/go.mod h1:WpMn4MBt0cI23GdHsePwO4NxhX1FOz1ITGB3ALUjFaI= -github.com/sigstore/fulcio v1.4.3 h1:9JcUCZjjVhRF9fmhVuz6i1RyhCc/EGCD7MOl+iqCJLQ= -github.com/sigstore/fulcio v1.4.3/go.mod h1:BQPWo7cfxmJwgaHlphUHUpFkp5+YxeJes82oo39m5og= -github.com/sigstore/rekor v1.3.4 h1:RGIia1iOZU7fOiiP2UY/WFYhhp50S5aUm7YrM8aiA6E= -github.com/sigstore/rekor v1.3.4/go.mod h1:1GubPVO2yO+K0m0wt/3SHFqnilr/hWbsjSOe7Vzxrlg= -github.com/sigstore/sigstore v1.8.7 h1:L7/zKauHTg0d0Hukx7qlR4nifh6T6O6UIt9JBwAmTIg= -github.com/sigstore/sigstore v1.8.7/go.mod h1:MPiQ/NIV034Fc3Kk2IX9/XmBQdK60wfmpvgK9Z1UjRA= -github.com/sigstore/sigstore/pkg/signature/kms/aws v1.8.1 h1:rEDdUefulkIQaMJyzLwtgPDLNXBIltBABiFYfb0YmgQ= -github.com/sigstore/sigstore/pkg/signature/kms/aws v1.8.1/go.mod h1:RCdYCc1IxCYWzh2IdzdA6Yf7JIY0cMRqH08fpQYechw= -github.com/sigstore/sigstore/pkg/signature/kms/azure v1.8.1 h1:DvRWG99QGWZC5mp42SEde2Xke/Q384Idnj2da7yB+Mk= -github.com/sigstore/sigstore/pkg/signature/kms/azure v1.8.1/go.mod h1:s13mo3a0UCQS3+PAUUZfvKe48sMDMsHk2GE1b2YfPcU= -github.com/sigstore/sigstore/pkg/signature/kms/gcp v1.8.7 h1:zYg1XlbKpQkmE7FpWTkLuUn7RttLAq4FcZ1G9JcqhoY= -github.com/sigstore/sigstore/pkg/signature/kms/gcp v1.8.7/go.mod h1:VmUsO1R4OHuyHBEgI4bbSUn0z2nojszrDMvlDxyX/dE= -github.com/sigstore/sigstore/pkg/signature/kms/hashivault v1.8.7 h1:dbcB9VEddYrvK+y4rHeES5OZ/pMQuucfJ0qCNWQmnp0= -github.com/sigstore/sigstore/pkg/signature/kms/hashivault v1.8.7/go.mod h1:96MrPJBkHiAvqFyqviuYbwPAdbPCj8CR3V0RJ9bKjrE= -github.com/sigstore/timestamp-authority v1.2.1 h1:j9RmqSAdvKgSofeltPO4x7d+1M3AXaROBzUJ+AA7L5Q= -github.com/sigstore/timestamp-authority v1.2.1/go.mod h1:Ce+vWWEf0QaKLY2u6mpwEJbmYXEVeOfUk4fQ69kE6ck= +github.com/sigstore/cosign/v2 v2.4.0 h1:2NdidNgClg+oXr/fDIr37E/BE6j00gqgUhSiBK2kjSQ= +github.com/sigstore/cosign/v2 v2.4.0/go.mod h1:j+fH1DCUkcn92qp6ezDj4JbGMri6eG1nLJC+hs64rvc= +github.com/sigstore/fulcio v1.5.1 h1:Iasy1zfNjaq8BV4S8o6pXspLDU28PQC2z07GmOu9zpM= +github.com/sigstore/fulcio v1.5.1/go.mod h1:W1A/UHrTopy1IBZPMtHmxg7GPYAu+vt5dRXM3W6yjPo= +github.com/sigstore/protobuf-specs v0.3.2 h1:nCVARCN+fHjlNCk3ThNXwrZRqIommIeNKWwQvORuRQo= +github.com/sigstore/protobuf-specs v0.3.2/go.mod h1:RZ0uOdJR4OB3tLQeAyWoJFbNCBFrPQdcokntde4zRBA= +github.com/sigstore/rekor v1.3.6 h1:QvpMMJVWAp69a3CHzdrLelqEqpTM3ByQRt5B5Kspbi8= +github.com/sigstore/rekor v1.3.6/go.mod h1:JDTSNNMdQ/PxdsS49DJkJ+pRJCO/83nbR5p3aZQteXc= +github.com/sigstore/sigstore v1.8.9 h1:NiUZIVWywgYuVTxXmRoTT4O4QAGiTEKup4N1wdxFadk= +github.com/sigstore/sigstore v1.8.9/go.mod h1:d9ZAbNDs8JJfxJrYmulaTazU3Pwr8uLL9+mii4BNR3w= +github.com/sigstore/sigstore-go v0.6.1 h1:tGkkv1oDIER+QYU5MrjqlttQOVDWfSkmYwMqkJhB/cg= +github.com/sigstore/sigstore-go v0.6.1/go.mod h1:Xe5GHmUeACRFbomUWzVkf/xYCn8xVifb9DgqJrV2dIw= +github.com/sigstore/sigstore/pkg/signature/kms/aws v1.8.8 h1:2zHmUvaYCwV6LVeTo+OAkTm8ykOGzA9uFlAjwDPAUWM= +github.com/sigstore/sigstore/pkg/signature/kms/aws v1.8.8/go.mod h1:OEhheBplZinUsm7W9BupafztVZV3ldkAxEHbpAeC0Pk= +github.com/sigstore/sigstore/pkg/signature/kms/azure v1.8.8 h1:RKk4Z+qMaLORUdT7zntwMqKiYAej1VQlCswg0S7xNSY= +github.com/sigstore/sigstore/pkg/signature/kms/azure v1.8.8/go.mod h1:dMJdlBWKHMu2xf0wIKpbo7+QfG+RzVkBB3nHP8EMM5o= +github.com/sigstore/sigstore/pkg/signature/kms/gcp v1.8.8 h1:89Xtxj8oqZt3UlSpCP4wApFvnQ2Z/dgowW5QOVhQigI= +github.com/sigstore/sigstore/pkg/signature/kms/gcp v1.8.8/go.mod h1:Wa4xn/H3pU/yW/6tHiMXTpObBtBSGC5q29KYFEPKN6o= +github.com/sigstore/sigstore/pkg/signature/kms/hashivault v1.8.8 h1:Zte3Oogkd8m+nu2oK3yHtGmN++TZWh2Lm6q2iSprT1M= +github.com/sigstore/sigstore/pkg/signature/kms/hashivault v1.8.8/go.mod h1:j00crVw6ki4/WViXflw0zWgNALrAzZT+GbIK8v7Xlz4= +github.com/sigstore/timestamp-authority v1.2.2 h1:X4qyutnCQqJ0apMewFyx+3t7Tws00JQ/JonBiu3QvLE= +github.com/sigstore/timestamp-authority v1.2.2/go.mod h1:nEah4Eq4wpliDjlY342rXclGSO7Kb9hoRrl9tqLW13A= github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= -github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= github.com/skeema/knownhosts v1.2.2 h1:Iug2P4fLmDw9f41PB6thxUkNUkJzB5i+1/exaj40L3A= @@ -1614,8 +1624,8 @@ github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An github.com/spf13/viper v1.10.0/go.mod h1:SoyBPwAtKDzypXNDFKN5kzH7ppppbGZtls1UpIy5AsM= github.com/spf13/viper v1.19.0 h1:RWq5SEjt8o25SROyN3z2OrDB9l7RPd3lwTWU8EcEdcI= github.com/spf13/viper v1.19.0/go.mod h1:GQUN9bilAbhU/jgc1bKs99f/suXKeUMct8Adx5+Ntkg= -github.com/spiffe/go-spiffe/v2 v2.1.7 h1:VUkM1yIyg/x8X7u1uXqSRVRCdMdfRIEdFBzpqoeASGk= -github.com/spiffe/go-spiffe/v2 v2.1.7/go.mod h1:QJDGdhXllxjxvd5B+2XnhhXB/+rC8gr+lNrtOryiWeE= +github.com/spiffe/go-spiffe/v2 v2.3.0 h1:g2jYNb/PDMB8I7mBGL2Zuq/Ur6hUhoroxGQFyD6tTj8= +github.com/spiffe/go-spiffe/v2 v2.3.0/go.mod h1:Oxsaio7DBgSNqhAO9i/9tLClaVlfRok7zvJnTV8ZyIY= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE= @@ -1656,6 +1666,8 @@ github.com/therootcompany/xz v1.0.1 h1:CmOtsn1CbtmyYiusbfmhmkpAAETj0wBIH6kCYaX+x github.com/therootcompany/xz v1.0.1/go.mod h1:3K3UH1yCKgBneZYhuQUvJ9HPD19UEXEI0BWbMn8qNMY= github.com/theupdateframework/go-tuf v0.7.0 h1:CqbQFrWo1ae3/I0UCblSbczevCCbS31Qvs5LdxRWqRI= github.com/theupdateframework/go-tuf v0.7.0/go.mod h1:uEB7WSY+7ZIugK6R1hiBMBjQftaFzn7ZCDJcp1tCUug= +github.com/theupdateframework/go-tuf/v2 v2.0.0 h1:rD8d9RotYBprZVgC+9oyTZ5MmawepnTSTqoDuxjWgbs= +github.com/theupdateframework/go-tuf/v2 v2.0.0/go.mod h1:baB22nBHeHBCeuGZcIlctNq4P61PcOdyARlplg5xmLA= github.com/tidwall/gjson v1.17.0 h1:/Jocvlh98kcTfpN2+JzGQWQcqrPQwDrVEMApx/M5ZwM= github.com/tidwall/gjson v1.17.0/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk= github.com/tidwall/match v1.1.1 h1:+Ho715JplO36QYgwN9PGYNhgZvoUSc9X2c80KVTi+GA= @@ -1696,13 +1708,10 @@ github.com/wk8/go-ordered-map/v2 v2.1.8 h1:5h/BUHu93oj4gIdvHHHGsScSTMijfx5PeYkE/ github.com/wk8/go-ordered-map/v2 v2.1.8/go.mod h1:5nJHM5DyteebpVlHnWMV0rPz6Zp7+xBAnxjb1X5vnTw= github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= -github.com/xanzy/go-gitlab v0.96.0 h1:LGkZ+wSNMRtHIBaYE4Hq3dZVjprwHv3Y1+rhKU3WETs= -github.com/xanzy/go-gitlab v0.96.0/go.mod h1:ETg8tcj4OhrB84UEgeE8dSuV/0h4BBL1uOV/qK0vlyI= +github.com/xanzy/go-gitlab v0.107.0 h1:P2CT9Uy9yN9lJo3FLxpMZ4xj6uWcpnigXsjvqJ6nd2Y= +github.com/xanzy/go-gitlab v0.107.0/go.mod h1:wKNKh3GkYDMOsGmnfuX+ITCmDuSDWFO0G+C4AygL9RY= github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM= github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw= -github.com/xdg-go/pbkdf2 v1.0.0/go.mod h1:jrpuAogTd400dnrH08LKmI/xc1MbPOebTwRqcT5RDeI= -github.com/xdg-go/scram v1.1.2/go.mod h1:RT/sEzTbU5y00aCK8UOx6R7YryM0iF1N2MOmC3kKLN4= -github.com/xdg-go/stringprep v1.0.4/go.mod h1:mPGuuIYwz7CmR2bT9j4GbQqutWS1zV24gijq1dTyGkM= github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb h1:zGWFAtiMcyryUHoUjUJX0/lt1H2+i2Ka2n+D3DImSNo= github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHovont7NscjpAxXsDA8S8BMYve8Y5+7cuRE7R0= @@ -1716,7 +1725,6 @@ github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e h1:JVG44RsyaB9T2KIHavM github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e/go.mod h1:RbqR21r5mrJuqunuUZ/Dhy/avygyECGrLceyNeo4LiM= github.com/yashtewari/glob-intersection v0.2.0 h1:8iuHdN88yYuCzCdjt0gDe+6bAhUwBeEWqThExu54RFg= github.com/yashtewari/glob-intersection v0.2.0/go.mod h1:LK7pIC3piUjovexikBbJ26Yml7g8xa5bsjfx2v1fwok= -github.com/youmark/pkcs8 v0.0.0-20181117223130-1be2e3e5546d/go.mod h1:rHwXgn7JulP+udvsHwJoVG1YGAP6VLg4y9I5dyZdqmA= github.com/ysmood/fetchup v0.2.3 h1:ulX+SonA0Vma5zUFXtv52Kzip/xe7aj4vqT5AJwQ+ZQ= github.com/ysmood/fetchup v0.2.3/go.mod h1:xhibcRKziSvol0H1/pj33dnKrYyI2ebIvz5cOOkYGns= github.com/ysmood/goob v0.4.0 h1:HsxXhyLBeGzWXnqVKtmT9qM7EuVs/XOgkX7T6r1o1AQ= @@ -1725,8 +1733,8 @@ github.com/ysmood/got v0.40.0 h1:ZQk1B55zIvS7zflRrkGfPDrPG3d7+JOza1ZkNxcc74Q= github.com/ysmood/got v0.40.0/go.mod h1:W7DdpuX6skL3NszLmAsC5hT7JAhuLZhByVzHTq874Qg= github.com/ysmood/gson v0.7.3 h1:QFkWbTH8MxyUTKPkVWAENJhxqdBa4lYTQWqZCiLG6kE= github.com/ysmood/gson v0.7.3/go.mod h1:3Kzs5zDl21g5F/BlLTNcuAGAYLKt2lV5G8D1zF3RNmg= -github.com/ysmood/leakless v0.8.0 h1:BzLrVoiwxikpgEQR0Lk8NyBN5Cit2b1z+u0mgL4ZJak= -github.com/ysmood/leakless v0.8.0/go.mod h1:R8iAXPRaG97QJwqxs74RdwzcRHT1SWCGTNqY8q0JvMQ= +github.com/ysmood/leakless v0.9.0 h1:qxCG5VirSBvmi3uynXFkcnLMzkphdh3xx5FtrORwDCU= +github.com/ysmood/leakless v0.9.0/go.mod h1:R8iAXPRaG97QJwqxs74RdwzcRHT1SWCGTNqY8q0JvMQ= github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.30/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= @@ -1736,8 +1744,8 @@ github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= github.com/yuin/gopher-lua v1.1.1 h1:kYKnWBjvbNP4XLT3+bPEwAXJx262OhaHDWDVOPjL46M= github.com/yuin/gopher-lua v1.1.1/go.mod h1:GBR0iDaNXjAgGg9zfCvksxSRnQx76gclCIb7kdAd1Pw= -github.com/zalando/go-keyring v0.2.2 h1:f0xmpYiSrHtSNAVgwip93Cg8tuF45HJM6rHq/A5RI/4= -github.com/zalando/go-keyring v0.2.2/go.mod h1:sI3evg9Wvpw3+n4SqplGSJUMwtDeROfD4nsFz4z9PG0= +github.com/zalando/go-keyring v0.2.3 h1:v9CUu9phlABObO4LPWycf+zwMG7nlbb3t/B5wa97yms= +github.com/zalando/go-keyring v0.2.3/go.mod h1:HL4k+OXQfJUWaMnqyuSOc0drfGPX2b51Du6K+MRgZMk= github.com/zclconf/go-cty v1.14.0 h1:/Xrd39K7DXbHzlisFP9c4pHao4yyf+/Ug9LEz+Y/yhc= github.com/zclconf/go-cty v1.14.0/go.mod h1:VvMs5i0vgZdhYawQNq5kePSpLAoz8u1xvZgrPIxfnZE= github.com/zeebo/errs v1.3.0 h1:hmiaKqgYZzcVgRL1Vkc1Mn2914BbzB0IBxs+ebeutGs= @@ -1747,8 +1755,8 @@ github.com/zyedidia/generic v1.2.2-0.20230320175451-4410d2372cb1/go.mod h1:ly2RB go.etcd.io/etcd/api/v3 v3.5.1/go.mod h1:cbVKeC6lCfl7j/8jBhAK6aIYO9XOjdptoxU/nLQcPvs= go.etcd.io/etcd/client/pkg/v3 v3.5.1/go.mod h1:IJHfcCEKxYu1Os13ZdwCwIUTUVGYTSAM3YSwc9/Ac1g= go.etcd.io/etcd/client/v2 v2.305.1/go.mod h1:pMEacxZW7o8pg4CrFE7pquyCJJzZvkvdD2RibOCCCGs= -go.mongodb.org/mongo-driver v1.13.1 h1:YIc7HTYsKndGK4RFzJ3covLz1byri52x0IoMB0Pt/vk= -go.mongodb.org/mongo-driver v1.13.1/go.mod h1:wcDf1JBCXy2mOW0bWHwO/IOYqdca1MPCwDtFu/Z9+eo= +go.mongodb.org/mongo-driver v1.14.0 h1:P98w8egYRjYe3XDjxhYJagTokP/H6HzlsnojRgZRd80= +go.mongodb.org/mongo-driver v1.14.0/go.mod h1:Vzb0Mk/pa7e6cWw85R4F/endUC3u0U9jGcNU603k65c= go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= @@ -1772,8 +1780,8 @@ go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v0.44.0 h1:bfl go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v0.44.0/go.mod h1:qcTO4xHAxZLaLxPd60TdE88rxtItPHgHWqOhOGRr0as= go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.28.0 h1:3Q/xZUyC1BBkualc9ROb4G8qkH90LXEIICcs5zv1OYY= go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.28.0/go.mod h1:s75jGIWA9OfCMzF0xr+ZgfrB5FEbbV7UuYo32ahUiFI= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.27.0 h1:qFffATk0X+HD+f1Z8lswGiOQYKHRlzfmdJm0wEaVrFA= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.27.0/go.mod h1:MOiCmryaYtc+V0Ei+Tx9o5S1ZjA7kzLucuVuyzBZloQ= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.28.0 h1:R3X6ZXmNPRR8ul6i3WgFURCHzaXjHdm0karRG/+dj3s= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.28.0/go.mod h1:QWFXnDavXWwMx2EEcZsf3yxgEKAqsxQ+Syjp+seyInw= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.21.0 h1:digkEZCJWobwBqMwC0cwCq8/wkkRy/OowZg5OArWZrM= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.21.0/go.mod h1:/OpE/y70qVkndM0TrxT4KBoN3RsFZP0QaofcfYrj76I= go.opentelemetry.io/otel/exporters/prometheus v0.44.0 h1:08qeJgaPC0YEBu2PQMbqU3rogTlyzpjhCI2b58Yn00w= @@ -1795,8 +1803,8 @@ go.opentelemetry.io/proto/otlp v1.3.1 h1:TrMUixzpM0yuc/znrFTP9MMRh8trP93mkCiDVeX go.opentelemetry.io/proto/otlp v1.3.1/go.mod h1:0X1WI4de4ZsLrrJNLAQbFeLCm3T7yBkR0XqQ7niQU+8= go.starlark.net v0.0.0-20230525235612-a134d8f9ddca h1:VdD38733bfYv5tUZwEIskMM93VanwNIi5bIKnDrJdEY= go.starlark.net v0.0.0-20230525235612-a134d8f9ddca/go.mod h1:jxU+3+j+71eXOW14274+SmmuW82qJzl6iZSeqEtTGds= -go.step.sm/crypto v0.42.1 h1:OmwHm3GJO8S4VGWL3k4+I+Q4P/F2s+j8msvTyGnh1Vg= -go.step.sm/crypto v0.42.1/go.mod h1:yNcTLFQBnYCA75fC5bklBoTAT7y0dRZsB1TkinB8JMs= +go.step.sm/crypto v0.51.1 h1:ktUg/2hetEMiBAqgz502ktZDGoDoGrcHFg3XpkmkvvA= +go.step.sm/crypto v0.51.1/go.mod h1:PdrhttNU/tG9/YsVd4fdlysBN+UV503p0o2irFZQlAw= go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= @@ -1804,8 +1812,8 @@ go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9i go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo= -go.uber.org/zap v1.26.0 h1:sI7k6L95XOKS281NhVKOFCUNIvv9e0w4BF8N3u+tCRo= -go.uber.org/zap v1.26.0/go.mod h1:dtElttAiwGvoJ/vj4IwHBS/gXsEu/pZ50mUIRWuG0so= +go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8= +go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E= golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= @@ -1965,8 +1973,8 @@ golang.org/x/oauth2 v0.0.0-20220822191816-0ebed06d0094/go.mod h1:h4gKUeWbJ4rQPri golang.org/x/oauth2 v0.0.0-20220909003341-f21342109be1/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg= golang.org/x/oauth2 v0.0.0-20221014153046-6fdb5e3db783/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg= golang.org/x/oauth2 v0.1.0/go.mod h1:G9FE4dLTsbXUu90h/Pf85g4w1D+SSAgR+q46nJZ8M4A= -golang.org/x/oauth2 v0.21.0 h1:tsimM75w1tF/uws5rbeHzIWxEqElMehnc+iW793zsZs= -golang.org/x/oauth2 v0.21.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= +golang.org/x/oauth2 v0.22.0 h1:BzDx2FehcG7jJwgWLELCdmLuxk2i+x9UDpSiss2u0ZA= +golang.org/x/oauth2 v0.22.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -2112,7 +2120,6 @@ golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= @@ -2125,8 +2132,8 @@ golang.org/x/text v0.18.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= -golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= +golang.org/x/time v0.6.0 h1:eTDhh4ZXt5Qf0augr54TN6suAUudPcawVZeIAPU7D4U= +golang.org/x/time v0.6.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= @@ -2186,8 +2193,8 @@ golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d h1:vU5i/LfpvrRCpgM/VPfJLg5KjxD3E+hfT1SH+d9zLwg= -golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= +golang.org/x/tools v0.23.0 h1:SGsXPZ+2l4JsgaCKkx+FQ9YZ5XEtA1GZYuoDjenLjvg= +golang.org/x/tools v0.23.0/go.mod h1:pnu6ufv6vQkll6szChhK3C3L/ruaIv5eBeztNG8wtsI= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -2248,8 +2255,8 @@ google.golang.org/api v0.96.0/go.mod h1:w7wJQLTM+wvQpNf5JyEcBoxK0RH7EDrh/L4qfsuJ google.golang.org/api v0.97.0/go.mod h1:w7wJQLTM+wvQpNf5JyEcBoxK0RH7EDrh/L4qfsuJ13s= google.golang.org/api v0.98.0/go.mod h1:w7wJQLTM+wvQpNf5JyEcBoxK0RH7EDrh/L4qfsuJ13s= google.golang.org/api v0.100.0/go.mod h1:ZE3Z2+ZOr87Rx7dqFsdRQkRBk36kDtp/h+QpHbB7a70= -google.golang.org/api v0.187.0 h1:Mxs7VATVC2v7CY+7Xwm4ndkX71hpElcvx0D1Ji/p1eo= -google.golang.org/api v0.187.0/go.mod h1:KIHlTc4x7N7gKKuVsdmfBXN13yEEWXWFURWY6SBp2gk= +google.golang.org/api v0.190.0 h1:ASM+IhLY1zljNdLu19W1jTmU6A+gMk6M46Wlur61s+Q= +google.golang.org/api v0.190.0/go.mod h1:QIr6I9iedBLnfqoD6L6Vze1UvS5Hzj5r2aUBOaZnLHo= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -2362,12 +2369,12 @@ google.golang.org/genproto v0.0.0-20221010155953-15ba04fc1c0e/go.mod h1:3526vdqw google.golang.org/genproto v0.0.0-20221014173430-6e2ab493f96b/go.mod h1:1vXfmgAz9N9Jx0QA82PqRVauvCz1SGSz739p0f183jM= google.golang.org/genproto v0.0.0-20221014213838-99cd37c6964a/go.mod h1:1vXfmgAz9N9Jx0QA82PqRVauvCz1SGSz739p0f183jM= google.golang.org/genproto v0.0.0-20221025140454-527a21cfbd71/go.mod h1:9qHF0xnpdSfF6knlcsnpzUu5y+rpwgbvsyGAZPBMg4s= -google.golang.org/genproto v0.0.0-20240624140628-dc46fd24d27d h1:PksQg4dV6Sem3/HkBX+Ltq8T0ke0PKIRBNBatoDTVls= -google.golang.org/genproto v0.0.0-20240624140628-dc46fd24d27d/go.mod h1:s7iA721uChleev562UJO2OYB0PPT9CMFjV+Ce7VJH5M= -google.golang.org/genproto/googleapis/api v0.0.0-20240624140628-dc46fd24d27d h1:Aqf0fiIdUQEj0Gn9mKFFXoQfTTEaNopWpfVyYADxiSg= -google.golang.org/genproto/googleapis/api v0.0.0-20240624140628-dc46fd24d27d/go.mod h1:Od4k8V1LQSizPRUK4OzZ7TBE/20k+jPczUDAEyvn69Y= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094 h1:BwIjyKYGsK9dMCBOorzRri8MQwmi7mT9rGHsCEinZkA= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY= +google.golang.org/genproto v0.0.0-20240730163845-b1a4ccb954bf h1:OqdXDEakZCVtDiZTjcxfwbHPCT11ycCEsTKesBVKvyY= +google.golang.org/genproto v0.0.0-20240730163845-b1a4ccb954bf/go.mod h1:mCr1K1c8kX+1iSBREvU3Juo11CB+QOEWxbRS01wWl5M= +google.golang.org/genproto/googleapis/api v0.0.0-20240725223205-93522f1f2a9f h1:b1Ln/PG8orm0SsBbHZWke8dDp2lrCD4jSmfglFpTZbk= +google.golang.org/genproto/googleapis/api v0.0.0-20240725223205-93522f1f2a9f/go.mod h1:AHT0dDg3SoMOgZGnZk29b5xTbPHMoEC8qthmBLJCpys= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240730163845-b1a4ccb954bf h1:liao9UHurZLtiEwBgT9LMOnKYsHze6eA6w1KQCMVN2Q= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240730163845-b1a4ccb954bf/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -2404,8 +2411,8 @@ google.golang.org/grpc v1.48.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACu google.golang.org/grpc v1.49.0/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI= google.golang.org/grpc v1.50.0/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI= google.golang.org/grpc v1.50.1/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI= -google.golang.org/grpc v1.65.0 h1:bs/cUb4lp1G5iImFFd3u5ixQzweKizoZJAwBNLR42lc= -google.golang.org/grpc v1.65.0/go.mod h1:WgYC2ypjlB0EiQi6wdKixMqukr6lBc0Vo+oOgjrM5ZQ= +google.golang.org/grpc v1.66.0 h1:DibZuoBznOxbDQxRINckZcUvnCEvrW9pcWIE2yF9r1c= +google.golang.org/grpc v1.66.0/go.mod h1:s3/l6xSSCURdVfAnL+TqCNMyTDAGN6+lZeVxnZR128Y= google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= @@ -2545,11 +2552,11 @@ sigs.k8s.io/kustomize/kustomize/v5 v5.4.2 h1:9Zl5Gqg3XMdBEvkR54pVLCBj7FVO7W+VPND sigs.k8s.io/kustomize/kustomize/v5 v5.4.2/go.mod h1:5ypfJVYlPb2MKKeoGknVLxvHemDlQT+szI4+KOhnD6k= sigs.k8s.io/kustomize/kyaml v0.17.2 h1:+AzvoJUY0kq4QAhH/ydPHHMRLijtUKiyVyh7fOSshr0= sigs.k8s.io/kustomize/kyaml v0.17.2/go.mod h1:9V0mCjIEYjlXuCdYsSXvyoy2BTsLESH7TlGV81S282U= -sigs.k8s.io/release-utils v0.7.7 h1:JKDOvhCk6zW8ipEOkpTGDH/mW3TI+XqtPp16aaQ79FU= -sigs.k8s.io/release-utils v0.7.7/go.mod h1:iU7DGVNi3umZJ8q6aHyUFzsDUIaYwNnNKGHo3YE5E3s= +sigs.k8s.io/release-utils v0.8.4 h1:4QVr3UgbyY/d9p74LBhg0njSVQofUsAZqYOzVZBhdBw= +sigs.k8s.io/release-utils v0.8.4/go.mod h1:m1bHfscTemQp+z+pLCZnkXih9n0+WukIUU70n6nFnU0= sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4= sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08= sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E= sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY= -software.sslmate.com/src/go-pkcs12 v0.2.0 h1:nlFkj7bTysH6VkC4fGphtjXRbezREPgrHuJG20hBGPE= -software.sslmate.com/src/go-pkcs12 v0.2.0/go.mod h1:23rNcYsMabIc1otwLpTkCCPwUq6kQsTyowttG/as0kQ= +software.sslmate.com/src/go-pkcs12 v0.4.0 h1:H2g08FrTvSFKUj+D309j1DPfk5APnIdAQAB8aEykJ5k= +software.sslmate.com/src/go-pkcs12 v0.4.0/go.mod h1:Qiz0EyvDRJjjxGyUQa2cCNZn/wMyzrRJ/qcDXOQazLI= From b8d78129e1a2e2fe42bf56bde191d6143226a4ba Mon Sep 17 00:00:00 2001 From: schristoff <28318173+schristoff@users.noreply.github.com> Date: Sat, 28 Sep 2024 08:05:10 -0600 Subject: [PATCH 07/74] fix: nightly ecr test (#3041) Signed-off-by: schristoff <28318173+schristoff@users.noreply.github.com> --- src/test/nightly/ecr_publish_test.go | 4 ---- 1 file changed, 4 deletions(-) diff --git a/src/test/nightly/ecr_publish_test.go b/src/test/nightly/ecr_publish_test.go index 3cf5876960..2e3a26ae49 100644 --- a/src/test/nightly/ecr_publish_test.go +++ b/src/test/nightly/ecr_publish_test.go @@ -61,7 +61,6 @@ func TestECRPublishing(t *testing.T) { // Ensure we get a warning when trying to inspect the online published package stdOut, stdErr, err = e2e.Zarf(t, "package", "inspect", upstreamPackageURL, keyFlag, "--sbom-out", tmpDir, "--skip-signature-validation") require.NoError(t, err, stdOut, stdErr) - require.Contains(t, stdErr, "Validating SBOM checksums") // Validate that we can pull the package down from ECR stdOut, stdErr, err = e2e.Zarf(t, "package", "pull", upstreamPackageURL) @@ -72,11 +71,8 @@ func TestECRPublishing(t *testing.T) { // and the insecure flag stdOut, stdErr, err = e2e.Zarf(t, "package", "inspect", testPackageFileName, "--skip-signature-validation") require.NoError(t, err, stdOut, stdErr) - require.NotContains(t, stdErr, "Validating SBOM checksums") // Validate that we get no warnings when inspecting the package while providing the public key stdOut, stdErr, err = e2e.Zarf(t, "package", "inspect", testPackageFileName, keyFlag) require.NoError(t, err, stdOut, stdErr) - require.NotContains(t, stdErr, "Validating SBOM checksums") - require.Contains(t, stdErr, "Package signature validated!") } From 61cc9666f78c54d1dbc52a5d3d9afffbcd7c95f7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 30 Sep 2024 08:28:38 -0600 Subject: [PATCH 08/74] chore(deps): bump helm.sh/helm/v3 from 3.15.3 to 3.16.1 (#3026) Signed-off-by: dependabot[bot] Signed-off-by: Austin Abro Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Austin Abro --- go.mod | 16 +++--- go.sum | 49 +++++++------------ .../content/docs/commands/zarf_tools_helm.md | 2 +- .../commands/zarf_tools_helm_dependency.md | 2 +- .../zarf_tools_helm_dependency_build.md | 2 +- .../zarf_tools_helm_dependency_list.md | 2 +- .../zarf_tools_helm_dependency_update.md | 2 +- .../docs/commands/zarf_tools_helm_repo.md | 2 +- .../docs/commands/zarf_tools_helm_repo_add.md | 2 +- .../commands/zarf_tools_helm_repo_index.md | 2 +- .../commands/zarf_tools_helm_repo_list.md | 2 +- .../commands/zarf_tools_helm_repo_remove.md | 2 +- .../commands/zarf_tools_helm_repo_update.md | 2 +- .../docs/commands/zarf_tools_helm_version.md | 2 +- 14 files changed, 37 insertions(+), 52 deletions(-) diff --git a/go.mod b/go.mod index 69d222f42c..ece20764f8 100644 --- a/go.mod +++ b/go.mod @@ -54,7 +54,7 @@ require ( golang.org/x/crypto v0.27.0 golang.org/x/sync v0.8.0 golang.org/x/term v0.24.0 - helm.sh/helm/v3 v3.15.3 + helm.sh/helm/v3 v3.16.1 k8s.io/api v0.31.1 k8s.io/apimachinery v0.31.1 k8s.io/client-go v0.31.1 @@ -253,7 +253,7 @@ require ( github.com/coreos/go-oidc/v3 v3.11.0 // indirect github.com/cpuguy83/go-md2man/v2 v2.0.4 // indirect github.com/cyberphone/json-canonicalization v0.0.0-20231011164504-785e29786b46 // indirect - github.com/cyphar/filepath-securejoin v0.2.4 // indirect + github.com/cyphar/filepath-securejoin v0.3.1 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect github.com/daviddengcn/go-colortext v1.0.0 // indirect github.com/deitch/magic v0.0.0-20230404182410-1ff89d7342da // indirect @@ -278,7 +278,7 @@ require ( github.com/emicklei/go-restful/v3 v3.11.0 // indirect github.com/emicklei/proto v1.12.1 // indirect github.com/emirpasic/gods v1.18.1 // indirect - github.com/evanphx/json-patch v5.7.0+incompatible // indirect + github.com/evanphx/json-patch v5.9.0+incompatible // indirect github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d // indirect github.com/facebookincubator/nvdtools v0.1.5 // indirect github.com/fatih/camelcase v1.0.0 // indirect @@ -366,7 +366,7 @@ require ( github.com/jinzhu/inflection v1.0.0 // indirect github.com/jinzhu/now v1.1.5 // indirect github.com/jmespath/go-jmespath v0.4.0 // indirect - github.com/jmoiron/sqlx v1.3.5 // indirect + github.com/jmoiron/sqlx v1.4.0 // indirect github.com/jonboulle/clockwork v0.4.0 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect @@ -455,7 +455,7 @@ require ( github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect github.com/rivo/uniseg v0.4.7 // indirect github.com/rs/zerolog v1.32.0 // indirect - github.com/rubenv/sql-migrate v1.5.2 // indirect + github.com/rubenv/sql-migrate v1.7.0 // indirect github.com/russross/blackfriday/v2 v2.1.0 // indirect github.com/ryanuber/go-glob v1.0.0 // indirect github.com/saferwall/pe v1.5.4 // indirect @@ -515,7 +515,7 @@ require ( github.com/zyedidia/generic v1.2.2-0.20230320175451-4410d2372cb1 // indirect go.mongodb.org/mongo-driver v1.14.0 // indirect go.opencensus.io v0.24.0 // indirect - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.52.0 // indirect + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.53.0 // indirect go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0 // indirect go.opentelemetry.io/otel v1.28.0 // indirect go.opentelemetry.io/otel/metric v1.28.0 // indirect @@ -546,8 +546,8 @@ require ( gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect gorm.io/gorm v1.25.9 // indirect - k8s.io/apiextensions-apiserver v0.30.1 // indirect - k8s.io/apiserver v0.30.1 // indirect + k8s.io/apiextensions-apiserver v0.31.0 // indirect + k8s.io/apiserver v0.31.0 // indirect k8s.io/cli-runtime v0.31.1 // indirect k8s.io/component-helpers v0.31.1 // indirect k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect diff --git a/go.sum b/go.sum index 0ab8bfe712..7bbdfa45ba 100644 --- a/go.sum +++ b/go.sum @@ -607,8 +607,8 @@ github.com/creack/pty v1.1.19 h1:tUN6H7LWqNx4hQVxomd0CVsDwaDr9gaRQaI4GpSmrsA= github.com/creack/pty v1.1.19/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4= github.com/cyberphone/json-canonicalization v0.0.0-20231011164504-785e29786b46 h1:2Dx4IHfC1yHWI12AxQDJM1QbRCDfk6M+blLzlZCXdrc= github.com/cyberphone/json-canonicalization v0.0.0-20231011164504-785e29786b46/go.mod h1:uzvlm1mxhHkdfqitSA92i7Se+S9ksOn3a3qmv/kyOCw= -github.com/cyphar/filepath-securejoin v0.2.4 h1:Ugdm7cg7i6ZK6x3xDF1oEu1nfkyfH53EtKeQYTC3kyg= -github.com/cyphar/filepath-securejoin v0.2.4/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4= +github.com/cyphar/filepath-securejoin v0.3.1 h1:1V7cHiaW+C+39wEfpH6XlLBQo3j/PciWFrgfCLS8XrE= +github.com/cyphar/filepath-securejoin v0.3.1/go.mod h1:F7i41x/9cBF7lzCrVsYs9fuzwRZm4NQsGTBdpp6mETc= github.com/danieljoos/wincred v1.2.0 h1:ozqKHaLK0W/ii4KVbbvluM91W2H3Sh0BncbUNPS7jLE= github.com/danieljoos/wincred v1.2.0/go.mod h1:FzQLLMKBFdvu+osBrnFODiv32YGwCfx0SkRa/eYHgec= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -708,8 +708,8 @@ github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7 github.com/envoyproxy/protoc-gen-validate v0.6.2/go.mod h1:2t7qjJNvHPx8IjnBOzl9E9/baC+qXE/TeeyBRzgJDws= github.com/erikgeiser/coninput v0.0.0-20211004153227-1c3628e74d0f h1:Y/CXytFA4m6baUTXGLOoWe4PQhGxaX0KpnayAqC48p4= github.com/erikgeiser/coninput v0.0.0-20211004153227-1c3628e74d0f/go.mod h1:vw97MGsxSvLiUE2X8qFplwetxpGLQrlU1Q9AUEIzCaM= -github.com/evanphx/json-patch v5.7.0+incompatible h1:vgGkfT/9f8zE6tvSCe74nfpAVDQ2tG6yudJd8LBksgI= -github.com/evanphx/json-patch v5.7.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= +github.com/evanphx/json-patch v5.9.0+incompatible h1:fBXyNpNMuTTDdquAq/uisOr2lShz4oaXpDTX2bLe7ls= +github.com/evanphx/json-patch v5.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch/v5 v5.9.0 h1:kcBlZQbplgElYIlo/n1hJbls2z/1awpXxpRi0/FOJfg= github.com/evanphx/json-patch/v5 v5.9.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ= github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d h1:105gxyaGwCFad8crR9dcMQWvV9Hvulu6hwUh4tWPJnM= @@ -858,12 +858,6 @@ github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1v github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= github.com/go-test/deep v1.1.1 h1:0r/53hagsehfO4bzD2Pgr/+RgHqhmf+k1Bpse2cTu1U= github.com/go-test/deep v1.1.1/go.mod h1:5C2ZWiW0ErCdrYzpqxLbTX7MG14M9iiw8DgHncVwcsE= -github.com/gobuffalo/logger v1.0.6 h1:nnZNpxYo0zx+Aj9RfMPBm+x9zAU2OayFh/xrAWi34HU= -github.com/gobuffalo/logger v1.0.6/go.mod h1:J31TBEHR1QLV2683OXTAItYIg8pv2JMHnF/quuAbMjs= -github.com/gobuffalo/packd v1.0.1 h1:U2wXfRr4E9DH8IdsDLlRFwTZTK7hLfq9qT/QHXGVe/0= -github.com/gobuffalo/packd v1.0.1/go.mod h1:PP2POP3p3RXGz7Jh6eYEf93S7vA2za6xM7QT85L4+VY= -github.com/gobuffalo/packr/v2 v2.8.3 h1:xE1yzvnO56cUC0sTpKR3DIbxZgB54AftTFMhB2XEWlY= -github.com/gobuffalo/packr/v2 v2.8.3/go.mod h1:0SahksCVcx4IMnigTjiFuyldmTrdTctXsOdiU5KwbKc= github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y= github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8= github.com/goccy/go-json v0.10.3 h1:KZ5WoDbxAIgm2HNbYckL0se1fHD6rz5j4ywS6ebzDqA= @@ -1156,8 +1150,8 @@ github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGw github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U= github.com/jmhodges/clock v1.2.0 h1:eq4kys+NI0PLngzaHEe7AmPT90XMGIEySD1JfV1PDIs= github.com/jmhodges/clock v1.2.0/go.mod h1:qKjhA7x7u/lQpPB1XAqX1b1lCI/w3/fNuYpI/ZjLynI= -github.com/jmoiron/sqlx v1.3.5 h1:vFFPA71p1o5gAeqtEAwLU4dnX2napprKtHr7PYIcN3g= -github.com/jmoiron/sqlx v1.3.5/go.mod h1:nRVWtLre0KfCLJvgxzCsLVMogSvQ1zNJtpYr2Ccp0mQ= +github.com/jmoiron/sqlx v1.4.0 h1:1PLqN7S1UYp5t4SrVVnt4nUVNemrDAtxlulVe+Qgm3o= +github.com/jmoiron/sqlx v1.4.0/go.mod h1:ZrZ7UsYB/weZdl2Bxg6jCRO9c3YHl8r3ahlKmRT4JLY= github.com/jonboulle/clockwork v0.4.0 h1:p4Cf1aMWXnXAUh8lVfewRBx1zaTSYKrKMF2g3ST4RZ4= github.com/jonboulle/clockwork v0.4.0/go.mod h1:xgRqUGwRcjKCO1vbZUEtSLrqKoPSsUpK7fnezOII0kc= github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= @@ -1173,8 +1167,6 @@ github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1 github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= -github.com/karrick/godirwalk v1.16.1 h1:DynhcF+bztK8gooS0+NDJFrdNZjJ3gzVzC545UNA9iw= -github.com/karrick/godirwalk v1.16.1/go.mod h1:j4mkqPuvaLI8mp1DroR3P6ad7cyYd4c1qeJ3RV7ULlk= github.com/kastenhq/goversion v0.0.0-20230811215019-93b2f8823953 h1:WdAeg/imY2JFPc/9CST4bZ80nNJbiBFCAdSZCSgrS5Y= github.com/kastenhq/goversion v0.0.0-20230811215019-93b2f8823953/go.mod h1:6o+UrvuZWc4UTyBhQf0LGjW9Ld7qJxLz/OqvSOWWlEc= github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 h1:Z9n2FFNUXsshfwJMBgNA0RU6/i7WVaAegv3PtuIHPMs= @@ -1225,7 +1217,6 @@ github.com/leodido/go-urn v1.4.0 h1:WT9HwE9SGECu3lg4d/dIA+jxlljEa1/ffXKmRjqdmIQ= github.com/leodido/go-urn v1.4.0/go.mod h1:bvxc+MVxLKB4z00jd1z+Dvzr47oO32F/QSNjSBOlFxI= github.com/letsencrypt/boulder v0.0.0-20240620165639-de9c06129bec h1:2tTW6cDth2TSgRbAhD7yjZzTQmcN25sDRPEeinR51yQ= github.com/letsencrypt/boulder v0.0.0-20240620165639-de9c06129bec/go.mod h1:TmwEoGCwIti7BCeJ9hescZgRtatxRE+A72pCoPfmcfk= -github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw= github.com/lib/pq v1.10.9/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de h1:9TO3cAIGXtEhnIaL+V+BEER86oLrvS+kWobKpbJuye0= @@ -1244,12 +1235,6 @@ github.com/magiconair/properties v1.8.7 h1:IeQXZAiQcpL9mgcAe1Nu6cX9LLw6ExEHKjN0V github.com/magiconair/properties v1.8.7/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0= github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= -github.com/markbates/errx v1.1.0 h1:QDFeR+UP95dO12JgW+tgi2UVfo0V8YBHiUIOaeBPiEI= -github.com/markbates/errx v1.1.0/go.mod h1:PLa46Oex9KNbVDZhKel8v1OT7hD5JZ2eI7AHhA0wswc= -github.com/markbates/oncer v1.0.0 h1:E83IaVAHygyndzPimgUYJjbshhDTALZyXxvk9FOlQRY= -github.com/markbates/oncer v1.0.0/go.mod h1:Z59JA581E9GP6w96jai+TGqafHPW+cPfRxz2aSZ0mcI= -github.com/markbates/safe v1.0.1 h1:yjZkbvRM6IzKj9tlu/zMJLS0n/V351OZWRnF3QfaUxI= -github.com/markbates/safe v1.0.1/go.mod h1:nAqgmRi7cY2nqMc92/bSEeQA+R4OheNU2T1kNSCBdG0= github.com/maruel/natural v1.1.1 h1:Hja7XhhmvEFhcByqDoHz9QZbkWey+COd9xWfCfn1ioo= github.com/maruel/natural v1.1.1/go.mod h1:v+Rfd79xlw1AgVBjbO0BEQmptqb5HvL/k9GRHB7ZKEg= github.com/masahiro331/go-mvn-version v0.0.0-20210429150710-d3157d602a08 h1:AevUBW4cc99rAF8q8vmddIP8qd/0J5s/UyltGbp66dg= @@ -1280,7 +1265,7 @@ github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m github.com/mattn/go-runewidth v0.0.13/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w= github.com/mattn/go-runewidth v0.0.16 h1:E5ScNMtiwvlvB5paMFdw9p4kSQzbXFikJ5SQO6TULQc= github.com/mattn/go-runewidth v0.0.16/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w= -github.com/mattn/go-sqlite3 v1.14.6/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU= +github.com/mattn/go-sqlite3 v1.14.22/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y= github.com/mattn/go-sqlite3 v2.0.3+incompatible h1:gXHsfypPkaMZrKbD5209QV9jbUTJKjyR5WD3HYQSd+U= github.com/mattn/go-sqlite3 v2.0.3+incompatible/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= @@ -1518,8 +1503,8 @@ github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99 github.com/rs/xid v1.5.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg= github.com/rs/zerolog v1.32.0 h1:keLypqrlIjaFsbmJOBdB/qvyF8KEtCWHwobLp5l/mQ0= github.com/rs/zerolog v1.32.0/go.mod h1:/7mN4D5sKwJLZQ2b/znpjC3/GQWY/xaDXUM0kKWRHss= -github.com/rubenv/sql-migrate v1.5.2 h1:bMDqOnrJVV/6JQgQ/MxOpU+AdO8uzYYA/TxFUBzFtS0= -github.com/rubenv/sql-migrate v1.5.2/go.mod h1:H38GW8Vqf8F0Su5XignRyaRcbXbJunSWxs+kmzlg0Is= +github.com/rubenv/sql-migrate v1.7.0 h1:HtQq1xyTN2ISmQDggnh0c9U3JlP8apWh8YO2jzlXpTI= +github.com/rubenv/sql-migrate v1.7.0/go.mod h1:S4wtDEG1CKn+0ShpTtzWhFpHHI5PvCUtiGI+C+Z2THE= github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= @@ -1768,8 +1753,8 @@ go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= go.opentelemetry.io/contrib/exporters/autoexport v0.46.1 h1:ysCfPZB9AjUlMa1UHYup3c9dAOCMQX/6sxSfPBUoxHw= go.opentelemetry.io/contrib/exporters/autoexport v0.46.1/go.mod h1:ha0aiYm+DOPsLHjh0zoQ8W8sLT+LJ58J3j47lGpSLrU= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.52.0 h1:vS1Ao/R55RNV4O7TA2Qopok8yN+X0LIP6RVWLFkprck= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.52.0/go.mod h1:BMsdeOxN04K0L5FNUBfjFdvwWGNe/rkmSwH4Aelu/X0= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.53.0 h1:9G6E0TXzGFVfTnawRzrPl83iHOAV7L8NJiR8RSGYV1g= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.53.0/go.mod h1:azvtTADFQJA8mX80jIH/akaE7h+dbm/sVuaHqN13w74= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0 h1:4K4tsIXefpVJtvA/8srF4V4y0akAoPHkIslgAkjixJA= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0/go.mod h1:jjdQuTGVsXV4vSs+CJ2qYDeDPf9yIJV23qlIzBm73Vg= go.opentelemetry.io/otel v1.28.0 h1:/SqNcYk+idO0CxKEUOtKQClMK/MimZihKYMruSMViUo= @@ -2472,8 +2457,8 @@ gorm.io/gorm v1.25.9 h1:wct0gxZIELDk8+ZqF/MVnHLkA1rvYlBWUMv2EdsK1g8= gorm.io/gorm v1.25.9/go.mod h1:hbnx/Oo0ChWMn1BIhpy1oYozzpM15i4YPuHDmfYtwg8= gotest.tools/v3 v3.5.1 h1:EENdUnS3pdur5nybKYIh2Vfgc8IUNBjxDPSjtiJcOzU= gotest.tools/v3 v3.5.1/go.mod h1:isy3WKz7GK6uNw/sbHzfKBLvlvXwUyV06n6brMxxopU= -helm.sh/helm/v3 v3.15.3 h1:HcZDaVFe9uHa6hpsR54mJjYyRy4uz/pc6csg27nxFOc= -helm.sh/helm/v3 v3.15.3/go.mod h1:FzSIP8jDQaa6WAVg9F+OkKz7J0ZmAga4MABtTbsb9WQ= +helm.sh/helm/v3 v3.16.1 h1:cER6tI/8PgUAsaJaQCVBUg3VI9KN4oVaZJgY60RIc0c= +helm.sh/helm/v3 v3.16.1/go.mod h1:r+xBHHP20qJeEqtvBXMf7W35QDJnzY/eiEBzt+TfHps= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= @@ -2483,12 +2468,12 @@ honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9 honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= k8s.io/api v0.31.1 h1:Xe1hX/fPW3PXYYv8BlozYqw63ytA92snr96zMW9gWTU= k8s.io/api v0.31.1/go.mod h1:sbN1g6eY6XVLeqNsZGLnI5FwVseTrZX7Fv3O26rhAaI= -k8s.io/apiextensions-apiserver v0.30.1 h1:4fAJZ9985BmpJG6PkoxVRpXv9vmPUOVzl614xarePws= -k8s.io/apiextensions-apiserver v0.30.1/go.mod h1:R4GuSrlhgq43oRY9sF2IToFh7PVlF1JjfWdoG3pixk4= +k8s.io/apiextensions-apiserver v0.31.0 h1:fZgCVhGwsclj3qCw1buVXCV6khjRzKC5eCFt24kyLSk= +k8s.io/apiextensions-apiserver v0.31.0/go.mod h1:b9aMDEYaEe5sdK+1T0KU78ApR/5ZVp4i56VacZYEHxk= k8s.io/apimachinery v0.31.1 h1:mhcUBbj7KUjaVhyXILglcVjuS4nYXiwC+KKFBgIVy7U= k8s.io/apimachinery v0.31.1/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo= -k8s.io/apiserver v0.30.1 h1:BEWEe8bzS12nMtDKXzCF5Q5ovp6LjjYkSp8qOPk8LZ8= -k8s.io/apiserver v0.30.1/go.mod h1:i87ZnQ+/PGAmSbD/iEKM68bm1D5reX8fO4Ito4B01mo= +k8s.io/apiserver v0.31.0 h1:p+2dgJjy+bk+B1Csz+mc2wl5gHwvNkC9QJV+w55LVrY= +k8s.io/apiserver v0.31.0/go.mod h1:KI9ox5Yu902iBnnyMmy7ajonhKnkeZYJhTZ/YI+WEMk= k8s.io/cli-runtime v0.31.1 h1:/ZmKhmZ6hNqDM+yf9s3Y4KEYakNXUn5sod2LWGGwCuk= k8s.io/cli-runtime v0.31.1/go.mod h1:pKv1cDIaq7ehWGuXQ+A//1OIF+7DI+xudXtExMCbe9U= k8s.io/client-go v0.31.1 h1:f0ugtWSbWpxHR7sjVpQwuvw9a3ZKLXX0u0itkFXufb0= diff --git a/site/src/content/docs/commands/zarf_tools_helm.md b/site/src/content/docs/commands/zarf_tools_helm.md index 3b836a8cd0..b9eeb8f482 100644 --- a/site/src/content/docs/commands/zarf_tools_helm.md +++ b/site/src/content/docs/commands/zarf_tools_helm.md @@ -32,7 +32,7 @@ Subset of the Helm CLI that includes the repo and dependency commands for managi -n, --namespace string namespace scope for this request --qps float32 queries per second used when communicating with the Kubernetes API, not including bursting --registry-config string path to the registry config file - --repository-cache string path to the file containing cached repository indexes + --repository-cache string path to the directory containing cached repository indexes --repository-config string path to the file containing repository names and URLs ``` diff --git a/site/src/content/docs/commands/zarf_tools_helm_dependency.md b/site/src/content/docs/commands/zarf_tools_helm_dependency.md index fdbb387c52..e1024700f2 100644 --- a/site/src/content/docs/commands/zarf_tools_helm_dependency.md +++ b/site/src/content/docs/commands/zarf_tools_helm_dependency.md @@ -85,7 +85,7 @@ for this case. --plain-http Force the connections over HTTP instead of HTTPS. This flag should only be used if you have a specific reason and accept the reduced security posture. --qps float32 queries per second used when communicating with the Kubernetes API, not including bursting --registry-config string path to the registry config file - --repository-cache string path to the file containing cached repository indexes + --repository-cache string path to the directory containing cached repository indexes --repository-config string path to the file containing repository names and URLs ``` diff --git a/site/src/content/docs/commands/zarf_tools_helm_dependency_build.md b/site/src/content/docs/commands/zarf_tools_helm_dependency_build.md index ff1b47e6fd..15e71f78a9 100644 --- a/site/src/content/docs/commands/zarf_tools_helm_dependency_build.md +++ b/site/src/content/docs/commands/zarf_tools_helm_dependency_build.md @@ -55,7 +55,7 @@ zarf tools helm dependency build CHART [flags] --plain-http Force the connections over HTTP instead of HTTPS. This flag should only be used if you have a specific reason and accept the reduced security posture. --qps float32 queries per second used when communicating with the Kubernetes API, not including bursting --registry-config string path to the registry config file - --repository-cache string path to the file containing cached repository indexes + --repository-cache string path to the directory containing cached repository indexes --repository-config string path to the file containing repository names and URLs ``` diff --git a/site/src/content/docs/commands/zarf_tools_helm_dependency_list.md b/site/src/content/docs/commands/zarf_tools_helm_dependency_list.md index 04b786e8d6..b987750c01 100644 --- a/site/src/content/docs/commands/zarf_tools_helm_dependency_list.md +++ b/site/src/content/docs/commands/zarf_tools_helm_dependency_list.md @@ -51,7 +51,7 @@ zarf tools helm dependency list CHART [flags] --plain-http Force the connections over HTTP instead of HTTPS. This flag should only be used if you have a specific reason and accept the reduced security posture. --qps float32 queries per second used when communicating with the Kubernetes API, not including bursting --registry-config string path to the registry config file - --repository-cache string path to the file containing cached repository indexes + --repository-cache string path to the directory containing cached repository indexes --repository-config string path to the file containing repository names and URLs ``` diff --git a/site/src/content/docs/commands/zarf_tools_helm_dependency_update.md b/site/src/content/docs/commands/zarf_tools_helm_dependency_update.md index 15486dfabb..97336f3973 100644 --- a/site/src/content/docs/commands/zarf_tools_helm_dependency_update.md +++ b/site/src/content/docs/commands/zarf_tools_helm_dependency_update.md @@ -59,7 +59,7 @@ zarf tools helm dependency update CHART [flags] --plain-http Force the connections over HTTP instead of HTTPS. This flag should only be used if you have a specific reason and accept the reduced security posture. --qps float32 queries per second used when communicating with the Kubernetes API, not including bursting --registry-config string path to the registry config file - --repository-cache string path to the file containing cached repository indexes + --repository-cache string path to the directory containing cached repository indexes --repository-config string path to the file containing repository names and URLs ``` diff --git a/site/src/content/docs/commands/zarf_tools_helm_repo.md b/site/src/content/docs/commands/zarf_tools_helm_repo.md index bb890b0631..760651b6ad 100644 --- a/site/src/content/docs/commands/zarf_tools_helm_repo.md +++ b/site/src/content/docs/commands/zarf_tools_helm_repo.md @@ -43,7 +43,7 @@ It can be used to add, remove, list, and index chart repositories. --plain-http Force the connections over HTTP instead of HTTPS. This flag should only be used if you have a specific reason and accept the reduced security posture. --qps float32 queries per second used when communicating with the Kubernetes API, not including bursting --registry-config string path to the registry config file - --repository-cache string path to the file containing cached repository indexes + --repository-cache string path to the directory containing cached repository indexes --repository-config string path to the file containing repository names and URLs ``` diff --git a/site/src/content/docs/commands/zarf_tools_helm_repo_add.md b/site/src/content/docs/commands/zarf_tools_helm_repo_add.md index 427fa498f4..fb2e4af355 100644 --- a/site/src/content/docs/commands/zarf_tools_helm_repo_add.md +++ b/site/src/content/docs/commands/zarf_tools_helm_repo_add.md @@ -49,7 +49,7 @@ zarf tools helm repo add [NAME] [URL] [flags] --plain-http Force the connections over HTTP instead of HTTPS. This flag should only be used if you have a specific reason and accept the reduced security posture. --qps float32 queries per second used when communicating with the Kubernetes API, not including bursting --registry-config string path to the registry config file - --repository-cache string path to the file containing cached repository indexes + --repository-cache string path to the directory containing cached repository indexes --repository-config string path to the file containing repository names and URLs ``` diff --git a/site/src/content/docs/commands/zarf_tools_helm_repo_index.md b/site/src/content/docs/commands/zarf_tools_helm_repo_index.md index 2568672be9..d548e3bec2 100644 --- a/site/src/content/docs/commands/zarf_tools_helm_repo_index.md +++ b/site/src/content/docs/commands/zarf_tools_helm_repo_index.md @@ -54,7 +54,7 @@ zarf tools helm repo index [DIR] [flags] --plain-http Force the connections over HTTP instead of HTTPS. This flag should only be used if you have a specific reason and accept the reduced security posture. --qps float32 queries per second used when communicating with the Kubernetes API, not including bursting --registry-config string path to the registry config file - --repository-cache string path to the file containing cached repository indexes + --repository-cache string path to the directory containing cached repository indexes --repository-config string path to the file containing repository names and URLs ``` diff --git a/site/src/content/docs/commands/zarf_tools_helm_repo_list.md b/site/src/content/docs/commands/zarf_tools_helm_repo_list.md index 987cd7fe3c..533759d015 100644 --- a/site/src/content/docs/commands/zarf_tools_helm_repo_list.md +++ b/site/src/content/docs/commands/zarf_tools_helm_repo_list.md @@ -40,7 +40,7 @@ zarf tools helm repo list [flags] --plain-http Force the connections over HTTP instead of HTTPS. This flag should only be used if you have a specific reason and accept the reduced security posture. --qps float32 queries per second used when communicating with the Kubernetes API, not including bursting --registry-config string path to the registry config file - --repository-cache string path to the file containing cached repository indexes + --repository-cache string path to the directory containing cached repository indexes --repository-config string path to the file containing repository names and URLs ``` diff --git a/site/src/content/docs/commands/zarf_tools_helm_repo_remove.md b/site/src/content/docs/commands/zarf_tools_helm_repo_remove.md index af693c1ad9..2637721ec6 100644 --- a/site/src/content/docs/commands/zarf_tools_helm_repo_remove.md +++ b/site/src/content/docs/commands/zarf_tools_helm_repo_remove.md @@ -39,7 +39,7 @@ zarf tools helm repo remove [REPO1 [REPO2 ...]] [flags] --plain-http Force the connections over HTTP instead of HTTPS. This flag should only be used if you have a specific reason and accept the reduced security posture. --qps float32 queries per second used when communicating with the Kubernetes API, not including bursting --registry-config string path to the registry config file - --repository-cache string path to the file containing cached repository indexes + --repository-cache string path to the directory containing cached repository indexes --repository-config string path to the file containing repository names and URLs ``` diff --git a/site/src/content/docs/commands/zarf_tools_helm_repo_update.md b/site/src/content/docs/commands/zarf_tools_helm_repo_update.md index 687c1c01e2..4b9d55387d 100644 --- a/site/src/content/docs/commands/zarf_tools_helm_repo_update.md +++ b/site/src/content/docs/commands/zarf_tools_helm_repo_update.md @@ -51,7 +51,7 @@ zarf tools helm repo update [REPO1 [REPO2 ...]] [flags] --plain-http Force the connections over HTTP instead of HTTPS. This flag should only be used if you have a specific reason and accept the reduced security posture. --qps float32 queries per second used when communicating with the Kubernetes API, not including bursting --registry-config string path to the registry config file - --repository-cache string path to the file containing cached repository indexes + --repository-cache string path to the directory containing cached repository indexes --repository-config string path to the file containing repository names and URLs ``` diff --git a/site/src/content/docs/commands/zarf_tools_helm_version.md b/site/src/content/docs/commands/zarf_tools_helm_version.md index 3c70426811..24bdc269b5 100644 --- a/site/src/content/docs/commands/zarf_tools_helm_version.md +++ b/site/src/content/docs/commands/zarf_tools_helm_version.md @@ -39,7 +39,7 @@ zarf tools helm version [flags] --plain-http Force the connections over HTTP instead of HTTPS. This flag should only be used if you have a specific reason and accept the reduced security posture. --qps float32 queries per second used when communicating with the Kubernetes API, not including bursting --registry-config string path to the registry config file - --repository-cache string path to the file containing cached repository indexes + --repository-cache string path to the directory containing cached repository indexes --repository-config string path to the file containing repository names and URLs ``` From aab365b35ac4993f6e9c9bceb059a3c6dc269540 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 30 Sep 2024 20:16:37 +0200 Subject: [PATCH 09/74] chore(deps): bump github.com/prometheus/client_golang from 1.18.0 to 1.20.4 (#3007) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index ece20764f8..f77728e9d1 100644 --- a/go.mod +++ b/go.mod @@ -38,7 +38,7 @@ require ( github.com/moby/moby v27.2.1+incompatible github.com/opencontainers/image-spec v1.1.0 github.com/pkg/errors v0.9.1 - github.com/prometheus/client_golang v1.20.2 + github.com/prometheus/client_golang v1.20.4 github.com/pterm/pterm v0.12.79 github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 github.com/sigstore/cosign/v2 v2.4.0 diff --git a/go.sum b/go.sum index 7bbdfa45ba..8a38653dda 100644 --- a/go.sum +++ b/go.sum @@ -1450,8 +1450,8 @@ github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXP github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= github.com/prometheus/client_golang v1.1.0/go.mod h1:I1FGZT9+L76gKKOs5djB6ezCbFQP1xR9D75/vuwEF3g= github.com/prometheus/client_golang v1.4.0/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU= -github.com/prometheus/client_golang v1.20.2 h1:5ctymQzZlyOON1666svgwn3s6IKWgfbjsejTMiXIyjg= -github.com/prometheus/client_golang v1.20.2/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE= +github.com/prometheus/client_golang v1.20.4 h1:Tgh3Yr67PaOv/uTqloMsCEdeuFTatm5zIq5+qNN23vI= +github.com/prometheus/client_golang v1.20.4/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE= github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= From 59b373a5e4eb046fdcb5f10b61e4eccae941bdd1 Mon Sep 17 00:00:00 2001 From: Kit Patella Date: Mon, 30 Sep 2024 12:07:13 -0700 Subject: [PATCH 10/74] chore: cleanup errchecking in tests (#3040) Signed-off-by: Kit Patella --- src/test/common.go | 18 +++-- src/test/e2e/00_use_cli_test.go | 13 +-- src/test/e2e/01_component_choice_test.go | 2 +- src/test/e2e/02_component_actions_test.go | 10 +-- src/test/e2e/03_deprecations_test.go | 12 +-- src/test/e2e/04_create_templating_test.go | 2 +- src/test/e2e/05_tarball_test.go | 8 +- src/test/e2e/06_create_sbom_test.go | 4 +- src/test/e2e/07_create_git_test.go | 2 +- src/test/e2e/08_create_differential_test.go | 4 +- src/test/e2e/11_oci_pull_inspect_test.go | 2 +- src/test/e2e/12_lint_test.go | 6 +- src/test/e2e/14_oci_compose_test.go | 79 +++++++++++-------- src/test/e2e/20_zarf_init_test.go | 6 +- src/test/e2e/21_connect_creds_test.go | 4 +- src/test/e2e/22_git_and_gitops_test.go | 2 +- src/test/e2e/24_variables_test.go | 10 ++- src/test/e2e/25_helm_test.go | 10 ++- src/test/e2e/28_wait_test.go | 2 +- src/test/e2e/29_config_file_test.go | 39 +++++---- .../e2e/30_component_action_cluster_test.go | 2 +- .../e2e/31_checksum_and_signature_test.go | 2 +- src/test/e2e/32_component_webhooks_test.go | 2 +- src/test/e2e/33_manifest_with_symlink_test.go | 4 +- src/test/e2e/34_custom_init_package_test.go | 2 +- src/test/e2e/50_oci_publish_deploy_test.go | 4 +- src/test/external/common.go | 3 +- src/test/external/ext_in_cluster_test.go | 6 +- src/test/external/ext_out_cluster_test.go | 40 ++++++---- src/test/nightly/ecr_publish_test.go | 2 +- src/test/upgrade/previously_built_test.go | 30 ++++--- 31 files changed, 198 insertions(+), 134 deletions(-) diff --git a/src/test/common.go b/src/test/common.go index 746600feb1..4201fea6b9 100644 --- a/src/test/common.go +++ b/src/test/common.go @@ -6,6 +6,7 @@ package test import ( "bufio" + "errors" "fmt" "os" "regexp" @@ -53,13 +54,16 @@ func GetCLIName() string { } // Zarf executes a Zarf command. -func (e2e *ZarfE2ETest) Zarf(t *testing.T, args ...string) (string, string, error) { +func (e2e *ZarfE2ETest) Zarf(t *testing.T, args ...string) (_ string, _ string, err error) { if !slices.Contains(args, "--tmpdir") && !slices.Contains(args, "tools") { tmpdir, err := os.MkdirTemp("", "zarf-") if err != nil { return "", "", err } - defer os.RemoveAll(tmpdir) + defer func(path string) { + errRemove := os.RemoveAll(path) + err = errors.Join(err, errRemove) + }(tmpdir) args = append(args, "--tmpdir", tmpdir) } if !slices.Contains(args, "--zarf-cache") && !slices.Contains(args, "tools") && os.Getenv("CI") == "true" { @@ -74,7 +78,10 @@ func (e2e *ZarfE2ETest) Zarf(t *testing.T, args ...string) (string, string, erro return "", "", err } args = append(args, "--zarf-cache", cacheDir) - defer os.RemoveAll(cacheDir) + defer func(path string) { + errRemove := os.RemoveAll(path) + err = errors.Join(err, errRemove) + }(cacheDir) } return exec.CmdWithTesting(t, exec.PrintCfg(), e2e.ZarfBinPath, args...) } @@ -87,9 +94,10 @@ func (e2e *ZarfE2ETest) Kubectl(t *testing.T, args ...string) (string, string, e } // CleanFiles removes files and directories that have been created during the test. -func (e2e *ZarfE2ETest) CleanFiles(files ...string) { +func (e2e *ZarfE2ETest) CleanFiles(t *testing.T, files ...string) { for _, file := range files { - _ = os.RemoveAll(file) + err := os.RemoveAll(file) + require.NoError(t, err) } } diff --git a/src/test/e2e/00_use_cli_test.go b/src/test/e2e/00_use_cli_test.go index 366bacb7f9..e5bc25cb4d 100644 --- a/src/test/e2e/00_use_cli_test.go +++ b/src/test/e2e/00_use_cli_test.go @@ -27,9 +27,9 @@ func TestUseCLI(t *testing.T) { expectedShasum := "61b50898f982d015ed87093ba822de0fe011cec6dd67db39f99d8c56391a6109\n" shasumTestFilePath := "shasum-test-file" - e2e.CleanFiles(shasumTestFilePath) + e2e.CleanFiles(t, shasumTestFilePath) t.Cleanup(func() { - e2e.CleanFiles(shasumTestFilePath) + e2e.CleanFiles(t, shasumTestFilePath) }) err := os.WriteFile(shasumTestFilePath, []byte("random test data 🦄\n"), helpers.ReadWriteUser) @@ -110,7 +110,8 @@ func TestUseCLI(t *testing.T) { t.Run("changing log level", func(t *testing.T) { t.Parallel() // Test that changing the log level actually applies the requested level - _, stdErr, _ := e2e.Zarf(t, "internal", "crc32", "zarf", "--log-level=debug") + _, stdErr, err := e2e.Zarf(t, "internal", "crc32", "zarf", "--log-level=debug") + require.NoError(t, err) expectedOutString := "Log level set to debug" require.Contains(t, stdErr, expectedOutString, "The log level should be changed to 'debug'") }) @@ -138,7 +139,7 @@ func TestUseCLI(t *testing.T) { require.FileExists(t, "binaries/eksctl_Darwin_arm64") require.FileExists(t, "binaries/eksctl_Linux_x86_64") - e2e.CleanFiles("binaries/eksctl_Darwin_x86_64", "binaries/eksctl_Darwin_arm64", "binaries/eksctl_Linux_x86_64", path, "eks.yaml") + e2e.CleanFiles(t, "binaries/eksctl_Darwin_x86_64", "binaries/eksctl_Darwin_arm64", "binaries/eksctl_Linux_x86_64", path, "eks.yaml") }) t.Run("zarf package create with tmpdir and cache", func(t *testing.T) { @@ -164,7 +165,7 @@ func TestUseCLI(t *testing.T) { secondFile = "second-choice-file.txt" ) t.Cleanup(func() { - e2e.CleanFiles(firstFile, secondFile) + e2e.CleanFiles(t, firstFile, secondFile) }) path := fmt.Sprintf("build/zarf-package-component-choice-%s.tar.zst", e2e.Arch) stdOut, stdErr, err := e2e.Zarf(t, "package", "deploy", path, "--tmpdir", tmpdir, "--log-level=debug", "--confirm") @@ -197,7 +198,7 @@ func TestUseCLI(t *testing.T) { tlsCert := "tls.crt" tlsKey := "tls.key" t.Cleanup(func() { - e2e.CleanFiles(tlsCA, tlsCert, tlsKey) + e2e.CleanFiles(t, tlsCA, tlsCert, tlsKey) }) stdOut, stdErr, err := e2e.Zarf(t, "tools", "gen-pki", "github.com", "--sub-alt-name", "google.com") require.NoError(t, err, stdOut, stdErr) diff --git a/src/test/e2e/01_component_choice_test.go b/src/test/e2e/01_component_choice_test.go index 8668586956..b16efcb3e8 100644 --- a/src/test/e2e/01_component_choice_test.go +++ b/src/test/e2e/01_component_choice_test.go @@ -19,7 +19,7 @@ func TestComponentChoice(t *testing.T) { secondFile = "second-choice-file.txt" ) t.Cleanup(func() { - e2e.CleanFiles(firstFile, secondFile) + e2e.CleanFiles(t, firstFile, secondFile) }) path := fmt.Sprintf("build/zarf-package-component-choice-%s.tar.zst", e2e.Arch) diff --git a/src/test/e2e/02_component_actions_test.go b/src/test/e2e/02_component_actions_test.go index 8ef710ee90..47804677f2 100644 --- a/src/test/e2e/02_component_actions_test.go +++ b/src/test/e2e/02_component_actions_test.go @@ -26,8 +26,8 @@ func TestComponentActions(t *testing.T) { } allArtifacts := append(deployArtifacts, createArtifacts...) - e2e.CleanFiles(allArtifacts...) - defer e2e.CleanFiles(allArtifacts...) + e2e.CleanFiles(t, allArtifacts...) + defer e2e.CleanFiles(t, allArtifacts...) /* Create */ // Try creating the package to test the onCreate actions. @@ -111,7 +111,7 @@ func TestComponentActions(t *testing.T) { require.FileExists(t, deployWithEnvVarArtifact) // Remove the env var file at the end of the test - e2e.CleanFiles(deployWithEnvVarArtifact) + e2e.CleanFiles(t, deployWithEnvVarArtifact) }) t.Run("action on-deploy-with-template", func(t *testing.T) { @@ -128,7 +128,7 @@ func TestComponentActions(t *testing.T) { require.Contains(t, string(outTemplated), "The snake says ###ZARF_VAR_SNAKE_SOUND###") // Remove the templated file so we can test with dynamic variables - e2e.CleanFiles(deployTemplatedArtifact) + e2e.CleanFiles(t, deployTemplatedArtifact) // Test using a templated file with dynamic variables stdOut, stdErr, err = e2e.Zarf(t, "package", "deploy", path, "--components=on-deploy-with-template-use-of-variable,on-deploy-with-dynamic-variable,on-deploy-with-multiple-variables", "--confirm") @@ -140,7 +140,7 @@ func TestComponentActions(t *testing.T) { require.Contains(t, string(outTemplated), "The snake says hiss") // Remove the templated file at the end of the test - e2e.CleanFiles(deployTemplatedArtifact) + e2e.CleanFiles(t, deployTemplatedArtifact) }) t.Run("action on-deploy-immediate-failure", func(t *testing.T) { diff --git a/src/test/e2e/03_deprecations_test.go b/src/test/e2e/03_deprecations_test.go index 0414a3915e..27fcc4a59a 100644 --- a/src/test/e2e/03_deprecations_test.go +++ b/src/test/e2e/03_deprecations_test.go @@ -24,14 +24,14 @@ func TestDeprecatedComponentScripts(t *testing.T) { "test-deprecated-deploy-after-hook.txt", } allArtifacts := append(deployArtifacts, prepareArtifact) - e2e.CleanFiles(allArtifacts...) - defer e2e.CleanFiles(allArtifacts...) + e2e.CleanFiles(t, allArtifacts...) + defer e2e.CleanFiles(t, allArtifacts...) // 1. Try creating the package to test the create scripts testPackagePath := fmt.Sprintf("%s/zarf-package-deprecated-component-scripts-%s.tar.zst", testPackageDirPath, e2e.Arch) outputFlag := fmt.Sprintf("-o=%s", testPackageDirPath) stdOut, stdErr, err := e2e.Zarf(t, "package", "create", testPackageDirPath, outputFlag, "--confirm") - defer e2e.CleanFiles(testPackagePath) + defer e2e.CleanFiles(t, testPackagePath) require.NoError(t, err, stdOut, stdErr) require.Contains(t, stdErr, "Component '1-test-deprecated-prepare-scripts' is using scripts") require.Contains(t, stdErr, "Component '2-test-deprecated-deploy-scripts' is using scripts") @@ -71,8 +71,8 @@ func TestDeprecatedSetAndPackageVariables(t *testing.T) { "test-deprecated-deploy-after-hook.txt", } allArtifacts := append(deployArtifacts, prepareArtifact) - e2e.CleanFiles(allArtifacts...) - defer e2e.CleanFiles(allArtifacts...) + e2e.CleanFiles(t, allArtifacts...) + defer e2e.CleanFiles(t, allArtifacts...) // 2. Try creating the package to test the create scripts testPackagePath := fmt.Sprintf("%s/zarf-package-deprecated-set-variable-%s.tar.zst", testPackageDirPath, e2e.Arch) @@ -85,7 +85,7 @@ func TestDeprecatedSetAndPackageVariables(t *testing.T) { // Check that the command displays a warning on create stdOut, stdErr, err = e2e.Zarf(t, "package", "create", testPackageDirPath, outputFlag, "--confirm", "--set", "ECHO=Zarf-The-Axolotl") - defer e2e.CleanFiles(testPackagePath) + defer e2e.CleanFiles(t, testPackagePath) require.NoError(t, err, stdOut, stdErr) require.Contains(t, stdErr, "Component '1-test-deprecated-set-variable' is using setVariable") require.Contains(t, stdErr, "deprecated syntax ###ZARF_PKG_VAR_ECHO###") diff --git a/src/test/e2e/04_create_templating_test.go b/src/test/e2e/04_create_templating_test.go index a93f23027d..fb03553553 100644 --- a/src/test/e2e/04_create_templating_test.go +++ b/src/test/e2e/04_create_templating_test.go @@ -65,5 +65,5 @@ func TestCreateTemplating(t *testing.T) { require.NoError(t, err) require.Contains(t, string(filesJSON), "pandas") - e2e.CleanFiles(pkgName, fileFoldersPkgName) + e2e.CleanFiles(t, pkgName, fileFoldersPkgName) } diff --git a/src/test/e2e/05_tarball_test.go b/src/test/e2e/05_tarball_test.go index d1646899cf..5ab956c5a0 100644 --- a/src/test/e2e/05_tarball_test.go +++ b/src/test/e2e/05_tarball_test.go @@ -28,7 +28,7 @@ func TestMultiPartPackage(t *testing.T) { outputFile = "multi-part-demo.dat" ) - e2e.CleanFiles(deployPath, outputFile) + e2e.CleanFiles(t, deployPath, outputFile) // Create the package with a max size of 20MB stdOut, stdErr, err := e2e.Zarf(t, "package", "create", createPath, "--max-package-size=20", "--confirm") @@ -73,8 +73,8 @@ func TestMultiPartPackage(t *testing.T) { err = helpers.SHAsMatch(parts[0], pkgData.Sha256Sum) require.NoError(t, err) - e2e.CleanFiles(parts...) - e2e.CleanFiles(outputFile) + e2e.CleanFiles(t, parts...) + e2e.CleanFiles(t, outputFile) } func TestReproducibleTarballs(t *testing.T) { @@ -98,7 +98,7 @@ func TestReproducibleTarballs(t *testing.T) { err = utils.ReadYaml(filepath.Join(unpack1, layout.ZarfYAML), &pkg1) require.NoError(t, err) - e2e.CleanFiles(unpack1, tb) + e2e.CleanFiles(t, unpack1, tb) stdOut, stdErr, err = e2e.Zarf(t, "package", "create", createPath, "--confirm", "--output", tmp) require.NoError(t, err, stdOut, stdErr) diff --git a/src/test/e2e/06_create_sbom_test.go b/src/test/e2e/06_create_sbom_test.go index a3ee3b4118..0254c56e25 100644 --- a/src/test/e2e/06_create_sbom_test.go +++ b/src/test/e2e/06_create_sbom_test.go @@ -29,7 +29,7 @@ func TestCreateSBOM(t *testing.T) { require.FileExists(t, filepath.Join(sbomPath, "dos-games", "ghcr.io_zarf-dev_doom-game_0.0.1.json")) // Clean the SBOM path so it is force to be recreated - e2e.CleanFiles(sbomPath) + e2e.CleanFiles(t, sbomPath) stdOut, stdErr, err = e2e.Zarf(t, "package", "inspect", pkgName, "--sbom-out", sbomPath) require.NoError(t, err, stdOut, stdErr) @@ -68,5 +68,5 @@ func TestCreateSBOM(t *testing.T) { _, err = os.ReadFile(filepath.Join(sbomPath, "init", "compare.html")) require.NoError(t, err) - e2e.CleanFiles(pkgName) + e2e.CleanFiles(t, pkgName) } diff --git a/src/test/e2e/07_create_git_test.go b/src/test/e2e/07_create_git_test.go index 7a08043c1f..7ec0302e20 100644 --- a/src/test/e2e/07_create_git_test.go +++ b/src/test/e2e/07_create_git_test.go @@ -23,7 +23,7 @@ func TestCreateGit(t *testing.T) { path := fmt.Sprintf("build/zarf-package-git-data-%s-0.0.1.tar.zst", e2e.Arch) stdOut, stdErr, err := e2e.Zarf(t, "tools", "archiver", "decompress", path, extractDir, "--unarchive-all") require.NoError(t, err, stdOut, stdErr) - defer e2e.CleanFiles(extractDir) + defer e2e.CleanFiles(t, extractDir) // Verify the full-repo component gitDir := fmt.Sprintf("%s/components/full-repo/repos/zarf-public-test-2395699829/.git", extractDir) diff --git a/src/test/e2e/08_create_differential_test.go b/src/test/e2e/08_create_differential_test.go index 59e298c22d..35be26761f 100644 --- a/src/test/e2e/08_create_differential_test.go +++ b/src/test/e2e/08_create_differential_test.go @@ -30,7 +30,7 @@ func TestCreateDifferential(t *testing.T) { // Build the package a first time stdOut, stdErr, err := e2e.Zarf(t, "package", "create", packagePath, "--set=PACKAGE_VERSION=v0.25.0", "--confirm") require.NoError(t, err, stdOut, stdErr) - defer e2e.CleanFiles(packageName) + defer e2e.CleanFiles(t, packageName) // Build the differential package without changing the version _, stdErr, err = e2e.Zarf(t, "package", "create", packagePath, "--set=PACKAGE_VERSION=v0.25.0", differentialFlag, "--confirm") @@ -40,7 +40,7 @@ func TestCreateDifferential(t *testing.T) { // Build the differential package stdOut, stdErr, err = e2e.Zarf(t, "package", "create", packagePath, "--set=PACKAGE_VERSION=v0.26.0", differentialFlag, "--confirm") require.NoError(t, err, stdOut, stdErr) - defer e2e.CleanFiles(differentialPackageName) + defer e2e.CleanFiles(t, differentialPackageName) // Extract the yaml of the differential package err = archiver.Extract(differentialPackageName, layout.ZarfYAML, tmpdir) diff --git a/src/test/e2e/11_oci_pull_inspect_test.go b/src/test/e2e/11_oci_pull_inspect_test.go index b7d52fecec..356c5be99a 100644 --- a/src/test/e2e/11_oci_pull_inspect_test.go +++ b/src/test/e2e/11_oci_pull_inspect_test.go @@ -33,7 +33,7 @@ func (suite *PullInspectTestSuite) SetupSuite() { func (suite *PullInspectTestSuite) TearDownSuite() { local := fmt.Sprintf("zarf-package-dos-games-%s-1.0.0.tar.zst", e2e.Arch) - e2e.CleanFiles(local) + e2e.CleanFiles(suite.T(), local) } func (suite *PullInspectTestSuite) Test_0_Pull() { diff --git a/src/test/e2e/12_lint_test.go b/src/test/e2e/12_lint_test.go index dea06dd678..2c77b14056 100644 --- a/src/test/e2e/12_lint_test.go +++ b/src/test/e2e/12_lint_test.go @@ -29,9 +29,11 @@ func TestLint(t *testing.T) { testPackagePath := filepath.Join("src", "test", "packages", "12-lint") configPath := filepath.Join(testPackagePath, "zarf-config.toml") - os.Setenv("ZARF_CONFIG", configPath) + osSetErr := os.Setenv("ZARF_CONFIG", configPath) + require.NoError(t, osSetErr, "Unable to set ZARF_CONFIG") _, stderr, err := e2e.Zarf(t, "dev", "lint", testPackagePath, "-f", "good-flavor") - os.Unsetenv("ZARF_CONFIG") + osUnsetErr := os.Unsetenv("ZARF_CONFIG") + require.NoError(t, osUnsetErr, "Unable to cleanup ZARF_CONFIG") require.Error(t, err, "Require an exit code since there was warnings / errors") strippedStderr := e2e.StripMessageFormatting(stderr) diff --git a/src/test/e2e/14_oci_compose_test.go b/src/test/e2e/14_oci_compose_test.go index 7159394107..6dfbe1f45c 100644 --- a/src/test/e2e/14_oci_compose_test.go +++ b/src/test/e2e/14_oci_compose_test.go @@ -137,45 +137,54 @@ func (suite *PublishCopySkeletonSuite) Test_2_FilePaths() { } for _, pkgTar := range pkgTars { - var pkg v1alpha1.ZarfPackage - - unpacked := strings.TrimSuffix(pkgTar, ".tar.zst") - defer os.RemoveAll(unpacked) - defer os.RemoveAll(pkgTar) - _, _, err := e2e.Zarf(suite.T(), "tools", "archiver", "decompress", pkgTar, unpacked, "--unarchive-all") - suite.NoError(err) - suite.DirExists(unpacked) - - // Verify skeleton contains kustomize-generated manifests. - if strings.HasSuffix(pkgTar, "zarf-package-test-compose-package-skeleton-0.0.1.tar.zst") { - kustomizeGeneratedManifests := []string{ - "kustomization-connect-service-0.yaml", - "kustomization-connect-service-1.yaml", - "kustomization-connect-service-two-0.yaml", - } - manifestDir := filepath.Join(unpacked, "components", "test-compose-package", "manifests") - for _, manifest := range kustomizeGeneratedManifests { - manifestPath := filepath.Join(manifestDir, manifest) - suite.FileExists(manifestPath, "expected to find kustomize-generated manifest: %q", manifestPath) - var configMap corev1.ConfigMap - err := utils.ReadYaml(manifestPath, &configMap) - suite.NoError(err) - suite.Equal("ConfigMap", configMap.Kind, "expected manifest %q to be of kind ConfigMap", manifestPath) + // Wrap in a fn to ensure our defers cleanup resources on each iteration + func() { + var pkg v1alpha1.ZarfPackage + + unpacked := strings.TrimSuffix(pkgTar, ".tar.zst") + _, _, err := e2e.Zarf(suite.T(), "tools", "archiver", "decompress", pkgTar, unpacked, "--unarchive-all") + suite.NoError(err) + suite.DirExists(unpacked) + + // Cleanup resources + defer func() { + suite.NoError(os.RemoveAll(unpacked)) + }() + defer func() { + suite.NoError(os.RemoveAll(pkgTar)) + }() + + // Verify skeleton contains kustomize-generated manifests. + if strings.HasSuffix(pkgTar, "zarf-package-test-compose-package-skeleton-0.0.1.tar.zst") { + kustomizeGeneratedManifests := []string{ + "kustomization-connect-service-0.yaml", + "kustomization-connect-service-1.yaml", + "kustomization-connect-service-two-0.yaml", + } + manifestDir := filepath.Join(unpacked, "components", "test-compose-package", "manifests") + for _, manifest := range kustomizeGeneratedManifests { + manifestPath := filepath.Join(manifestDir, manifest) + suite.FileExists(manifestPath, "expected to find kustomize-generated manifest: %q", manifestPath) + var configMap corev1.ConfigMap + err := utils.ReadYaml(manifestPath, &configMap) + suite.NoError(err) + suite.Equal("ConfigMap", configMap.Kind, "expected manifest %q to be of kind ConfigMap", manifestPath) + } } - } - err = utils.ReadYaml(filepath.Join(unpacked, layout.ZarfYAML), &pkg) - suite.NoError(err) - suite.NotNil(pkg) + err = utils.ReadYaml(filepath.Join(unpacked, layout.ZarfYAML), &pkg) + suite.NoError(err) + suite.NotNil(pkg) - components := pkg.Components - suite.NotNil(components) + components := pkg.Components + suite.NotNil(components) - isSkeleton := false - if strings.Contains(pkgTar, "-skeleton-") { - isSkeleton = true - } - suite.verifyComponentPaths(unpacked, components, isSkeleton) + isSkeleton := false + if strings.Contains(pkgTar, "-skeleton-") { + isSkeleton = true + } + suite.verifyComponentPaths(unpacked, components, isSkeleton) + }() } } diff --git a/src/test/e2e/20_zarf_init_test.go b/src/test/e2e/20_zarf_init_test.go index c94bfa4226..de981f9b13 100644 --- a/src/test/e2e/20_zarf_init_test.go +++ b/src/test/e2e/20_zarf_init_test.go @@ -32,7 +32,7 @@ func TestZarfInit(t *testing.T) { expectedErrorMessage = "unable to run component before action: command \"Check that the host architecture matches the package architecture\"" ) t.Cleanup(func() { - e2e.CleanFiles(mismatchedInitPackage) + e2e.CleanFiles(t, mismatchedInitPackage) }) if runtime.GOOS == "linux" { @@ -104,8 +104,8 @@ func TestZarfInit(t *testing.T) { verifyZarfServiceLabels(t) // Special sizing-hacking for reducing resources where Kind + CI eats a lot of free cycles (ignore errors) - _, _, _ = e2e.Kubectl(t, "scale", "deploy", "-n", "kube-system", "coredns", "--replicas=1") - _, _, _ = e2e.Kubectl(t, "scale", "deploy", "-n", "zarf", "agent-hook", "--replicas=1") + _, _, _ = e2e.Kubectl(t, "scale", "deploy", "-n", "kube-system", "coredns", "--replicas=1") // TODO(mkcp): intentionally ignored, mark nolint + _, _, _ = e2e.Kubectl(t, "scale", "deploy", "-n", "zarf", "agent-hook", "--replicas=1") // TODO(mkcp): intentionally ignored, mark nolint } func checkLogForSensitiveState(t *testing.T, logText string, zarfState types.ZarfState) { diff --git a/src/test/e2e/21_connect_creds_test.go b/src/test/e2e/21_connect_creds_test.go index c58244a736..c3d174ae65 100644 --- a/src/test/e2e/21_connect_creds_test.go +++ b/src/test/e2e/21_connect_creds_test.go @@ -74,7 +74,9 @@ func TestMetrics(t *testing.T) { if err != nil { t.Fatal(err) } - defer resp.Body.Close() + defer func() { + require.NoError(t, resp.Body.Close()) + }() // Read the response body body, err := io.ReadAll(resp.Body) diff --git a/src/test/e2e/22_git_and_gitops_test.go b/src/test/e2e/22_git_and_gitops_test.go index 901137125b..90eb715259 100644 --- a/src/test/e2e/22_git_and_gitops_test.go +++ b/src/test/e2e/22_git_and_gitops_test.go @@ -27,7 +27,7 @@ func TestGit(t *testing.T) { require.NoError(t, err, stdOut, stdErr) path := fmt.Sprintf("build/zarf-package-git-data-test-%s-1.0.0.tar.zst", e2e.Arch) - defer e2e.CleanFiles(path) + defer e2e.CleanFiles(t, path) // Deploy the git data example (with component globbing to test that as well) stdOut, stdErr, err = e2e.Zarf(t, "package", "deploy", path, "--components=full-repo,specific-*", "--confirm") diff --git a/src/test/e2e/24_variables_test.go b/src/test/e2e/24_variables_test.go index f5b06116d0..b583a314d4 100644 --- a/src/test/e2e/24_variables_test.go +++ b/src/test/e2e/24_variables_test.go @@ -24,7 +24,7 @@ func TestVariables(t *testing.T) { tfPath := "modified-terraform.tf" - e2e.CleanFiles(tfPath, evilPath) + e2e.CleanFiles(t, tfPath, evilPath) // Test that specifying an invalid setVariable value results in an error stdOut, stdErr, err := e2e.Zarf(t, "package", "create", evilSrc, "--set", "NUMB3R5=K1TT3H", "--confirm") @@ -43,8 +43,9 @@ func TestVariables(t *testing.T) { require.Contains(t, stdErr, "", expectedOutString) // Test that not specifying a prompted variable results in an error - _, stdErr, _ = e2e.Zarf(t, "package", "deploy", path, "--confirm") + _, stdErr, err = e2e.Zarf(t, "package", "deploy", path, "--confirm") expectedOutString = "variable 'SITE_NAME' must be '--set' when using the '--confirm' flag" + require.Error(t, err) require.Contains(t, stdErr, "", expectedOutString) // Test that specifying an invalid variable value results in an error @@ -73,7 +74,8 @@ func TestVariables(t *testing.T) { require.Contains(t, string(outputTF), "unicorn-land") // Verify the configmap was properly templated - kubectlOut, _, _ := e2e.Kubectl(t, "-n", "nginx", "get", "configmap", "nginx-configmap", "-o", "jsonpath='{.data.index\\.html}' ") + kubectlOut, _, err := e2e.Kubectl(t, "-n", "nginx", "get", "configmap", "nginx-configmap", "-o", "jsonpath='{.data.index\\.html}' ") + require.NoError(t, err, "unable to get nginx configmap") // OPTIONAL_FOOTER should remain unset because it was not set during deploy require.Contains(t, string(kubectlOut), "\n \n ") // STYLE should take the default value @@ -91,5 +93,5 @@ func TestVariables(t *testing.T) { stdOut, stdErr, err = e2e.Zarf(t, "package", "remove", path, "--confirm") require.NoError(t, err, stdOut, stdErr) - e2e.CleanFiles(tfPath, evilPath) + e2e.CleanFiles(t, tfPath, evilPath) } diff --git a/src/test/e2e/25_helm_test.go b/src/test/e2e/25_helm_test.go index 3e51900cdd..421b62ed0a 100644 --- a/src/test/e2e/25_helm_test.go +++ b/src/test/e2e/25_helm_test.go @@ -38,7 +38,7 @@ func testHelmChartsExample(t *testing.T) { localTgzChartPath := filepath.Join("src", "test", "packages", "25-local-tgz-chart") stdOut, stdErr, err := e2e.Zarf(t, "package", "create", localTgzChartPath, "--tmpdir", tmpdir, "--confirm") require.NoError(t, err, stdOut, stdErr) - defer e2e.CleanFiles(fmt.Sprintf("zarf-package-helm-charts-local-tgz-%s-0.0.1.tar.zst", e2e.Arch)) + defer e2e.CleanFiles(t, fmt.Sprintf("zarf-package-helm-charts-local-tgz-%s-0.0.1.tar.zst", e2e.Arch)) // Create a package that needs dependencies evilChartDepsPath := filepath.Join("src", "test", "packages", "25-evil-chart-deps") @@ -99,7 +99,8 @@ func testHelmEscaping(t *testing.T) { require.NoError(t, err, stdOut, stdErr) // Verify the configmap was deployed, escaped, and contains all of its data - kubectlOut, _ := exec.Command("kubectl", "-n", "default", "describe", "cm", "dont-template-me").Output() + kubectlOut, err := exec.Command("kubectl", "-n", "default", "describe", "cm", "dont-template-me").Output() + require.NoError(t, err, "unable to describe configmap") require.Contains(t, string(kubectlOut), `alert: OOMKilled {{ "{{ \"random.Values\" }}" }}`) require.Contains(t, string(kubectlOut), "backtick1: \"content with backticks `some random things`\"") require.Contains(t, string(kubectlOut), "backtick2: \"nested templating with backticks {{` random.Values `}}\"") @@ -175,8 +176,9 @@ func testHelmAdoption(t *testing.T) { deploymentManifest := "src/test/packages/25-manifest-adoption/deployment.yaml" // Deploy dos-games manually into the cluster without Zarf - kubectlOut, _, _ := e2e.Kubectl(t, "apply", "-f", deploymentManifest) - require.Contains(t, string(kubectlOut), "deployment.apps/game created") + kubectlOut, _, err := e2e.Kubectl(t, "apply", "-f", deploymentManifest) + require.NoError(t, err, "unable to apply", "deploymentManifest", deploymentManifest) + require.Contains(t, kubectlOut, "deployment.apps/game created") // Deploy dos-games into the cluster with Zarf stdOut, stdErr, err := e2e.Zarf(t, "package", "deploy", packagePath, "--confirm", "--adopt-existing-resources") diff --git a/src/test/e2e/28_wait_test.go b/src/test/e2e/28_wait_test.go index e67b60d178..aeaea654df 100644 --- a/src/test/e2e/28_wait_test.go +++ b/src/test/e2e/28_wait_test.go @@ -51,7 +51,7 @@ func TestNoWait(t *testing.T) { case <-time.After(30 * time.Second): t.Error("Timeout waiting for zarf deploy (it tried to wait)") t.Log("Removing hanging namespace...") - _, _, _ = e2e.Kubectl(t, "delete", "namespace", "no-wait", "--force=true", "--wait=false", "--grace-period=0") + _, _, _ = e2e.Kubectl(t, "delete", "namespace", "no-wait", "--force=true", "--wait=false", "--grace-period=0") // TODO(mkcp): intentionally ignored, mark nolint } require.NoError(t, err, stdOut, stdErr) diff --git a/src/test/e2e/29_config_file_test.go b/src/test/e2e/29_config_file_test.go index 0cea0b4dd9..bcef00ad87 100644 --- a/src/test/e2e/29_config_file_test.go +++ b/src/test/e2e/29_config_file_test.go @@ -13,6 +13,8 @@ import ( "github.com/stretchr/testify/require" ) +const envKey = "ZARF_CONFIG" + func TestConfigFile(t *testing.T) { t.Log("E2E: Config file") @@ -22,11 +24,13 @@ func TestConfigFile(t *testing.T) { config = "zarf-config.toml" ) - e2e.CleanFiles(path) + e2e.CleanFiles(t, path) // Test the config file environment variable - t.Setenv("ZARF_CONFIG", filepath.Join(dir, config)) - defer os.Unsetenv("ZARF_CONFIG") + t.Setenv(envKey, filepath.Join(dir, config)) + defer func() { + require.NoError(t, os.Unsetenv(envKey)) + }() configFileTests(t, dir, path) configFileDefaultTests(t) @@ -34,7 +38,8 @@ func TestConfigFile(t *testing.T) { stdOut, stdErr, err := e2e.Zarf(t, "package", "remove", path, "--confirm") require.NoError(t, err, stdOut, stdErr) - e2e.CleanFiles(path) + // Cleanup + e2e.CleanFiles(t, path) } func configFileTests(t *testing.T, dir, path string) { @@ -139,30 +144,36 @@ func configFileDefaultTests(t *testing.T) { } // Test remaining default initializers - t.Setenv("ZARF_CONFIG", filepath.Join("src", "test", "zarf-config-test.toml")) - defer os.Unsetenv("ZARF_CONFIG") + t.Setenv(envKey, filepath.Join("src", "test", "zarf-config-test.toml")) + defer func() { + require.NoError(t, os.Unsetenv(envKey)) + }() // Test global flags - stdOut, _, _ := e2e.Zarf(t, "--help") + stdOut, _, err := e2e.Zarf(t, "--help") + require.NoError(t, err) for _, test := range globalFlags { - require.Contains(t, string(stdOut), test) + require.Contains(t, stdOut, test) } // Test init flags - stdOut, _, _ = e2e.Zarf(t, "init", "--help") + stdOut, _, err = e2e.Zarf(t, "init", "--help") + require.NoError(t, err) for _, test := range initFlags { - require.Contains(t, string(stdOut), test) + require.Contains(t, stdOut, test) } // Test package create flags - stdOut, _, _ = e2e.Zarf(t, "package", "create", "--help") + stdOut, _, err = e2e.Zarf(t, "package", "create", "--help") + require.NoError(t, err) for _, test := range packageCreateFlags { - require.Contains(t, string(stdOut), test) + require.Contains(t, stdOut, test) } // Test package deploy flags - stdOut, _, _ = e2e.Zarf(t, "package", "deploy", "--help") + stdOut, _, err = e2e.Zarf(t, "package", "deploy", "--help") + require.NoError(t, err) for _, test := range packageDeployFlags { - require.Contains(t, string(stdOut), test) + require.Contains(t, stdOut, test) } } diff --git a/src/test/e2e/30_component_action_cluster_test.go b/src/test/e2e/30_component_action_cluster_test.go index 6763a042dc..16ead6ef8d 100644 --- a/src/test/e2e/30_component_action_cluster_test.go +++ b/src/test/e2e/30_component_action_cluster_test.go @@ -36,7 +36,7 @@ func TestComponentActionEdgeCases(t *testing.T) { stdOut, stdErr, err := e2e.Zarf(t, "package", "create", sourcePath, "--confirm") require.NoError(t, err, stdOut, stdErr) - defer e2e.CleanFiles(packagePath) + defer e2e.CleanFiles(t, packagePath) stdOut, stdErr, err = e2e.Zarf(t, "package", "deploy", packagePath, "--confirm") require.NoError(t, err, stdOut, stdErr) diff --git a/src/test/e2e/31_checksum_and_signature_test.go b/src/test/e2e/31_checksum_and_signature_test.go index 5e60466b91..c6897c8cee 100644 --- a/src/test/e2e/31_checksum_and_signature_test.go +++ b/src/test/e2e/31_checksum_and_signature_test.go @@ -21,7 +21,7 @@ func TestChecksumAndSignature(t *testing.T) { stdOut, stdErr, err := e2e.Zarf(t, "package", "create", testPackageDirPath, privateKeyFlag, "--confirm") require.NoError(t, err, stdOut, stdErr) - defer e2e.CleanFiles(pkgName) + defer e2e.CleanFiles(t, pkgName) // Test that we don't get an error when we remember to provide the public key stdOut, stdErr, err = e2e.Zarf(t, "package", "inspect", pkgName, publicKeyFlag) diff --git a/src/test/e2e/32_component_webhooks_test.go b/src/test/e2e/32_component_webhooks_test.go index 18c9ed33cc..936d9b7e54 100644 --- a/src/test/e2e/32_component_webhooks_test.go +++ b/src/test/e2e/32_component_webhooks_test.go @@ -20,7 +20,7 @@ func TestComponentWebhooks(t *testing.T) { require.NoError(t, err, stdOut, stdErr) stdOut, stdErr, err = e2e.Zarf(t, "tools", "wait-for", "deployment", "pepr-cb5693ef-d13c-5fe1-b5ad-c870fd911b3b", "available", "-n=pepr-system") require.NoError(t, err, stdOut, stdErr) - defer e2e.CleanFiles(webhookPath) + defer e2e.CleanFiles(t, webhookPath) // Ensure package deployments wait for webhooks to complete. gamesPath := fmt.Sprintf("build/zarf-package-dos-games-%s-1.1.0.tar.zst", e2e.Arch) diff --git a/src/test/e2e/33_manifest_with_symlink_test.go b/src/test/e2e/33_manifest_with_symlink_test.go index 9748154dc7..441915581a 100644 --- a/src/test/e2e/33_manifest_with_symlink_test.go +++ b/src/test/e2e/33_manifest_with_symlink_test.go @@ -22,10 +22,10 @@ func TestManifestWithSymlink(t *testing.T) { path := fmt.Sprintf("build/zarf-package-manifest-with-symlink-%s-0.0.1.tar.zst", e2e.Arch) require.FileExists(t, path) - defer e2e.CleanFiles(path) + defer e2e.CleanFiles(t, path) stdOut, stdErr, err = e2e.Zarf(t, "package", "deploy", path, "--confirm") - defer e2e.CleanFiles("temp/manifests") + defer e2e.CleanFiles(t, "temp/manifests") require.NoError(t, err, stdOut, stdErr) require.FileExists(t, "temp/manifests/resources/img", "Symlink does not exist in the package as expected.") } diff --git a/src/test/e2e/34_custom_init_package_test.go b/src/test/e2e/34_custom_init_package_test.go index e3dbeeeeef..b49935e87e 100644 --- a/src/test/e2e/34_custom_init_package_test.go +++ b/src/test/e2e/34_custom_init_package_test.go @@ -22,7 +22,7 @@ func TestCustomInit(t *testing.T) { stdOut, stdErr, err := e2e.Zarf(t, "package", "create", buildPath, privateKeyFlag, "--confirm") require.NoError(t, err, stdOut, stdErr) - defer e2e.CleanFiles(pkgName) + defer e2e.CleanFiles(t, pkgName) /* Test operations during package inspect */ // Test that we can inspect the yaml of the package without the private key diff --git a/src/test/e2e/50_oci_publish_deploy_test.go b/src/test/e2e/50_oci_publish_deploy_test.go index 88ea94fcf0..4c2e250551 100644 --- a/src/test/e2e/50_oci_publish_deploy_test.go +++ b/src/test/e2e/50_oci_publish_deploy_test.go @@ -37,7 +37,7 @@ func (suite *PublishDeploySuiteTestSuite) SetupSuite() { func (suite *PublishDeploySuiteTestSuite) TearDownSuite() { local := fmt.Sprintf("zarf-package-helm-charts-%s-0.0.1.tar.zst", e2e.Arch) - e2e.CleanFiles(local) + e2e.CleanFiles(suite.Suite.T(), local) } func (suite *PublishDeploySuiteTestSuite) Test_0_Publish() { @@ -103,7 +103,7 @@ func (suite *PublishDeploySuiteTestSuite) Test_2_Pull_And_Deploy() { suite.T().Log("E2E: Package Pull oci:// && Package Deploy tarball") local := fmt.Sprintf("zarf-package-helm-charts-%s-0.0.1.tar.zst", e2e.Arch) - defer e2e.CleanFiles(local) + defer e2e.CleanFiles(suite.T(), local) // Verify the package was pulled. suite.FileExists(local) diff --git a/src/test/external/common.go b/src/test/external/common.go index 5fd2e294f2..82fb0dabd4 100644 --- a/src/test/external/common.go +++ b/src/test/external/common.go @@ -29,7 +29,8 @@ func createPodInfoPackageWithInsecureSources(t *testing.T, temp string) { require.NoError(t, err, "unable to yq edit helm source") err = exec.CmdWithPrint(zarfBinPath, "tools", "yq", "eval", ".spec.insecure = true", "-i", filepath.Join(temp, "oci", "podinfo-source.yaml")) require.NoError(t, err, "unable to yq edit oci source") - exec.CmdWithPrint(zarfBinPath, "package", "create", temp, "--confirm", "--output", temp) + err = exec.CmdWithPrint(zarfBinPath, "package", "create", temp, "--confirm", "--output", temp) + require.NoError(t, err, "unable to create package") } func waitForCondition(t *testing.T, timeoutMinutes time.Duration, cmd string, args []string, condition string) error { diff --git a/src/test/external/ext_in_cluster_test.go b/src/test/external/ext_in_cluster_test.go index ad1e338935..81102c0b14 100644 --- a/src/test/external/ext_in_cluster_test.go +++ b/src/test/external/ext_in_cluster_test.go @@ -154,10 +154,14 @@ func (suite *ExtInClusterTestSuite) Test_1_Deploy() { // Use Zarf to initialize the cluster initArgs := []string{"init", "--confirm"} initArgs = append(initArgs, inClusterInitCredentialArgs...) + err := exec.CmdWithPrint(zarfBinPath, initArgs...) suite.NoError(err, "unable to initialize the k8s server with zarf") + temp := suite.T().TempDir() - defer os.Remove(temp) + defer func() { + suite.NoError(os.RemoveAll(temp), "failed to clean up tempdir") + }() createPodInfoPackageWithInsecureSources(suite.T(), temp) // Deploy the flux example package diff --git a/src/test/external/ext_out_cluster_test.go b/src/test/external/ext_out_cluster_test.go index 1eee15e718..ea0aa85023 100644 --- a/src/test/external/ext_out_cluster_test.go +++ b/src/test/external/ext_out_cluster_test.go @@ -58,10 +58,12 @@ func (suite *ExtOutClusterTestSuite) SetupSuite() { suite.Assertions = require.New(suite.T()) // Teardown any leftovers from previous tests - _ = exec.CmdWithPrint("k3d", "cluster", "delete", clusterName) - _ = exec.CmdWithPrint("docker", "rm", "-f", "k3d-"+registryHost) - _ = exec.CmdWithPrint("docker", "compose", "down") - _ = exec.CmdWithPrint("docker", "network", "remove", network) + // NOTE(mkcp): We dogsled these errors because some of these commands will error if they don't cleanup a resource, + // which is ok. A better solution would be checking for none or unexpected kinds of errors. + _ = exec.CmdWithPrint("k3d", "cluster", "delete", clusterName) // TODO(mkcp): intentionally ignored, mark nolint + _ = exec.CmdWithPrint("docker", "rm", "-f", "k3d-"+registryHost) // TODO(mkcp): intentionally ignored, mark nolint + _ = exec.CmdWithPrint("docker", "compose", "down") // TODO(mkcp): intentionally ignored, mark nolint + _ = exec.CmdWithPrint("docker", "network", "remove", network) // TODO(mkcp): intentionally ignored, mark nolint // Setup a network for everything to live inside err := exec.CmdWithPrint("docker", "network", "create", "--driver=bridge", "--subnet="+subnet, "--gateway="+gateway, network) @@ -146,7 +148,9 @@ func (suite *ExtOutClusterTestSuite) Test_1_Deploy() { func (suite *ExtOutClusterTestSuite) Test_2_DeployGitOps() { // Deploy the flux example package temp := suite.T().TempDir() - defer os.Remove(temp) + defer func() { + suite.NoError(os.RemoveAll(temp), "unable to remove temporary directory") + }() createPodInfoPackageWithInsecureSources(suite.T(), temp) deployArgs := []string{"package", "deploy", filepath.Join(temp, "zarf-package-podinfo-flux-amd64.tar.zst"), "--confirm"} @@ -161,18 +165,22 @@ func (suite *ExtOutClusterTestSuite) Test_2_DeployGitOps() { func (suite *ExtOutClusterTestSuite) Test_3_AuthToPrivateHelmChart() { baseURL := fmt.Sprintf("http://%s:3000", giteaHost) + envKey := "HELM_REPOSITORY_CONFIG" suite.createHelmChartInGitea(baseURL, giteaUser, commonPassword) suite.makeGiteaUserPrivate(baseURL, giteaUser, commonPassword) tempDir := suite.T().TempDir() repoPath := filepath.Join(tempDir, "repositories.yaml") - os.Setenv("HELM_REPOSITORY_CONFIG", repoPath) - defer os.Unsetenv("HELM_REPOSITORY_CONFIG") + err := os.Setenv(envKey, repoPath) + suite.NoError(err) + defer func() { + suite.NoError(os.Unsetenv(envKey)) + }() packagePath := filepath.Join("..", "packages", "external-helm-auth") findImageArgs := []string{"dev", "find-images", packagePath} - err := exec.CmdWithPrint(zarfBinPath, findImageArgs...) + err = exec.CmdWithPrint(zarfBinPath, findImageArgs...) suite.Error(err, "Since auth has not been setup, this should fail") repoFile := repo.NewFile() @@ -212,7 +220,9 @@ func (suite *ExtOutClusterTestSuite) createHelmChartInGitea(baseURL string, user file, err := os.Open(podinfoTarballPath) suite.NoError(err) - defer file.Close() + defer func() { + suite.NoError(file.Close(), "unable to close file") + }() body := &bytes.Buffer{} writer := multipart.NewWriter(body) @@ -220,7 +230,8 @@ func (suite *ExtOutClusterTestSuite) createHelmChartInGitea(baseURL string, user suite.NoError(err) _, err = io.Copy(part, file) suite.NoError(err) - writer.Close() + err = writer.Close() + suite.NoError(err, "unable to close writer") req, err := http.NewRequest("POST", url, body) suite.NoError(err) @@ -229,10 +240,10 @@ func (suite *ExtOutClusterTestSuite) createHelmChartInGitea(baseURL string, user req.SetBasicAuth(username, password) client := &http.Client{} - resp, err := client.Do(req) suite.NoError(err) - resp.Body.Close() + err = resp.Body.Close() + suite.NoError(err, "unable to close response body") } func (suite *ExtOutClusterTestSuite) makeGiteaUserPrivate(baseURL string, username string, password string) { @@ -257,8 +268,9 @@ func (suite *ExtOutClusterTestSuite) makeGiteaUserPrivate(baseURL string, userna client := &http.Client{} resp, err := client.Do(req) suite.NoError(err) - defer resp.Body.Close() - + defer func() { + suite.NoError(resp.Body.Close()) + }() _, err = io.ReadAll(resp.Body) suite.NoError(err) } diff --git a/src/test/nightly/ecr_publish_test.go b/src/test/nightly/ecr_publish_test.go index 2e3a26ae49..7ada0c5eda 100644 --- a/src/test/nightly/ecr_publish_test.go +++ b/src/test/nightly/ecr_publish_test.go @@ -65,7 +65,7 @@ func TestECRPublishing(t *testing.T) { // Validate that we can pull the package down from ECR stdOut, stdErr, err = e2e.Zarf(t, "package", "pull", upstreamPackageURL) require.NoError(t, err, stdOut, stdErr) - defer e2e.CleanFiles(testPackageFileName) + defer e2e.CleanFiles(t, testPackageFileName) // Ensure we get a warning when trying to inspect the package without providing the public key // and the insecure flag diff --git a/src/test/upgrade/previously_built_test.go b/src/test/upgrade/previously_built_test.go index 0b59761d6d..178a97ca5b 100644 --- a/src/test/upgrade/previously_built_test.go +++ b/src/test/upgrade/previously_built_test.go @@ -29,18 +29,24 @@ func TestPreviouslyBuiltZarfPackage(t *testing.T) { t.Log("Upgrade: Previously Built Zarf Package") // For the upgrade test, podinfo-upgrade should already be in the cluster (version 6.3.3) (see .github/workflows/test-upgrade.yml) - kubectlOut, _, _ := kubectl(t, "-n=podinfo-upgrade", "rollout", "status", "deployment/podinfo-upgrade") + kubectlOut, _, err := kubectl(t, "-n=podinfo-upgrade", "rollout", "status", "deployment/podinfo-upgrade") + require.NoError(t, err) require.Contains(t, kubectlOut, "successfully rolled out") - kubectlOut, _, _ = kubectl(t, "-n=podinfo-upgrade", "get", "deployment", "podinfo-upgrade", "-o=jsonpath={.metadata.labels}}") + kubectlOut, _, err = kubectl(t, "-n=podinfo-upgrade", "get", "deployment", "podinfo-upgrade", "-o=jsonpath={.metadata.labels}}") + require.NoError(t, err) require.Contains(t, kubectlOut, "6.3.3") // Verify that the private-registry secret and private-git-server secret in the podinfo-upgrade namespace are the same after re-init // This tests that `zarf tools update-creds` successfully updated the other namespace - zarfRegistrySecret, _, _ := kubectl(t, "-n=zarf", "get", "secret", "private-registry", "-o", "jsonpath={.data}") - podinfoRegistrySecret, _, _ := kubectl(t, "-n=podinfo-upgrade", "get", "secret", "private-registry", "-o", "jsonpath={.data}") + zarfRegistrySecret, _, err := kubectl(t, "-n=zarf", "get", "secret", "private-registry", "-o", "jsonpath={.data}") + require.NoError(t, err) + podinfoRegistrySecret, _, err := kubectl(t, "-n=podinfo-upgrade", "get", "secret", "private-registry", "-o", "jsonpath={.data}") + require.NoError(t, err) require.Equal(t, zarfRegistrySecret, podinfoRegistrySecret, "the zarf registry secret and podinfo-upgrade registry secret did not match") - zarfGitServerSecret, _, _ := kubectl(t, "-n=zarf", "get", "secret", "private-git-server", "-o", "jsonpath={.data}") - podinfoGitServerSecret, _, _ := kubectl(t, "-n=podinfo-upgrade", "get", "secret", "private-git-server", "-o", "jsonpath={.data}") + zarfGitServerSecret, _, err := kubectl(t, "-n=zarf", "get", "secret", "private-git-server", "-o", "jsonpath={.data}") + require.NoError(t, err) + podinfoGitServerSecret, _, err := kubectl(t, "-n=podinfo-upgrade", "get", "secret", "private-git-server", "-o", "jsonpath={.data}") + require.NoError(t, err) require.Equal(t, zarfGitServerSecret, podinfoGitServerSecret, "the zarf git server secret and podinfo-upgrade git server secret did not match") // We also expect a 6.3.4 package to have been previously built @@ -56,9 +62,11 @@ func TestPreviouslyBuiltZarfPackage(t *testing.T) { require.Contains(t, stdErr, "-----BEGIN PUBLIC KEY-----") // Verify that podinfo-upgrade successfully deploys in the cluster (version 6.3.4) - kubectlOut, _, _ = kubectl(t, "-n=podinfo-upgrade", "rollout", "status", "deployment/podinfo-upgrade") + kubectlOut, _, err = kubectl(t, "-n=podinfo-upgrade", "rollout", "status", "deployment/podinfo-upgrade") + require.NoError(t, err) require.Contains(t, kubectlOut, "successfully rolled out") - kubectlOut, _, _ = kubectl(t, "-n=podinfo-upgrade", "get", "deployment", "podinfo-upgrade", "-o=jsonpath={.metadata.labels}}") + kubectlOut, _, err = kubectl(t, "-n=podinfo-upgrade", "get", "deployment", "podinfo-upgrade", "-o=jsonpath={.metadata.labels}}") + require.NoError(t, err) require.Contains(t, kubectlOut, "6.3.4") // We also want to build a new package. @@ -75,9 +83,11 @@ func TestPreviouslyBuiltZarfPackage(t *testing.T) { require.Contains(t, stdErr, "-----BEGIN PUBLIC KEY-----") // Verify that podinfo-upgrade successfully deploys in the cluster (version 6.3.5) - kubectlOut, _, _ = kubectl(t, "-n=podinfo-upgrade", "rollout", "status", "deployment/podinfo-upgrade") + kubectlOut, _, err = kubectl(t, "-n=podinfo-upgrade", "rollout", "status", "deployment/podinfo-upgrade") + require.NoError(t, err) require.Contains(t, kubectlOut, "successfully rolled out") - kubectlOut, _, _ = kubectl(t, "-n=podinfo-upgrade", "get", "deployment", "podinfo-upgrade", "-o=jsonpath={.metadata.labels}}") + kubectlOut, _, err = kubectl(t, "-n=podinfo-upgrade", "get", "deployment", "podinfo-upgrade", "-o=jsonpath={.metadata.labels}}") + require.NoError(t, err) require.Contains(t, kubectlOut, "6.3.5") // Remove the package. From 4fdcc177686bd05d7cfe9abf2b53866652e6e76f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 30 Sep 2024 13:11:38 -0600 Subject: [PATCH 11/74] chore(deps): bump github.com/gofrs/flock from 0.8.1 to 0.12.1 (#3033) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: schristoff <28318173+schristoff@users.noreply.github.com> From b1eb96d70d709606fdaa4a6285325c65d89c475a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 1 Oct 2024 09:13:25 +0200 Subject: [PATCH 12/74] chore(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/hashivault from 1.8.8 to 1.8.9 (#3049) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 4 ++-- go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index f77728e9d1..a57e7daa0c 100644 --- a/go.mod +++ b/go.mod @@ -45,7 +45,7 @@ require ( github.com/sigstore/sigstore/pkg/signature/kms/aws v1.8.8 github.com/sigstore/sigstore/pkg/signature/kms/azure v1.8.8 github.com/sigstore/sigstore/pkg/signature/kms/gcp v1.8.8 - github.com/sigstore/sigstore/pkg/signature/kms/hashivault v1.8.8 + github.com/sigstore/sigstore/pkg/signature/kms/hashivault v1.8.9 github.com/spf13/cobra v1.8.1 github.com/spf13/pflag v1.0.5 github.com/spf13/viper v1.19.0 @@ -361,7 +361,7 @@ require ( github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect github.com/jedisct1/go-minisign v0.0.0-20230811132847-661be99b8267 // indirect - github.com/jellydator/ttlcache/v3 v3.2.0 // indirect + github.com/jellydator/ttlcache/v3 v3.3.0 // indirect github.com/jinzhu/copier v0.4.0 // indirect github.com/jinzhu/inflection v1.0.0 // indirect github.com/jinzhu/now v1.1.5 // indirect diff --git a/go.sum b/go.sum index 8a38653dda..b296f0325a 100644 --- a/go.sum +++ b/go.sum @@ -1136,8 +1136,8 @@ github.com/jedib0t/go-pretty/v6 v6.5.9 h1:ACteMBRrrmm1gMsXe9PSTOClQ63IXDUt03H5U+ github.com/jedib0t/go-pretty/v6 v6.5.9/go.mod h1:zbn98qrYlh95FIhwwsbIip0LYpwSG8SUOScs+v9/t0E= github.com/jedisct1/go-minisign v0.0.0-20230811132847-661be99b8267 h1:TMtDYDHKYY15rFihtRfck/bfFqNfvcabqvXAFQfAUpY= github.com/jedisct1/go-minisign v0.0.0-20230811132847-661be99b8267/go.mod h1:h1nSAbGFqGVzn6Jyl1R/iCcBUHN4g+gW1u9CoBTrb9E= -github.com/jellydator/ttlcache/v3 v3.2.0 h1:6lqVJ8X3ZaUwvzENqPAobDsXNExfUJd61u++uW8a3LE= -github.com/jellydator/ttlcache/v3 v3.2.0/go.mod h1:hi7MGFdMAwZna5n2tuvh63DvFLzVKySzCVW6+0gA2n4= +github.com/jellydator/ttlcache/v3 v3.3.0 h1:BdoC9cE81qXfrxeb9eoJi9dWrdhSuwXMAnHTbnBm4Wc= +github.com/jellydator/ttlcache/v3 v3.3.0/go.mod h1:bj2/e0l4jRnQdrnSTaGTsh4GSXvMjQcy41i7th0GVGw= github.com/jinzhu/copier v0.4.0 h1:w3ciUoD19shMCRargcpm0cm91ytaBhDvuRpz1ODO/U8= github.com/jinzhu/copier v0.4.0/go.mod h1:DfbEm0FYsaqBcKcFuvmOZb218JkPGtvSHsKg8S8hyyg= github.com/jinzhu/inflection v1.0.0 h1:K317FqzuhWc8YvSVlFMCCUb36O/S9MCKRDI7QkRKD/E= @@ -1569,8 +1569,8 @@ github.com/sigstore/sigstore/pkg/signature/kms/azure v1.8.8 h1:RKk4Z+qMaLORUdT7z github.com/sigstore/sigstore/pkg/signature/kms/azure v1.8.8/go.mod h1:dMJdlBWKHMu2xf0wIKpbo7+QfG+RzVkBB3nHP8EMM5o= github.com/sigstore/sigstore/pkg/signature/kms/gcp v1.8.8 h1:89Xtxj8oqZt3UlSpCP4wApFvnQ2Z/dgowW5QOVhQigI= github.com/sigstore/sigstore/pkg/signature/kms/gcp v1.8.8/go.mod h1:Wa4xn/H3pU/yW/6tHiMXTpObBtBSGC5q29KYFEPKN6o= -github.com/sigstore/sigstore/pkg/signature/kms/hashivault v1.8.8 h1:Zte3Oogkd8m+nu2oK3yHtGmN++TZWh2Lm6q2iSprT1M= -github.com/sigstore/sigstore/pkg/signature/kms/hashivault v1.8.8/go.mod h1:j00crVw6ki4/WViXflw0zWgNALrAzZT+GbIK8v7Xlz4= +github.com/sigstore/sigstore/pkg/signature/kms/hashivault v1.8.9 h1:E+bvFTS6uM//iSAeneNj5pubzntQmio/yAKFzmRzzD0= +github.com/sigstore/sigstore/pkg/signature/kms/hashivault v1.8.9/go.mod h1:0RKVuZXIZAFhT0frfx+GzyrtlesiRK3ceF55nIgkZI4= github.com/sigstore/timestamp-authority v1.2.2 h1:X4qyutnCQqJ0apMewFyx+3t7Tws00JQ/JonBiu3QvLE= github.com/sigstore/timestamp-authority v1.2.2/go.mod h1:nEah4Eq4wpliDjlY342rXclGSO7Kb9hoRrl9tqLW13A= github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= From e8185e4e0939b378054048d04a9e11269ec7bda6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 1 Oct 2024 09:13:59 +0200 Subject: [PATCH 13/74] chore(deps): bump github/codeql-action from 3.26.9 to 3.26.10 (#3047) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scan-codeql.yml | 4 ++-- .github/workflows/scorecard.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/scan-codeql.yml b/.github/workflows/scan-codeql.yml index ef766bd7d9..b646018388 100644 --- a/.github/workflows/scan-codeql.yml +++ b/.github/workflows/scan-codeql.yml @@ -43,7 +43,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3.26.9 + uses: github/codeql-action/init@e2b3eafc8d227b0241d48be5f425d47c2d750a13 # v3.26.10 with: languages: ${{ matrix.language }} config-file: ./.github/codeql.yaml @@ -52,6 +52,6 @@ jobs: run: make build-cli-linux-amd - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3.26.9 + uses: github/codeql-action/analyze@e2b3eafc8d227b0241d48be5f425d47c2d750a13 # v3.26.10 with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/scorecard.yaml b/.github/workflows/scorecard.yaml index 78159a9ec2..57d8f08f5d 100644 --- a/.github/workflows/scorecard.yaml +++ b/.github/workflows/scorecard.yaml @@ -44,6 +44,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3.26.9 + uses: github/codeql-action/upload-sarif@e2b3eafc8d227b0241d48be5f425d47c2d750a13 # v3.26.10 with: sarif_file: results.sarif From 9e767ebffcfde580f3e196a97ecf28007d9c1fdc Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 1 Oct 2024 15:16:50 +0100 Subject: [PATCH 14/74] chore(deps): bump github.com/fluxcd/helm-controller/api from 1.0.1 to 1.1.0 (#3045) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 10 +++++----- go.sum | 20 ++++++++++---------- 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/go.mod b/go.mod index a57e7daa0c..6130a84aab 100644 --- a/go.mod +++ b/go.mod @@ -25,7 +25,7 @@ require ( github.com/fairwindsops/pluto/v5 v5.18.4 github.com/fatih/color v1.17.0 github.com/fluxcd/gitkit v0.6.0 - github.com/fluxcd/helm-controller/api v1.0.1 + github.com/fluxcd/helm-controller/api v1.1.0 github.com/fluxcd/pkg/apis/meta v1.6.1 github.com/fluxcd/source-controller/api v1.3.0 github.com/go-git/go-git/v5 v5.12.0 @@ -285,7 +285,7 @@ require ( github.com/felixge/fgprof v0.9.3 // indirect github.com/felixge/httpsnoop v1.0.4 // indirect github.com/fluxcd/pkg/apis/acl v0.3.0 // indirect - github.com/fluxcd/pkg/apis/kustomize v1.5.0 // indirect + github.com/fluxcd/pkg/apis/kustomize v1.6.1 // indirect github.com/fsnotify/fsnotify v1.7.0 // indirect github.com/fvbommel/sortorder v1.1.0 // indirect github.com/gabriel-vasile/mimetype v1.4.4 // indirect @@ -546,8 +546,8 @@ require ( gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect gorm.io/gorm v1.25.9 // indirect - k8s.io/apiextensions-apiserver v0.31.0 // indirect - k8s.io/apiserver v0.31.0 // indirect + k8s.io/apiextensions-apiserver v0.31.1 // indirect + k8s.io/apiserver v0.31.1 // indirect k8s.io/cli-runtime v0.31.1 // indirect k8s.io/component-helpers v0.31.1 // indirect k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect @@ -558,7 +558,7 @@ require ( modernc.org/memory v1.8.0 // indirect modernc.org/sqlite v1.33.0 // indirect oras.land/oras-go v1.2.5 // indirect - sigs.k8s.io/controller-runtime v0.18.1 // indirect + sigs.k8s.io/controller-runtime v0.19.0 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect sigs.k8s.io/kustomize/kustomize/v5 v5.4.2 // indirect sigs.k8s.io/release-utils v0.8.4 // indirect diff --git a/go.sum b/go.sum index b296f0325a..e4c5bbc31a 100644 --- a/go.sum +++ b/go.sum @@ -735,12 +735,12 @@ github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2 github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/fluxcd/gitkit v0.6.0 h1:iNg5LTx6ePo+Pl0ZwqHTAkhbUHxGVSY3YCxCdw7VIFg= github.com/fluxcd/gitkit v0.6.0/go.mod h1:svOHuKi0fO9HoawdK4HfHAJJseZDHHjk7I3ihnCIqNo= -github.com/fluxcd/helm-controller/api v1.0.1 h1:Gn9qEVuif6D5+gHmVwTEZkR4+nmLOcOhKx4Sw2gL2EA= -github.com/fluxcd/helm-controller/api v1.0.1/go.mod h1:/6AD5a2qjo/ttxVM8GR33syLZwqigta60DCLdy8GrME= +github.com/fluxcd/helm-controller/api v1.1.0 h1:NS5Wm3U6Kv4w7Cw2sDOV++vf2ecGfFV00x1+2Y3QcOY= +github.com/fluxcd/helm-controller/api v1.1.0/go.mod h1:BgHMgMY6CWynzl4KIbHpd6Wpn3FN9BqgkwmvoKCp6iE= github.com/fluxcd/pkg/apis/acl v0.3.0 h1:UOrKkBTOJK+OlZX7n8rWt2rdBmDCoTK+f5TY2LcZi8A= github.com/fluxcd/pkg/apis/acl v0.3.0/go.mod h1:WVF9XjSMVBZuU+HTTiSebGAWMgM7IYexFLyVWbK9bNY= -github.com/fluxcd/pkg/apis/kustomize v1.5.0 h1:ah4sfqccnio+/5Edz/tVz6LetFhiBoDzXAElj6fFCzU= -github.com/fluxcd/pkg/apis/kustomize v1.5.0/go.mod h1:nEzhnhHafhWOUUV8VMFLojUOH+HHDEsL75y54mt/c30= +github.com/fluxcd/pkg/apis/kustomize v1.6.1 h1:22FJc69Mq4i8aCxnKPlddHhSMyI4UPkQkqiAdWFcqe0= +github.com/fluxcd/pkg/apis/kustomize v1.6.1/go.mod h1:5dvQ4IZwz0hMGmuj8tTWGtarsuxW0rWsxJOwC6i+0V8= github.com/fluxcd/pkg/apis/meta v1.6.1 h1:maLhcRJ3P/70ArLCY/LF/YovkxXbX+6sTWZwZQBeNq0= github.com/fluxcd/pkg/apis/meta v1.6.1/go.mod h1:YndB/gxgGZmKfqpAfFxyCDNFJFP0ikpeJzs66jwq280= github.com/fluxcd/source-controller/api v1.3.0 h1:Z5Lq0aJY87yg0cQDEuwGLKS60GhdErCHtsi546HUt10= @@ -2468,12 +2468,12 @@ honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9 honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= k8s.io/api v0.31.1 h1:Xe1hX/fPW3PXYYv8BlozYqw63ytA92snr96zMW9gWTU= k8s.io/api v0.31.1/go.mod h1:sbN1g6eY6XVLeqNsZGLnI5FwVseTrZX7Fv3O26rhAaI= -k8s.io/apiextensions-apiserver v0.31.0 h1:fZgCVhGwsclj3qCw1buVXCV6khjRzKC5eCFt24kyLSk= -k8s.io/apiextensions-apiserver v0.31.0/go.mod h1:b9aMDEYaEe5sdK+1T0KU78ApR/5ZVp4i56VacZYEHxk= +k8s.io/apiextensions-apiserver v0.31.1 h1:L+hwULvXx+nvTYX/MKM3kKMZyei+UiSXQWciX/N6E40= +k8s.io/apiextensions-apiserver v0.31.1/go.mod h1:tWMPR3sgW+jsl2xm9v7lAyRF1rYEK71i9G5dRtkknoQ= k8s.io/apimachinery v0.31.1 h1:mhcUBbj7KUjaVhyXILglcVjuS4nYXiwC+KKFBgIVy7U= k8s.io/apimachinery v0.31.1/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo= -k8s.io/apiserver v0.31.0 h1:p+2dgJjy+bk+B1Csz+mc2wl5gHwvNkC9QJV+w55LVrY= -k8s.io/apiserver v0.31.0/go.mod h1:KI9ox5Yu902iBnnyMmy7ajonhKnkeZYJhTZ/YI+WEMk= +k8s.io/apiserver v0.31.1 h1:Sars5ejQDCRBY5f7R3QFHdqN3s61nhkpaX8/k1iEw1c= +k8s.io/apiserver v0.31.1/go.mod h1:lzDhpeToamVZJmmFlaLwdYZwd7zB+WYRYIboqA1kGxM= k8s.io/cli-runtime v0.31.1 h1:/ZmKhmZ6hNqDM+yf9s3Y4KEYakNXUn5sod2LWGGwCuk= k8s.io/cli-runtime v0.31.1/go.mod h1:pKv1cDIaq7ehWGuXQ+A//1OIF+7DI+xudXtExMCbe9U= k8s.io/client-go v0.31.1 h1:f0ugtWSbWpxHR7sjVpQwuvw9a3ZKLXX0u0itkFXufb0= @@ -2527,8 +2527,8 @@ rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= sigs.k8s.io/cli-utils v0.36.0 h1:k7GM6LmIMydtvM6Ad91XuqKk0QEVL9bVbaiX1uvWIrA= sigs.k8s.io/cli-utils v0.36.0/go.mod h1:uCFC3BPXB3xHFQyKkWUlTrncVDCKzbdDfqZqRTCrk24= -sigs.k8s.io/controller-runtime v0.18.1 h1:RpWbigmuiylbxOCLy0tGnq1cU1qWPwNIQzoJk+QeJx4= -sigs.k8s.io/controller-runtime v0.18.1/go.mod h1:tuAt1+wbVsXIT8lPtk5RURxqAnq7xkpv2Mhttslg7Hw= +sigs.k8s.io/controller-runtime v0.19.0 h1:nWVM7aq+Il2ABxwiCizrVDSlmDcshi9llbaFbC0ji/Q= +sigs.k8s.io/controller-runtime v0.19.0/go.mod h1:iRmWllt8IlaLjvTTDLhRBXIEtkCK6hwVBJJsYS9Ajf4= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= sigs.k8s.io/kustomize/api v0.17.3 h1:6GCuHSsxq7fN5yhF2XrC+AAr8gxQwhexgHflOAD/JJU= From 9b3d512b4d021c8fafabe65604828a6745060da4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 1 Oct 2024 15:28:27 +0100 Subject: [PATCH 15/74] chore(deps): bump github.com/defenseunicorns/pkg/oci from 1.0.1 to 1.0.2 (#3048) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 4 ++-- go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index 6130a84aab..a04abc84c6 100644 --- a/go.mod +++ b/go.mod @@ -18,7 +18,7 @@ require ( github.com/avast/retry-go/v4 v4.6.0 github.com/defenseunicorns/pkg/helpers/v2 v2.0.1 github.com/defenseunicorns/pkg/kubernetes v0.3.0 - github.com/defenseunicorns/pkg/oci v1.0.1 + github.com/defenseunicorns/pkg/oci v1.0.2 github.com/derailed/k9s v0.32.5 github.com/distribution/distribution/v3 v3.0.0-alpha.1 github.com/distribution/reference v0.6.0 @@ -263,7 +263,7 @@ require ( github.com/digitorus/pkcs7 v0.0.0-20230818184609-3a137a874352 // indirect github.com/digitorus/timestamp v0.0.0-20231217203849-220c5c2851b7 // indirect github.com/dimchansky/utfbom v1.1.1 // indirect - github.com/docker/cli v27.1.1+incompatible // indirect + github.com/docker/cli v27.2.1+incompatible // indirect github.com/docker/distribution v2.8.3+incompatible // indirect github.com/docker/docker v27.2.1+incompatible // indirect github.com/docker/docker-credential-helpers v0.8.0 // indirect diff --git a/go.sum b/go.sum index e4c5bbc31a..14cb526810 100644 --- a/go.sum +++ b/go.sum @@ -623,8 +623,8 @@ github.com/defenseunicorns/pkg/helpers/v2 v2.0.1 h1:j08rz9vhyD9Bs+yKiyQMY2tSSejX github.com/defenseunicorns/pkg/helpers/v2 v2.0.1/go.mod h1:u1PAqOICZyiGIVA2v28g55bQH1GiAt0Bc4U9/rnWQvQ= github.com/defenseunicorns/pkg/kubernetes v0.3.0 h1:f4VSIaUdvn87/dhiZvRbUfHhcHa8bKia6aU0WcvPbYg= github.com/defenseunicorns/pkg/kubernetes v0.3.0/go.mod h1:FsuKQGpPZOnZWifBse7v787+avtIu2lte5LTsaojDkY= -github.com/defenseunicorns/pkg/oci v1.0.1 h1:WPrWRrae1L19X1vuhy6yYMR2zrTzgBbJHp3ImgUm4ZM= -github.com/defenseunicorns/pkg/oci v1.0.1/go.mod h1:qZ3up/d0P81taW37fKR4lb19jJhQZJVtNOEJMu00dHQ= +github.com/defenseunicorns/pkg/oci v1.0.2 h1:JRdFbKnJQiGVsMUWmcmm0ZS8aBmmAORXLGSAGkIGhBQ= +github.com/defenseunicorns/pkg/oci v1.0.2/go.mod h1:z11UFenAd4HQRucaEp0uhoccor/6zbQiXEQq+Z7vtI0= github.com/deitch/magic v0.0.0-20230404182410-1ff89d7342da h1:ZOjWpVsFZ06eIhnh4mkaceTiVoktdU67+M7KDHJ268M= github.com/deitch/magic v0.0.0-20230404182410-1ff89d7342da/go.mod h1:B3tI9iGHi4imdLi4Asdha1Sc6feLMTfPLXh9IUYmysk= github.com/depcheck-test/depcheck-test v0.0.0-20220607135614-199033aaa936 h1:foGzavPWwtoyBvjWyKJYDYsyzy+23iBV7NKTwdk+LRY= @@ -657,8 +657,8 @@ github.com/distribution/distribution/v3 v3.0.0-alpha.1 h1:jn7I1gvjOvmLztH1+1cLiU github.com/distribution/distribution/v3 v3.0.0-alpha.1/go.mod h1:LCp4JZp1ZalYg0W/TN05jarCQu+h4w7xc7ZfQF4Y/cY= github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk= github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E= -github.com/docker/cli v27.1.1+incompatible h1:goaZxOqs4QKxznZjjBWKONQci/MywhtRv2oNn0GkeZE= -github.com/docker/cli v27.1.1+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= +github.com/docker/cli v27.2.1+incompatible h1:U5BPtiD0viUzjGAjV1p0MGB8eVA3L3cbIrnyWmSJI70= +github.com/docker/cli v27.2.1+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk= github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= github.com/docker/docker v27.2.1+incompatible h1:fQdiLfW7VLscyoeYEBz7/J8soYFDZV1u6VW6gJEjNMI= From f5edaa671e9a98b6de2ab905288653d2152c1ed8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 1 Oct 2024 12:44:14 -0400 Subject: [PATCH 16/74] chore(deps): bump github.com/fluxcd/source-controller/api from 1.3.0 to 1.4.1 (#3050) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index a04abc84c6..1bf7ce1574 100644 --- a/go.mod +++ b/go.mod @@ -27,7 +27,7 @@ require ( github.com/fluxcd/gitkit v0.6.0 github.com/fluxcd/helm-controller/api v1.1.0 github.com/fluxcd/pkg/apis/meta v1.6.1 - github.com/fluxcd/source-controller/api v1.3.0 + github.com/fluxcd/source-controller/api v1.4.1 github.com/go-git/go-git/v5 v5.12.0 github.com/goccy/go-yaml v1.12.0 github.com/gofrs/flock v0.12.1 diff --git a/go.sum b/go.sum index 14cb526810..c4d6470348 100644 --- a/go.sum +++ b/go.sum @@ -743,8 +743,8 @@ github.com/fluxcd/pkg/apis/kustomize v1.6.1 h1:22FJc69Mq4i8aCxnKPlddHhSMyI4UPkQk github.com/fluxcd/pkg/apis/kustomize v1.6.1/go.mod h1:5dvQ4IZwz0hMGmuj8tTWGtarsuxW0rWsxJOwC6i+0V8= github.com/fluxcd/pkg/apis/meta v1.6.1 h1:maLhcRJ3P/70ArLCY/LF/YovkxXbX+6sTWZwZQBeNq0= github.com/fluxcd/pkg/apis/meta v1.6.1/go.mod h1:YndB/gxgGZmKfqpAfFxyCDNFJFP0ikpeJzs66jwq280= -github.com/fluxcd/source-controller/api v1.3.0 h1:Z5Lq0aJY87yg0cQDEuwGLKS60GhdErCHtsi546HUt10= -github.com/fluxcd/source-controller/api v1.3.0/go.mod h1:+tfd0vltjcVs/bbnq9AlYR9AAHSVfM/Z4v4TpQmdJf4= +github.com/fluxcd/source-controller/api v1.4.1 h1:zV01D7xzHOXWbYXr36lXHWWYS7POARsjLt61Nbh3kVY= +github.com/fluxcd/source-controller/api v1.4.1/go.mod h1:gSjg57T+IG66SsBR0aquv+DFrm4YyBNpKIJVDnu3Ya8= github.com/fortytw2/leaktest v1.3.0 h1:u8491cBMTQ8ft8aeV+adlcytMZylmA5nnwwkRZjI8vw= github.com/fortytw2/leaktest v1.3.0/go.mod h1:jDsjWgpAGjm2CA7WthBh/CdZYEPF31XHquHwclZch5g= github.com/foxcpp/go-mockdns v1.1.0 h1:jI0rD8M0wuYAxL7r/ynTrCQQq0BVqfB99Vgk7DlmewI= From 117433c332923b4253912b6334c2a29fdc267a3d Mon Sep 17 00:00:00 2001 From: Philip Laine Date: Tue, 1 Oct 2024 19:10:07 +0200 Subject: [PATCH 17/74] refactor: layout (#3022) Signed-off-by: Philip Laine --- src/cmd/package.go | 7 +- src/internal/packager2/inspect.go | 31 +- src/internal/packager2/layout/layout.go | 34 ++ src/internal/packager2/layout/package.go | 313 ++++++++++++++++++ src/internal/packager2/layout/package_test.go | 55 +++ src/internal/packager2/load.go | 102 +----- src/internal/packager2/load_test.go | 14 +- src/internal/packager2/mirror.go | 49 ++- src/internal/packager2/pull_test.go | 2 +- .../packager2/testdata/deployment.yaml | 21 ++ .../zarf-package-test-amd64-0.0.1.tar.zst | Bin 3683512 -> 3683279 bytes ...f-package-test-amd64-0.0.1.tar.zst.part000 | 2 +- ...f-package-test-amd64-0.0.1.tar.zst.part001 | Bin 1000000 -> 1000000 bytes ...f-package-test-amd64-0.0.1.tar.zst.part002 | Bin 1000000 -> 1000000 bytes ...f-package-test-amd64-0.0.1.tar.zst.part003 | Bin 1000000 -> 1000000 bytes ...f-package-test-amd64-0.0.1.tar.zst.part004 | Bin 683508 -> 683281 bytes src/internal/packager2/testdata/zarf.yaml | 5 + 17 files changed, 494 insertions(+), 141 deletions(-) create mode 100644 src/internal/packager2/layout/layout.go create mode 100644 src/internal/packager2/layout/package.go create mode 100644 src/internal/packager2/layout/package_test.go create mode 100644 src/internal/packager2/testdata/deployment.yaml diff --git a/src/cmd/package.go b/src/cmd/package.go index 3ae1b0e2ff..bbd61c3ff7 100644 --- a/src/cmd/package.go +++ b/src/cmd/package.go @@ -153,14 +153,15 @@ var packageMirrorCmd = &cobra.Command{ SkipSignatureValidation: pkgConfig.PkgOpts.SkipSignatureValidation, Filter: filter, } - pkgPaths, err := packager2.LoadPackage(cmd.Context(), loadOpt) + pkgLayout, err := packager2.LoadPackage(cmd.Context(), loadOpt) if err != nil { return err } - defer os.RemoveAll(pkgPaths.Base) + //nolint: errcheck // ignore + defer pkgLayout.Cleanup() mirrorOpt := packager2.MirrorOptions{ Cluster: c, - PackagePaths: *pkgPaths, + PkgLayout: pkgLayout, Filter: filter, RegistryInfo: pkgConfig.InitOpts.RegistryInfo, GitInfo: pkgConfig.InitOpts.GitServer, diff --git a/src/internal/packager2/inspect.go b/src/internal/packager2/inspect.go index bfad933b3a..0e4c1e0321 100644 --- a/src/internal/packager2/inspect.go +++ b/src/internal/packager2/inspect.go @@ -7,12 +7,15 @@ package packager2 import ( "context" "fmt" + "os" "github.com/defenseunicorns/pkg/helpers/v2" "github.com/zarf-dev/zarf/src/api/v1alpha1" + "github.com/zarf-dev/zarf/src/config" "github.com/zarf-dev/zarf/src/internal/packager/sbom" "github.com/zarf-dev/zarf/src/pkg/cluster" "github.com/zarf-dev/zarf/src/pkg/packager/filters" + "github.com/zarf-dev/zarf/src/pkg/utils" ) // ZarfInspectOptions tracks the user-defined preferences during a package inspection. @@ -35,7 +38,7 @@ func Inspect(ctx context.Context, opt ZarfInspectOptions) (v1alpha1.ZarfPackage, } if getSBOM(opt.ViewSBOM, opt.SBOMOutputDir) { - err = handleSBOMOptions(ctx, pkg, opt) + err = handleSBOMOptions(ctx, opt) if err != nil { return pkg, err } @@ -75,7 +78,7 @@ func getPackageMetadata(ctx context.Context, opt ZarfInspectOptions) (v1alpha1.Z return pkg, nil } -func handleSBOMOptions(ctx context.Context, pkg v1alpha1.ZarfPackage, opt ZarfInspectOptions) error { +func handleSBOMOptions(ctx context.Context, opt ZarfInspectOptions) error { loadOpt := LoadOptions{ Source: opt.Source, SkipSignatureValidation: opt.SkipSignatureValidation, @@ -86,23 +89,25 @@ func handleSBOMOptions(ctx context.Context, pkg v1alpha1.ZarfPackage, opt ZarfIn if err != nil { return err } - if opt.SBOMOutputDir != "" { - out, err := layout.SBOMs.OutputSBOMFiles(opt.SBOMOutputDir, pkg.Metadata.Name) + + sbomDirPath := opt.SBOMOutputDir + if sbomDirPath == "" { + tmpDir, err := utils.MakeTempDir(config.CommonOptions.TempDirectory) if err != nil { return err } - if opt.ViewSBOM { - err := sbom.ViewSBOMFiles(out) - if err != nil { - return err - } - } - } else if opt.ViewSBOM { - err := sbom.ViewSBOMFiles(layout.SBOMs.Path) + defer os.RemoveAll(tmpDir) + sbomDirPath = tmpDir + } + sbomPath, err := layout.GetSBOM(sbomDirPath) + if err != nil { + return err + } + if opt.ViewSBOM { + err := sbom.ViewSBOMFiles(sbomPath) if err != nil { return err } - return err } return nil } diff --git a/src/internal/packager2/layout/layout.go b/src/internal/packager2/layout/layout.go new file mode 100644 index 0000000000..7dcd09971c --- /dev/null +++ b/src/internal/packager2/layout/layout.go @@ -0,0 +1,34 @@ +// SPDX-License-Identifier: Apache-2.0 +// SPDX-FileCopyrightText: 2021-Present The Zarf Authors + +// Package layout contains functions for inteacting the Zarf packages. +package layout + +// Constants used in the default package layout. +const ( + ZarfYAML = "zarf.yaml" + Signature = "zarf.yaml.sig" + Checksums = "checksums.txt" + + ImagesDir = "images" + ComponentsDir = "components" + + SBOMDir = "zarf-sbom" + SBOMTar = "sboms.tar" + + IndexJSON = "index.json" + OCILayout = "oci-layout" +) + +// ComponentDir is the type for the different directories in a component. +type ComponentDir string + +// Different component directory types. +const ( + RepoComponentDir ComponentDir = "repos" + FilesComponentDir ComponentDir = "files" + ChartsComponentDir ComponentDir = "charts" + ManifestsComponentDir ComponentDir = "manifests" + DataComponentDir ComponentDir = "data" + ValuesComponentDir ComponentDir = "values" +) diff --git a/src/internal/packager2/layout/package.go b/src/internal/packager2/layout/package.go new file mode 100644 index 0000000000..cf8dbf179b --- /dev/null +++ b/src/internal/packager2/layout/package.go @@ -0,0 +1,313 @@ +// SPDX-License-Identifier: Apache-2.0 +// SPDX-FileCopyrightText: 2021-Present The Zarf Authors + +package layout + +import ( + "archive/tar" + "context" + "errors" + "fmt" + "io" + "io/fs" + "os" + "path/filepath" + "strings" + + "github.com/defenseunicorns/pkg/helpers/v2" + goyaml "github.com/goccy/go-yaml" + registryv1 "github.com/google/go-containerregistry/pkg/v1" + "github.com/google/go-containerregistry/pkg/v1/layout" + "github.com/mholt/archiver/v3" + ocispec "github.com/opencontainers/image-spec/specs-go/v1" + "github.com/sigstore/cosign/v2/cmd/cosign/cli/options" + "github.com/sigstore/cosign/v2/cmd/cosign/cli/verify" + + "github.com/zarf-dev/zarf/src/api/v1alpha1" + "github.com/zarf-dev/zarf/src/config" + "github.com/zarf-dev/zarf/src/pkg/packager/deprecated" + "github.com/zarf-dev/zarf/src/pkg/transform" + "github.com/zarf-dev/zarf/src/pkg/utils" +) + +// PackageLayout manages the layout for a package. +type PackageLayout struct { + dirPath string + Pkg v1alpha1.ZarfPackage +} + +// PackageLayoutOptions are the options used when loading a package. +type PackageLayoutOptions struct { + PublicKeyPath string + SkipSignatureValidation bool + IsPartial bool +} + +// LoadFromTar unpacks the give compressed package and loads it. +func LoadFromTar(ctx context.Context, tarPath string, opt PackageLayoutOptions) (*PackageLayout, error) { + dirPath, err := utils.MakeTempDir(config.CommonOptions.TempDirectory) + if err != nil { + return nil, err + } + err = archiver.Walk(tarPath, func(f archiver.File) error { + if f.IsDir() { + return nil + } + header, ok := f.Header.(*tar.Header) + if !ok { + return fmt.Errorf("expected header to be *tar.Header but was %T", f.Header) + } + // If path has nested directories we want to create them. + dir := filepath.Dir(header.Name) + if dir != "." { + err := os.MkdirAll(filepath.Join(dirPath, dir), helpers.ReadExecuteAllWriteUser) + if err != nil { + return err + } + } + dst, err := os.Create(filepath.Join(dirPath, header.Name)) + if err != nil { + return err + } + defer dst.Close() + _, err = io.Copy(dst, f) + if err != nil { + return err + } + return nil + }) + if err != nil { + return nil, err + } + p, err := LoadFromDir(ctx, dirPath, opt) + if err != nil { + return nil, err + } + return p, nil +} + +// LoadFromDir loads and validates a package from the given directory path. +func LoadFromDir(ctx context.Context, dirPath string, opt PackageLayoutOptions) (*PackageLayout, error) { + b, err := os.ReadFile(filepath.Join(dirPath, ZarfYAML)) + if err != nil { + return nil, err + } + var pkg v1alpha1.ZarfPackage + err = goyaml.Unmarshal(b, &pkg) + if err != nil { + return nil, err + } + if len(pkg.Build.Migrations) > 0 { + for idx, component := range pkg.Components { + pkg.Components[idx], _ = deprecated.MigrateComponent(pkg.Build, component) + } + } + + pkgLayout := &PackageLayout{ + dirPath: dirPath, + Pkg: pkg, + } + err = validatePackageIntegrity(pkgLayout, opt.IsPartial) + if err != nil { + return nil, err + } + err = validatePackageSignature(ctx, pkgLayout, opt.PublicKeyPath, opt.SkipSignatureValidation) + if err != nil { + return nil, err + } + return pkgLayout, nil +} + +// Cleanup removes any temporary directories created. +func (p *PackageLayout) Cleanup() error { + err := os.RemoveAll(p.dirPath) + if err != nil { + return err + } + return nil +} + +// GetSBOM outputs the SBOM data from the package to the give destination path. +func (p *PackageLayout) GetSBOM(destPath string) (string, error) { + path := filepath.Join(destPath, p.Pkg.Metadata.Name) + err := archiver.Extract(filepath.Join(p.dirPath, SBOMTar), "", path) + if err != nil { + return "", err + } + return path, nil +} + +// GetComponentDir returns a path to the directory in the given component. +func (p *PackageLayout) GetComponentDir(destPath, componentName string, ct ComponentDir) (string, error) { + sourcePath := filepath.Join(p.dirPath, ComponentsDir, fmt.Sprintf("%s.tar", componentName)) + _, err := os.Stat(sourcePath) + if errors.Is(err, os.ErrNotExist) { + return "", fmt.Errorf("component %s does not exist in package: %w", componentName, err) + } + if err != nil { + return "", err + } + tmpDir, err := utils.MakeTempDir(config.CommonOptions.TempDirectory) + if err != nil { + return "", err + } + defer os.RemoveAll(tmpDir) + // TODO (phillebaba): We are not using archiver.Extract here because there is a bug in Windows where the files will not be extracted properly from nested directories. + // https://github.com/zarf-dev/zarf/issues/3051 + err = archiver.Unarchive(sourcePath, tmpDir) + if err != nil { + return "", err + } + compPath := filepath.Join(tmpDir, componentName, string(ct)) + _, err = os.Stat(compPath) + if errors.Is(err, os.ErrNotExist) { + return "", fmt.Errorf("component %s could not access a %s directory: %w", componentName, ct, err) + } + if err != nil { + return "", err + } + outPath := filepath.Join(destPath, string(ct)) + err = os.Rename(compPath, outPath) + if err != nil { + return "", err + } + return outPath, nil +} + +// GetImage returns the image with the given reference in the package layout. +func (p *PackageLayout) GetImage(ref transform.Image) (registryv1.Image, error) { + // Use the manifest within the index.json to load the specific image we want + layoutPath := layout.Path(filepath.Join(p.dirPath, ImagesDir)) + imgIdx, err := layoutPath.ImageIndex() + if err != nil { + return nil, err + } + idxManifest, err := imgIdx.IndexManifest() + if err != nil { + return nil, err + } + // Search through all the manifests within this package until we find the annotation that matches our ref + for _, manifest := range idxManifest.Manifests { + if manifest.Annotations[ocispec.AnnotationBaseImageName] == ref.Reference || + // A backwards compatibility shim for older Zarf versions that would leave docker.io off of image annotations + (manifest.Annotations[ocispec.AnnotationBaseImageName] == ref.Path+ref.TagOrDigest && ref.Host == "docker.io") { + // This is the image we are looking for, load it and then return + return layoutPath.Image(manifest.Digest) + } + } + return nil, fmt.Errorf("unable to find the image %s", ref.Reference) +} + +func validatePackageIntegrity(pkgLayout *PackageLayout, isPartial bool) error { + _, err := os.Stat(filepath.Join(pkgLayout.dirPath, ZarfYAML)) + if err != nil { + return err + } + _, err = os.Stat(filepath.Join(pkgLayout.dirPath, Checksums)) + if err != nil { + return err + } + err = helpers.SHAsMatch(filepath.Join(pkgLayout.dirPath, Checksums), pkgLayout.Pkg.Metadata.AggregateChecksum) + if err != nil { + return err + } + + packageFiles := map[string]interface{}{} + err = filepath.Walk(pkgLayout.dirPath, func(path string, info fs.FileInfo, err error) error { + if info.IsDir() { + return nil + } + packageFiles[path] = nil + return err + }) + if err != nil { + return err + } + // Remove files which are not in the checksums. + delete(packageFiles, filepath.Join(pkgLayout.dirPath, ZarfYAML)) + delete(packageFiles, filepath.Join(pkgLayout.dirPath, Checksums)) + delete(packageFiles, filepath.Join(pkgLayout.dirPath, Signature)) + + b, err := os.ReadFile(filepath.Join(pkgLayout.dirPath, Checksums)) + if err != nil { + return err + } + lines := strings.Split(string(b), "\n") + for _, line := range lines { + // If the line is empty (i.e. there is no checksum) simply skip it, this can result from a package with no images/components. + if line == "" { + continue + } + + split := strings.Split(line, " ") + if len(split) != 2 { + return fmt.Errorf("invalid checksum line: %s", line) + } + sha := split[0] + rel := split[1] + if sha == "" || rel == "" { + return fmt.Errorf("invalid checksum line: %s", line) + } + + path := filepath.Join(pkgLayout.dirPath, rel) + _, ok := packageFiles[path] + if !ok && isPartial { + delete(packageFiles, path) + continue + } + if !ok { + return fmt.Errorf("file %s from checksum missing in layout", rel) + } + err = helpers.SHAsMatch(path, sha) + if err != nil { + return err + } + delete(packageFiles, path) + } + + if len(packageFiles) > 0 { + // TODO (phillebaba): Replace with maps.Keys after upgrading to Go 1.23. + filePaths := []string{} + for k := range packageFiles { + filePaths = append(filePaths, k) + } + return fmt.Errorf("package contains additional files not present in the checksum %s", strings.Join(filePaths, ", ")) + } + + return nil +} + +func validatePackageSignature(ctx context.Context, pkgLayout *PackageLayout, publicKeyPath string, skipSignatureValidation bool) error { + if skipSignatureValidation { + return nil + } + + signaturePath := filepath.Join(pkgLayout.dirPath, Signature) + sigExist := true + _, err := os.Stat(signaturePath) + if err != nil { + sigExist = false + } + if !sigExist && publicKeyPath == "" { + // Nobody was expecting a signature, so we can just return + return nil + } else if sigExist && publicKeyPath == "" { + return errors.New("package is signed but no key was provided") + } else if !sigExist && publicKeyPath != "" { + return errors.New("a key was provided but the package is not signed") + } + + keyOptions := options.KeyOpts{KeyRef: publicKeyPath} + cmd := &verify.VerifyBlobCmd{ + KeyOpts: keyOptions, + SigRef: signaturePath, + IgnoreSCT: true, + Offline: true, + IgnoreTlog: true, + } + err = cmd.Exec(ctx, filepath.Join(pkgLayout.dirPath, ZarfYAML)) + if err != nil { + return fmt.Errorf("package signature did not match the provided key: %w", err) + } + return nil +} diff --git a/src/internal/packager2/layout/package_test.go b/src/internal/packager2/layout/package_test.go new file mode 100644 index 0000000000..79fd057429 --- /dev/null +++ b/src/internal/packager2/layout/package_test.go @@ -0,0 +1,55 @@ +// SPDX-License-Identifier: Apache-2.0 +// SPDX-FileCopyrightText: 2021-Present The Zarf Authors + +package layout + +import ( + "os" + "path/filepath" + "testing" + + "github.com/stretchr/testify/require" + + "github.com/zarf-dev/zarf/src/pkg/transform" + "github.com/zarf-dev/zarf/src/test/testutil" +) + +func TestPackageLayout(t *testing.T) { + t.Parallel() + + ctx := testutil.TestContext(t) + + pkgLayout, err := LoadFromTar(ctx, "../testdata/zarf-package-test-amd64-0.0.1.tar.zst", PackageLayoutOptions{}) + require.NoError(t, err) + + require.Equal(t, "test", pkgLayout.Pkg.Metadata.Name) + require.Equal(t, "0.0.1", pkgLayout.Pkg.Metadata.Version) + + tmpDir := t.TempDir() + manifestDir, err := pkgLayout.GetComponentDir(tmpDir, "test", ManifestsComponentDir) + require.NoError(t, err) + expected, err := os.ReadFile("../testdata/deployment.yaml") + require.NoError(t, err) + b, err := os.ReadFile(filepath.Join(manifestDir, "deployment-0.yaml")) + require.NoError(t, err) + require.Equal(t, expected, b) + + _, err = pkgLayout.GetComponentDir(t.TempDir(), "does-not-exist", ManifestsComponentDir) + require.ErrorContains(t, err, "component does-not-exist does not exist in package") + + _, err = pkgLayout.GetComponentDir(t.TempDir(), "test", FilesComponentDir) + require.ErrorContains(t, err, "component test could not access a files directory") + + tmpDir = t.TempDir() + sbomPath, err := pkgLayout.GetSBOM(tmpDir) + require.NoError(t, err) + require.FileExists(t, filepath.Join(sbomPath, "compare.html")) + + ref, err := transform.ParseImageRef("docker.io/library/alpine:3.20") + require.NoError(t, err) + img, err := pkgLayout.GetImage(ref) + require.NoError(t, err) + dgst, err := img.Digest() + require.NoError(t, err) + require.Equal(t, "sha256:33735bd63cf84d7e388d9f6d297d348c523c044410f553bd878c6d7829612735", dgst.String()) +} diff --git a/src/internal/packager2/load.go b/src/internal/packager2/load.go index c17fcf24b5..b757315173 100644 --- a/src/internal/packager2/load.go +++ b/src/internal/packager2/load.go @@ -4,10 +4,8 @@ package packager2 import ( - "archive/tar" "context" "encoding/json" - "errors" "fmt" "io" "net/url" @@ -17,14 +15,12 @@ import ( "strings" "github.com/defenseunicorns/pkg/helpers/v2" - "github.com/mholt/archiver/v3" "github.com/zarf-dev/zarf/src/api/v1alpha1" "github.com/zarf-dev/zarf/src/config" + "github.com/zarf-dev/zarf/src/internal/packager2/layout" "github.com/zarf-dev/zarf/src/pkg/cluster" - "github.com/zarf-dev/zarf/src/pkg/layout" "github.com/zarf-dev/zarf/src/pkg/packager/filters" - "github.com/zarf-dev/zarf/src/pkg/packager/sources" "github.com/zarf-dev/zarf/src/pkg/utils" "github.com/zarf-dev/zarf/src/types" ) @@ -39,7 +35,7 @@ type LoadOptions struct { } // LoadPackage optionally fetches and loads the package from the given source. -func LoadPackage(ctx context.Context, opt LoadOptions) (*layout.PackagePaths, error) { +func LoadPackage(ctx context.Context, opt LoadOptions) (*layout.PackageLayout, error) { srcType, err := identifySource(opt.Source) if err != nil { return nil, err @@ -81,87 +77,16 @@ func LoadPackage(ctx context.Context, opt LoadOptions) (*layout.PackagePaths, er } } - // Extract the package - packageDir, err := utils.MakeTempDir(config.CommonOptions.TempDirectory) - if err != nil { - return nil, err + layoutOpt := layout.PackageLayoutOptions{ + PublicKeyPath: opt.PublicKeyPath, + SkipSignatureValidation: opt.SkipSignatureValidation, + IsPartial: isPartial, } - pathsExtracted := []string{} - err = archiver.Walk(tarPath, func(f archiver.File) error { - if f.IsDir() { - return nil - } - header, ok := f.Header.(*tar.Header) - if !ok { - return fmt.Errorf("expected header to be *tar.Header but was %T", f.Header) - } - // If path has nested directories we want to create them. - dir := filepath.Dir(header.Name) - if dir != "." { - err := os.MkdirAll(filepath.Join(packageDir, dir), helpers.ReadExecuteAllWriteUser) - if err != nil { - return err - } - } - dst, err := os.Create(filepath.Join(packageDir, header.Name)) - if err != nil { - return err - } - defer dst.Close() - _, err = io.Copy(dst, f) - if err != nil { - return err - } - pathsExtracted = append(pathsExtracted, header.Name) - return nil - }) + pkgLayout, err := layout.LoadFromTar(ctx, tarPath, layoutOpt) if err != nil { return nil, err } - - // Load the package paths - pkgPaths := layout.New(packageDir) - pkgPaths.SetFromPaths(pathsExtracted) - pkg, _, err := pkgPaths.ReadZarfYAML() - if err != nil { - return nil, err - } - // TODO: Filter is not persistently applied. - pkg.Components, err = opt.Filter.Apply(pkg) - if err != nil { - return nil, err - } - if err := pkgPaths.MigrateLegacy(); err != nil { - return nil, err - } - if !pkgPaths.IsLegacyLayout() { - if err := sources.ValidatePackageIntegrity(pkgPaths, pkg.Metadata.AggregateChecksum, isPartial); err != nil { - return nil, err - } - if !opt.SkipSignatureValidation { - if err := sources.ValidatePackageSignature(ctx, pkgPaths, opt.PublicKeyPath); err != nil { - return nil, err - } - } - } - for _, component := range pkg.Components { - if err := pkgPaths.Components.Unarchive(component); err != nil { - if errors.Is(err, layout.ErrNotLoaded) { - _, err := pkgPaths.Components.Create(component) - if err != nil { - return nil, err - } - } else { - return nil, err - } - } - } - if pkgPaths.SBOMs.Path != "" { - if err := pkgPaths.SBOMs.Unarchive(); err != nil { - return nil, err - } - } - return pkgPaths, nil + return pkgLayout, nil } // identifySource returns the source type for the given source. @@ -246,14 +171,11 @@ func packageFromSourceOrCluster(ctx context.Context, cluster *cluster.Cluster, s Filter: filters.Empty(), PublicKeyPath: publicKeyPath, } - pkgPaths, err := LoadPackage(ctx, loadOpt) - if err != nil { - return v1alpha1.ZarfPackage{}, err - } - defer os.RemoveAll(pkgPaths.Base) - pkg, _, err := pkgPaths.ReadZarfYAML() + p, err := LoadPackage(ctx, loadOpt) if err != nil { return v1alpha1.ZarfPackage{}, err } - return pkg, nil + //nolint: errcheck // ignore + defer p.Cleanup() + return p.Pkg, nil } diff --git a/src/internal/packager2/load_test.go b/src/internal/packager2/load_test.go index 4c09a12260..e48140c966 100644 --- a/src/internal/packager2/load_test.go +++ b/src/internal/packager2/load_test.go @@ -28,12 +28,12 @@ func TestLoadPackage(t *testing.T) { { name: "tarball", source: "./testdata/zarf-package-test-amd64-0.0.1.tar.zst", - shasum: "307294e3a066cebea6f04772c2ba31210b2753b40b0d5da86a1983c29c5545dd", + shasum: "bef73d652f004d214d5cf9e00195293f7ae8390b8ff6ed45e39c2c9eb622b873", }, { name: "split", source: "./testdata/zarf-package-test-amd64-0.0.1.tar.zst.part000", - shasum: "6c0de217e3eeff224679ec0a26751655759a30f4aae7fbe793ca1617ddfc4228", + shasum: "9c021ef9f62f58cca6dc01641521f372f387cc54c0d959a4f3861c6c636d98f1", }, } for _, tt := range tests { @@ -48,14 +48,12 @@ func TestLoadPackage(t *testing.T) { SkipSignatureValidation: false, Filter: filters.Empty(), } - pkgPaths, err := LoadPackage(ctx, opt) + pkgLayout, err := LoadPackage(ctx, opt) require.NoError(t, err) - pkg, _, err := pkgPaths.ReadZarfYAML() - require.NoError(t, err) - require.Equal(t, "test", pkg.Metadata.Name) - require.Equal(t, "0.0.1", pkg.Metadata.Version) - require.Len(t, pkg.Components, 1) + require.Equal(t, "test", pkgLayout.Pkg.Metadata.Name) + require.Equal(t, "0.0.1", pkgLayout.Pkg.Metadata.Version) + require.Len(t, pkgLayout.Pkg.Components, 1) } opt := LoadOptions{ diff --git a/src/internal/packager2/mirror.go b/src/internal/packager2/mirror.go index 7649b62757..8532a8c4e6 100644 --- a/src/internal/packager2/mirror.go +++ b/src/internal/packager2/mirror.go @@ -8,6 +8,7 @@ import ( "errors" "fmt" "net/http" + "os" "time" "github.com/avast/retry-go/v4" @@ -21,8 +22,8 @@ import ( "github.com/zarf-dev/zarf/src/internal/dns" "github.com/zarf-dev/zarf/src/internal/git" "github.com/zarf-dev/zarf/src/internal/gitea" + "github.com/zarf-dev/zarf/src/internal/packager2/layout" "github.com/zarf-dev/zarf/src/pkg/cluster" - "github.com/zarf-dev/zarf/src/pkg/layout" "github.com/zarf-dev/zarf/src/pkg/message" "github.com/zarf-dev/zarf/src/pkg/packager/filters" "github.com/zarf-dev/zarf/src/pkg/transform" @@ -33,7 +34,7 @@ import ( // MirrorOptions are the options for Mirror. type MirrorOptions struct { Cluster *cluster.Cluster - PackagePaths layout.PackagePaths + PkgLayout *layout.PackageLayout Filter filters.ComponentFilterStrategy RegistryInfo types.RegistryInfo GitInfo types.GitServerInfo @@ -43,33 +44,28 @@ type MirrorOptions struct { // Mirror mirrors the package contents to the given registry and git server. func Mirror(ctx context.Context, opt MirrorOptions) error { - err := pushImagesToRegistry(ctx, opt.Cluster, opt.PackagePaths, opt.Filter, opt.RegistryInfo, opt.NoImageChecksum, opt.Retries) + err := pushImagesToRegistry(ctx, opt.Cluster, opt.PkgLayout, opt.Filter, opt.RegistryInfo, opt.NoImageChecksum, opt.Retries) if err != nil { return err } - err = pushReposToRepository(ctx, opt.Cluster, opt.PackagePaths, opt.Filter, opt.GitInfo, opt.Retries) + err = pushReposToRepository(ctx, opt.Cluster, opt.PkgLayout, opt.Filter, opt.GitInfo, opt.Retries) if err != nil { return err } return nil } -func pushImagesToRegistry(ctx context.Context, c *cluster.Cluster, pkgPaths layout.PackagePaths, filter filters.ComponentFilterStrategy, regInfo types.RegistryInfo, noImgChecksum bool, retries int) error { +func pushImagesToRegistry(ctx context.Context, c *cluster.Cluster, pkgLayout *layout.PackageLayout, filter filters.ComponentFilterStrategy, regInfo types.RegistryInfo, noImgChecksum bool, retries int) error { logs.Warn.SetOutput(&message.DebugWriter{}) logs.Progress.SetOutput(&message.DebugWriter{}) - pkg, _, err := pkgPaths.ReadZarfYAML() + components, err := filter.Apply(pkgLayout.Pkg) if err != nil { return err } - components, err := filter.Apply(pkg) - if err != nil { - return err - } - pkg.Components = components images := map[transform.Image]v1.Image{} - for _, component := range pkg.Components { + for _, component := range components { for _, img := range component.Images { ref, err := transform.ParseImageRef(img) if err != nil { @@ -78,11 +74,11 @@ func pushImagesToRegistry(ctx context.Context, c *cluster.Cluster, pkgPaths layo if _, ok := images[ref]; ok { continue } - ociImage, err := utils.LoadOCIImage(pkgPaths.Images.Base, ref) + img, err := pkgLayout.GetImage(ref) if err != nil { return err } - images[ref] = ociImage + images[ref] = img } } if len(images) == 0 { @@ -96,7 +92,7 @@ func pushImagesToRegistry(ctx context.Context, c *cluster.Cluster, pkgPaths layo transportWithProgressBar := helpers.NewTransport(transport, nil) pushOptions := []crane.Option{ - crane.WithPlatform(&v1.Platform{OS: "linux", Architecture: pkg.Build.Architecture}), + crane.WithPlatform(&v1.Platform{OS: "linux", Architecture: pkgLayout.Pkg.Build.Architecture}), crane.WithTransport(transportWithProgressBar), crane.WithAuth(authn.FromConfig(authn.AuthConfig{ Username: regInfo.PushUsername, @@ -171,20 +167,23 @@ func pushImagesToRegistry(ctx context.Context, c *cluster.Cluster, pkgPaths layo return nil } -func pushReposToRepository(ctx context.Context, c *cluster.Cluster, pkgPaths layout.PackagePaths, filter filters.ComponentFilterStrategy, gitInfo types.GitServerInfo, retries int) error { - pkg, _, err := pkgPaths.ReadZarfYAML() +func pushReposToRepository(ctx context.Context, c *cluster.Cluster, pkgLayout *layout.PackageLayout, filter filters.ComponentFilterStrategy, gitInfo types.GitServerInfo, retries int) error { + components, err := filter.Apply(pkgLayout.Pkg) if err != nil { return err } - components, err := filter.Apply(pkg) - if err != nil { - return err - } - pkg.Components = components - - for _, component := range pkg.Components { + for _, component := range components { for _, repoURL := range component.Repos { - repository, err := git.Open(pkgPaths.Components.Dirs[component.Name].Repos, repoURL) + tmpDir, err := utils.MakeTempDir(config.CommonOptions.TempDirectory) + if err != nil { + return err + } + defer os.RemoveAll(tmpDir) + reposPath, err := pkgLayout.GetComponentDir(tmpDir, component.Name, layout.RepoComponentDir) + if err != nil { + return err + } + repository, err := git.Open(reposPath, repoURL) if err != nil { return err } diff --git a/src/internal/packager2/pull_test.go b/src/internal/packager2/pull_test.go index 72c85ac4d5..3d8d46b2ce 100644 --- a/src/internal/packager2/pull_test.go +++ b/src/internal/packager2/pull_test.go @@ -38,7 +38,7 @@ func TestPull(t *testing.T) { }) dir := t.TempDir() - shasum := "307294e3a066cebea6f04772c2ba31210b2753b40b0d5da86a1983c29c5545dd" + shasum := "bef73d652f004d214d5cf9e00195293f7ae8390b8ff6ed45e39c2c9eb622b873" err := Pull(ctx, srv.URL, dir, shasum, filters.Empty()) require.NoError(t, err) diff --git a/src/internal/packager2/testdata/deployment.yaml b/src/internal/packager2/testdata/deployment.yaml new file mode 100644 index 0000000000..a03ca172d7 --- /dev/null +++ b/src/internal/packager2/testdata/deployment.yaml @@ -0,0 +1,21 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: nginx-deployment + labels: + app: nginx +spec: + replicas: 3 + selector: + matchLabels: + app: nginx + template: + metadata: + labels: + app: nginx + spec: + containers: + - name: nginx + image: docker.io/library/nginx:1.14.2 + ports: + - containerPort: 80 diff --git a/src/internal/packager2/testdata/zarf-package-test-amd64-0.0.1.tar.zst b/src/internal/packager2/testdata/zarf-package-test-amd64-0.0.1.tar.zst index 19b43aa2793e90dcfaf3d7ba8f899d5c2d4d4508..6262cc3f2b09ca2c0556d37ba28de04deadf3a86 100644 GIT binary patch delta 49291 zcmX7u2Q(aA8^_h?HKL1EBg*O}dPMKNt%RO_>%=5c-o;&w{?mRQCJHN0ewtrzu^1uae@LZy=$w^mPLhOBB3Wy0wh>1UY zCN3o+h$VENB!z_jI}1ySV+o5%NJ@x{2#E;^rAhKV5EB*?6BTN3mBQANbP{uP5_hy0 ze<>^_>G0A~QbIylL`+0T!U1eAEF~-|1{M_;v$wx5At?zKcMx)t6a_m;NJ%(4N&+0c zAl_b{U{60^K|ips-}_?hcTh1QNnr^wF$r;T35k37-!Me~%M^szd%C{7zwnh5zHePj z&J;ziwfC$yPAT1d|kafr2+Qd-oAnX!o=>bo=(yLWnu`} z&)&)2&t94s0PwVjfTaPR&aR$80{5ney#v_8SDF|KxKH=>h<&}mj{lYOx$nl+(cV`Y zAbM~4f<3^FeqKHhdp}1PZ2-Uz4Dt4`_XGb|%hAiz&)(G&>;nJ@0HgsEp~fvzxz8B4DfUUI=TA#`M5gx{|A7;01-Yn zUoTJg`@y_)b-pk9z6*!%{VvWEQbA$y`{@;zymyl58y4Ia7F_Jhd1z!h;3Ez;Juig$ zbDZ#i+k+Ww*kR;vArBs$&XOaKT}oVb0>3lfa~7nH0ZTHTgTxyNNl!9!JbUg3E-Fz^ zWwC6f73%b3rZeamN&8}C%_OZH-tg{o`M>*785y+3|BRfQ>gf5fZ2Y3730=yU41-2& z%}iW&B@a=>7)miQ!S_%s8-ICjz%y$s7_S`Qq5c!^Pvk4s#t;t9!{2fQ5!4*aFPh)=lhaRSaFK26llOm5 z3bc#*V!E0T_=fd?81C>SC3$?tCYKww#ILN~?3}1jdj*16^oI=S7LWNWDJ*(HJ58~k zN8c3Vy%l?~8SSu~KGJ>s+cZtjgvEOZ{57cEQ;+wc6}!=32U`dyw2DYzZTB}2>S3G5n8`j1>Mk&(yU zp~+x(X!3vLZi#|C4rh-7hON4S@tlE*#WdkTBH$NP^wUFIW?-1ZRp20YaS?NpmO!_+J;Ee!6ejD{!Br ztLwejW-Cigq$Cr=?!>~S!t#zZ=gAt~!ZUn{!G73-m7sx(R8LN4Hi`#0jbi;j;bCFn zMAsAO8xQEUkBD>`wvG~N;a)~DJ=HO!!Z z0}w1d6Zm$54Q0-NKl~{3WGoQlxNTKNr^*Nf2|#t@NvHYBHpE}c%qUo%h5r3f(YRq3 z#BF1I3Rx0&cB@ESGUC*FJSLRQ;c9eO7qZ%2+L z-iLf{z*&ym&IW^E&SQC(=kiznrpiQ|bI}dAVC^;0u^j4fjn7MX25%K#B8POAbp#tz zBYq`79l25YY>bz7&LY4thG9ST67vr{!5q+#iVbk8K!YeaI)ufNIACcEyQo9&aqz~QRnh- zp$E+c1IxERpFds@i4STO7R+US;@>4wkKO^Or4W~W>^@XcM-GOsma7bTWJeA=ZL>l- z+s_BBuq*+15{OdQ39{NktKm$F%U=O_Y%>w?V4F{Nkl{vZSr6%`zRq7aSA|p>-_OJS zez)zr{9$EUZ|elrn9IU<3c<1rtg@LDNtYOHd1mN4r1z%i zH(=s9DK;@mII^TCq2mW$G&Pt(%!yR#Ml@dFrEU{fv|g-C_UK!)WxUgxc2@kNOIXb4 zTkm;e(Q4fAK6B86CKJ0#3z>n)fEUPmvRXL6!x1g#}!atLbX3UVKF4ggMfvm4R!46Spa`g2h*@i(U$G3w~I@SU<-AKPKkED+hv18|yzm3%@ zK=R916|Yr1I#kY|@kNB(l31TtSH+cIn_*LytVlI^ZfU81dM3=kMN2U?C44Oq8WvpB2 zni5=^jK@XE>tC>pscD$lh$oLcPJgPG{<7*Cw7C$DXodQL6eReR?0%*C^*%Cx(*y}+ zi+eFzbVwOUYVoV|&vcS4J`^Hh=PtVT``7%-k_S(5T@OQ_;kQ+t>2NcB#!l^3{Ze(n zsVPJxPVMVePWM4mj)LEcRo6*{O}pZcF*6mly1q=aONa^I>(j5vX5KKD(@a;~JVO+TPw{#;l?`n~YU$ zHI!ZIdl-i~bu`6F@6W9q$SlscuXGBx$yM6gBZZA|K{Q`9%%q&Bo^Hnv;_3P$sS;Sf z_U-COtrHGDI7t_>-A`V!B1ly{! z`@!mWnbo_BW?31Rce+oGCdxk~??}7oVOHH1(`9N*j^x&&sKVY>IP0@$d4pUrBKVULV3o8!n1cxTVJ?0uhhk^4JAX#g_33tlh^F2#ou? z@b1lxulc81haRr2l{3}x8gFSi^(A2QY|)|{OU>K;+vP71ZksLaGMVWXZbppJm2(?b zzJ>$Avh%U4!eLe%>J2(Uz7M!XG~e*hKlOYR5+Th+CG9MvQtRd}zv=ACc%%EEJwP$k z^q?sZ|GG#^X)TNc`p&d4mc3;I|E&b4R{F2m1}sH>K&_8IepZLEgAHPmfGny?^<1q# z$j5n@;vuCE8_uf2V&x^dQrq!lotCF{n@5VnI$qZW1q1t-#{aQvSc>(vNB@`hO zv6u}+uX}#_8@_k8^HSC6RqD%&%bybk6G5i5bc6}&MEN0q{%TZ|>jCo%ZS2%84c&=< zv7`??31>NZlL_M8rg^LeTp#y(7TGntGCF4Z81?AAtif{{vdgJD@&{~F1tXnxPGeCG z*kmDo00V9f40M|`%3(hGc}&czB@#!zKkvQ_|f!V!szd>OVRWKqEmUh zE9}uD^)yi$4UZnA$y%sN&Dg)nvz};d$voU?I`{D|{^Db22QD~GG>veiTBD8D)uL0y z;na~W2=kNNj(>oBlUp%=u)*B_@~8B>;+z+fA_+^6@!g^LX)j&=8kw*~926VIhh&3I zIHq&O@AiwoCfGVO3=5D(K@0D+LjLYk^UGHz8jVSh6GHUA(Bmd$M&4qv zCqjir*M+h8PVo333=G)C1f$ajU2S&ZZ_y~UMk2-Cw2`rtppQ9Ib zw#$A!u*ku$dSfYcFGJnJ@>OkDEYFy%Y!$n>W#Am{uy^FBEo@# z)X@0|WzF`f3#ToUAc4%q8b%G52DSd6& zF&oTynD9C-r9gmNIFaJRaTG4-z3@Zgu*u?h6Tm>kK@`c;h`)JLoyPh0fWJSJNT{XK zJ{{Bxk3iSRlLp-IUlFLeT6If7d|m^auc%c%{C)t|7UJT6cKYpwu^RLRzvLd_XE;=o zUs5`%q7BvY&U4p$P&-6IZzfAlnkaqkR4XoO3$O1R8P-IH$_mveK}%uYciRn^OWb2& zhJxYa%+R@9SlTCLJRI_5lio~gkLQC8En|eE7-?t?qc)iV_>JPYZI0zO=;aTQxAFRh zZ}mF05;&W&g^oe#LcIipKXEAlm0P;$&#?a>Rd z4--SsRnqR)886y=RvGHS(7z?&GfbN_QCm>WxldFg`@n#kpxBg5(_B2~+8IsA>N}c8 z=;dFA>Uy!2fFXUGPCODfLU*nFHku75I*R2Z-Pqwc`dk`unst(mPbPZ{iD3Hn7acW> zZ6A*2q({`Uucsni2^+IKf899_zvRakE>U<51&Ru)hLTJ*FAP~!1p)R}Ha1XC0^SQ& z>P5w}HgQRAzyKj3e?s+(FR{Qh99$pRSJ;Z)>Z*qA&mK9>W=|VmxVaR4`k3T{g{>Xz zo5g7Oi9*F*K50~TC-Kzb@f*~GNR|t#_aXxh;-CE;hOJ64^+s-mP5x557ZoCvWM#F# zppUMvq6c>72v)Gj6vNERUkO`KtJ>qw{P7Hmzc__ee99DWKw-CARK<{E_r2#xLgn@t zT-5adnUV5*E~&0&zX}#DM%f6qKBuu;o&3mpcAThn_4Zlfx;oKa_cKL6r*^Qr=pS;| z)?b#^MfSD9^kTItg1p`=1?sGh$###+6`{1>U)(%RbQLhLSQVedTL}bGCK@gU6{Ak6 z0|czDWx+jlb}=A6{W`_D0rS5#(}jBnJJvbBEt*m-^W`&>l9oA=LA zvx|7yGU4cg)HIQ*`>s~aV=F()(4KG`q!P_TfgaVSRYy;AF5KL`SJ$-8Opo^s=zE~E zoo3RnNJ-J8$fVa8;1x?lBzH!l>NEaRLzBW^n$$y|XZPHLKO)@h7^uG<7?Nl4Ujr|y zEPa*5TBxz!O$FD*G2F!zrUP(AzZ5)-d0KhkCUqM_nCRozLg5RuUmI?I zv@h@e=K9o*7u6GGUGl}k*v((>`_nQgNeV$>_}m%BiK9hUIvV%=(Ihm~^yj!~HI6Mv1Ljf`SB zrV^1Bgq;$N|1$LwQ?oP-%PRYzx|&844v)Vq*>u=Mg!oS=FGHHj)G z?d*1Y`9xVxK4;w~YYfwGSo2Yk^yT~NcE!)P8Rhx7@VBT_cxEI;?ygA_@J|&Tzy}wA>Cd@7l~@>%rTB^YZ5Jq<0{3RuN;X# zaxp7I?5Nj}5&)k4gbBR>cuB6h54%xiqa>WmOWlHF-Y9d03aXpo){IlKJ(JTxR(63mJwNox6tp6Y zMLz#izWsY~8v&kwWZ%z;0IQ|)P6g~&s;oC6!OeVM-3l*mSc2j<18MuA%?(+y!%yq` z9rsTp2^-1k2oz3I|d}T8cKw3_fO)%jrdA z=Fsn_BNxPud5MP-B?r${p+9<5kknUH4H|qZG(Nl$q5*(8%Z<1COp*usz0#&%*@+d$ z1jHhajKb52lpoM);%~w>1O_~5D!x8q6*$nWnQ#KS^%WlhC819|>{9_XU&kYW$HKx9}% zR`@Df2eG<8YGu#)b_2~9m*$JtHWPZSXsuz=2dpHl<$T>kfctJCuoPjS9aC_Z(JbAb%)AR52kfB+MrC7jOOtdHO&bME62{l}& zIceB*U%24Je!1&XfaZ<2RRfW~%2pywvS**q@}JrpbTl4+d05WrOvGMVVDfcBGD6{~ zPRm$`&6}z8%it4&WzEY1i|v6{QVN~+BV3(Eg6EHibVZ1e(9Uct@i^lX4Waa(L71XkFT(gE|L2pw^Et`^JPmfa-!n_{EoUUKx zzuNnn9W_$s3w);JPDw6ZmyX4n|j2_vyFMW(vQ%4qu^*SL-30jWdkSyj}WaHmb} zqwAmcf-U{ngUy?EbGu!i<-|9o$^G73dS(M7Gjy*S%qIDqd-gv-_Y{iGkf9in*vfUR z{MyM|9k0D{Rt*2zEOS%Ldp51FNzr;6wr4YbN6vjySwglrGyO(k=rKQ$EGBC?3$<5TgZ?UC|iQD)pHyE8;ZijPFuE={vF4zTdWH8A?Wj*yE*Hw zW(*lJIkO5>m`TASZ;#=nki)|FjK;o>+rPd0FAa7CBu1fIergX{{vY1H1RQl z{^%K{e9HTbj0{el*LYttzr<~v-`W0IA^Ac6gfy27Iqu#%B83Uym@~S9)NXgR1Q#Hn zEr^AzvlK*gsbc`h_qJ1P_MPEuR#ze8_Ku2s;Sl1xY^Kbli2pp(Jhh(v0>{;2Y1eJ# zP3<(i$r?t((cf$}7mKE0wE;qzwp5Z4C~goG)PJ;2FbK=I_YOT!jgKJIridd?we(!j^rP|j#Hm=#5ufIVBRRM331cxK`9H&X=W*I74 z$K0#-&-Tp1eHlMkTD3TB?s>*h)q4zxYQuLte+t?w-^{5V$72tZK=PbI$ZH}s{z3a5uJthR<^=-0B zUd9yD`FCd5@)CC5PD%${Ie?c{LzYCWtYfS9NhK|<_B$f3-8(0t0ZjFl>lG%mJBH&G zX_kD5ed!fT_tU$QCVx<12&i76rJ<_Bc4vU`rVIXf(cN|tvk1vRYQAEqUvOUZiry)# zimj12^vo7q7vHY%x^a_<_-eX6BJb9`3|@3I$TvDBZK;*9Z1Ig*4mjJ%YA2OjfcwJ3 z#wJj;R2 z=EYFu5D&{mcT|B#todt)i%Kz= zZUjcqLA%WLr%Q?(++vbU)Kb|<0d3rlY?{-ZYidxfhN4O7?rO|1+hwcO;(VisE2D{_ zcZk~=AQ+u&v$CM~Op+0)6b@22aoN*k6}ZW0@9I7>ypAWGX|Xyf*b3LAtLs#a z8|hfFGC7;t2g8V=qLUJ(-)u&VD;MhqD$@=87j;V`nzxO9|3FoR2?kd#@os>B!2E0> zlA2-A_Lo;CS4(joL%T(glgdq=Mdobl>Me;aqmjDu!m!<-N`JK=k9P;4hLXlYK3lg7 z&)<`k3&$2ng}O?qY&;lA@S#1{v1w1JAZv^w{n0Sqt#&>Lw zd@c=D31~N!KPjAioY%6(cr4-+bDh$X#Z(Dx-1)G?3ptatD*NVzoO~M4eaPE44Mv+J z=I)@FE;_rJ4hk_{$l9dl+C{6`5~dbVU4qqw|GZahRot}7Y)m#3VSZ5_vf#PVg+Te3 z99W*Cs>9Agrc*g0Ac<3xmVr7JC*^GmAwb7u>g-PLx-o0iUJ{B~uI^h*9^&mt9&{F5 zC(d^Ox2<7;w>+y}mV~;S<~kRl8z%}L9W6UAxINmuboK|;W|_21)MZu+s(ekR?(9A| zCk5>kmo-|eML<5dPVDMm>{)%{62Y`qiIE)JI@ymMK?E_>b>s#FF|=o4b~zSpIYhgkd7b*S7ejY95zX+i`UC=j;{zyEO~? zcLa4dAF}SBz%Vz}46m6*^(F@0OoRw*gdxh3AXupeIqU_GLpAed<*_v z9`Sp8rKdL&@OIQ-?7}+>%%wYMU8Qv)x%N;*R%R~uD0i(=2d)L*M0fd(xp*zn>%r0W zmK-uRf4e*mjV101#ZL<%AEf2hx5B4oXGhBOpp^#F&ZYiP`J$rxuS_*(NcT9zvaw#7 z;OMoptp^5th4{-3Jup(%lJL8d&CEFsNh=bN%iPX_!BBG$&~9alM7~_oiAcemxt?56 zW9?Q+)#7Q0t*=~+JHx(8%Z!a)_=nm~Qri(!J{nw8U)v5ve3i=#&kChl^Q}9QO)<|d z@d3i&S5Q>&WG%Q8b}Mj9v&D4q)I?&`sNS_Bn{KJn44w%)n)cIUtGj9ZY1COVhgdw0 zj0+lhEQou&cbb97TYq}%C#xmfUx?oOQ?kE)*Mc&tfrP<=1Xl7_RFDvNJuu>?&`|XS zqRZ&Qa}Fjo8)BVNU3)bXQI4rzYT7fZ3_4wbhV5q817FC)BlarO8H6?GDPmAgJng(qvJAzWF*bb=nTmm}I zw$12g0udLLfp9(ePtTMz$wipq0Jw-@;^4H><{4&MDca}INsRVUo0W9Ij$?v8chWb4 zHyoV767q`g;k3FE@+?|3AN1onpi0=U#PVr)MP5l45UP|8*%><(Te_+6Je4NX*UqJQ zWI@7_kwl@7w=q>oZ)fKa8HKC#Ve}hL9{sO0iI)aenN9*Pe&2V%*Y3KG9@Smf}trjV;++ld%F5Q0YG6EU+9 zS+EhYQTY&?sw>Izkdx9-JJ`SCET<}_dZ0~03vMKAkb2wS%!B7d^I)1t1At8)25|PJ$pUn~l_;iZ4PxP$Didqqwo;V6rxI1#8K;M#@Tp?lQx(r zklUr#kx{zMqpSMuJjHIqtp<^jK{P^MlF2yjrQrm9;;Q2=^wgRf@1RP2pES!vYy038wqzZ_l@Q9;u zqH|uVU=z|P+W+#lf4%m36&f`VLqu4BrNU21xKqQUxJI9o`t3DEDwtYRm`!nqQ_8zX zto&IbdD%mUymyqFB^(Wk0BUMW14TUS1kQB&$ap7594x#vLY$!i&fd2b_a-&_mq#CQ zw5dHritvl5IORFGrz!uiePO`X{Ig?cs?JWO8JDhzlkpYsik?%71FEX8NJ~e@j4MS# z8}t6x^cOo3+5%lwj)rq>P86a3Ydq?6EDLr5a(x~=Wu>P|R21riVr-)CD{zL?sIljj zX|$PkUURaiDNEtU^PFoJk8+phGHVwkswz1|bz{24uTtK!iS08&XcAk9B&O@IxMIsRrekD#- zW+^+iT*Zex4;_Rx`1zI62b~!xH39dFfrv2G+`Q&}G&Loq;ro6nZ#IoSoEK63SR#1$ zRT}Oyqn*f^&GGa_`1tSVH~EtyW2Ew``lnRvV*Gd1YwGDxj>vR_VhvFXS>W_HesDQ@F>DpipD^`hN0s_uk;v;4HDjB9f<}CJ_=+B2i>vPEBrW#+kZ^R-ESI z%owVXicD|7is7flPRAusoQ|iAQR<=k9N8zP^abji&SP#*b^o;AKNPfCj|lXYiXYJy zYdwgG;h%oe$9|NiT&}gP6fep}=qk%Ox&i3Rl`q$OjeWna2BUC4;?q(+O$XrRDNYZl z5o@rsWF-zbP#ygVl2t4xrooX289i;{y78QQZ&esMd>a=oP0)8F>a#=zRB^v7K_|(+Q)l{iODyDQiS~l7t zH3uT12J;>ZgC6WO!k9=RTxADFsz!4_jEH@tJSR%Unv<65I}UZ6a1x<`B4YyfbQCUg z25vbXHI@O75e|_y%`jJw6F(4Gjt{ucguX7-rY$7Vj>InUwsH~@!G7>NQsenH`_nvZ zKcEP`TTgRjA7O%uk^|nRkFbGQI_ZG&Y7ZXupuPwZUS!629ES$h?k^`XW|CCSj9k{lsW^=u!Z(??8bbmJSDR_`8p3lWI5T>H>$+`O0={^Z=2Y$dG6i+*h(sw zn2;l#{f$Q27v*B2<}X9)sY-@}A`rq?<%!%2znp-~DY|dIH{0jRPnSLP94jhvFB&N* zZ5fs9v>NFjchuT!vh_%wbN=92=n5T&6vDRVq1U+sT9Y{jb06S{R|vLUhP8PlX8TSY zI@^6V;w=t)TD7B=i)c-p%UV1FRUPgc1)?EwDec(_A@`eDkdH-cm_hr%n&o-TB6Sxasi)LIC6M?g|o=>9n~-@69Yg_iN@CP9(Mv5;khnoq7S|E}e1FYZmZM}XoarcS+)jntxwrb1h|awLal-A7(T1yfh%Ywf^~HbULXL~_yG{ItHvJ#KIJ|B*R~r z4MN>RZ7Cp!ocvV+f~QNzA_GQ_$}h~$Ac-zN;wxKnW4qjbCxtpEw@oqMy&5wx^KB@T zL6-4ZmDk-)89+N<>D9iaMx?k*7NU|vtH|> z61SD;%-DK#$qDbI=RBqm({y=;m^mE-!}l!ZKpdCVFV6)7K`TQ!URoFOWOI#7%Y2r+ zW4ag}d)yWqguW2$Ypa zwe71hxL}}#JE&f>*+kMR#{F)>Ex#eCt+WtmBWImBY_N|gEDID7y$g{v@$%>%eW{J^ z2wm@}uwF{dJQE3Q?%$PhAYn%(&u*`+7Yj!CYRMTXtebYvNIZmN_Dw%@mtOFq_u;js z=a716rDvUIH!qa6D9Oya9)k(C*+{I`Ii9(@>%IFr3&Bh(FnQJgR`5DexSF!|xSYJ} zy5Y5&K(zf#vc0JX?IKuR`K;V6ZfSY~ zE`QV2yHy9Zck4=WKzOjE%MqfHmrA7s#PDEp3y-CS=Xk(otmM=H>EFn zmaM!wd4&bNR`c60-93~YyR|_ntyBV_S670Ys69OpYg_1PV_4>uTiXSPo~MlI81x;) zwzFt@9DZ)sme?w+O4%+?7f_P+f`YRz(wL zK}rvUL=M}4%mxDk9)n+Ai^xGd_P&};Cr8ZJ8!hb4p>{M|R7^o~i`ods+5Pa?!1B|% ztg%4eyZOda(ashR3QRd#J6p3k6uvmzfw-o_To#IkGTbhJ%G_%&c1@wzm=S0z5+gm; zf4fL>u`=fnnmjc&feSpb=JT!nDdt&5qDKb0X`HeSVOR};Z$6(}n^HDAE_0U?0A-6u z$pF5a^ya&kTXd zvp0#W-D2LNmnP7c?`JPpcf}{>2(pA;m zfx)+vH#4zC#&AA=e&jfr9mi=TB_SM`g110Q!G)J`Dr z0}Qo5dGuex%_#;0)r{hjM4lI~R1IR|)Ri*Q(!Nx`rQ`CX(J}6GXmHQ&@fS33h>>C# z!i~hsONomI5iO4Xjz@)sU+2{B(}J3+)-auADepudE?PtUKLyvj`F4Vb?)rUjH*Kf z^S%YtoR<&1*C5Bcm zF7qRc^ra?qWv8R#9gvDD$%TH%w*TfF3#6q<7(|&ix$it$Uin8KW9hmwU$Qn1^@~8i z%M)Zx(qj{x?Hp(hjJb*rzI3grdM{wTvvy?o5}iapp9F%i-!`_e@#)@rT93C^RG!v! zbRRah3s}^$0@ZA^On(LqFn78$9#t;hEE|e#4Q301YW&)4fyy&Bu9cJRAB6cl6{ed3 zy>E`Hk>%l4jw>gw`Mc>5SH^NEGQj!RC@gpU6gEDwM4eg1du7|`(+p7RU59Rm93utB zF*+ylw+UyEwgtX=c-1)EtLib*1dQtyU1DXDK=kdG`9_Ku! zlk|PA6tevxZ*8#=DO|mwAk#HyG52F8kj_!?s;ieS-5Pm0MF;)l#)%%RA5PTAlU@ zb6FV`Q2qFKmPPMFD4BTD&1tQ5n^*l@xZ_03RYJbb^fJd53iQI?-E6FC8}%3rYA?;d zT$vB-L!P5*$5|$)N|&3Q9L-)Lbi~ibef>}C*ya4;BVv~?rk#vEtsTv}!^aL{ksh5@ zR?SJ$v*w30jM=p*8QCk1p_{Fwwo9z1Oc8x`h+W98`{ge5K;R)nVIlmh^Wwz0^*|M> zKCJk#_T;SXMD4~k%;R>r6Q$CA$B^Ro0fx4!#UNe0=D;4+T(|DPW3yJ&-z0@KxX0>Z z7d{p78Cfm_WZ(F7Rn5Jwn;9qZC(RW|N( zmMHpF!D(eju67mcoRcp4?dt;rL z-12zxv&mWBRikGB+;_IEyxYUNbLH63H)ZBwD70*eZv$~3?$cbkES9!lIE3y>)qy?fD=k;z8DG)z+4jwsvRPI_7a=*>fwGJ2|*As4s zlFcq0iCM3J+qV%bt{o|JsP;3IYtYtqXzp@>bE3gYBk}8~N5oO7kMKRznT2vj!Nt7# zJ(0@kicvJ_Kzw5Q)Ko>G%E4%9x^lA0uk2vOkDP>x?>E;cC;z*Wn8K$ZB*4>r-Glv_ zN)tOqISS_i_ala+kx!HAY?M!oJ}N@7aq+p|$6)bCam^j^^f);d=)Od9rbae?#wD0h zUDJM?ni>;D<(3|)L`+XeWUnYzj;9&J*{WWcGX8SGyO^>9SBM73|Ij`S3s1zKC*jC@ z(oaH)TFogf^8QEk1{{1!tMZW;Y#bE>dhG%1EsjbdY7QEeC~gwxOKp1XEyIsc#VE=I z_Afh5ibXqL71gn+r&ZT}5aK9u$8Zv`@zJORbCR%)e&W$2)*vSiQ^KcFvHp}CJFP*f zDf|jcxK;f=W-lspM}_YN$r zz$c8pj|_!N)8prfF%S~+B&7575Ai(Zv^L(x!Qp!To#>S`4Ue5&4DnO_9xOHWBOZKw zVj3a9^FP>)0DWR^3U!_@Tz*7P?d+oPaoCvIhVCN}i4)Nd!(o6_0Mw8sCRd*M<&Fz6 zphxi|4-Jl#Qu>p=9vnP+LQ;Cdr*?o(irD&t2{`2O<^Vzq11ub(*Qq%7^UkA>g+s$a zuHUy)@tqkXo73*CKIq{OyEMBf0^?O?MPciY(X#LR z*>#xSma-R+$14$vy0X6~;QW-~=+N_NNKv1TEEYH8D?1D2g*F}08{sJFyx)=WDmY1g zJLWk+hGfFBuj!N8*`#r6(YzntViN?B_Iy{*9_LnSb0Vde!g|L2fSGc~PKqIs+=pJM z0n1;SIg1b)Gi^YHE5x0r8}}w5!;n`bI82EuAwioKcSdbXL^zToSTRlG;c&E6I)PKq z0D+4`Pal?-jZVi~YzlyK+M7WY9uj*NF&8Xl9>C^KwBiHpkL1jx?^TXm!njk_qH&19 zQY;yU2^=(iG`#5}m|OM?T!S<-bc#MOCPA4eJ23%j7ip*&B{U7Tm-a*!Zmlm?!eFrN z#b;H~Ah_R&$;i@illGaG!WjI|%y+$MjKrIR@rSQ4Gvimf6PWAkneP-Vk{7;mj9mh9 zekmWaS1%WQLOwLSZL)r@$E_=tC^!)w%Z82}FeSx?j~hUxf%dp21LnD-=aI~cg|U5vA znM8UnBQJUDtkECts#+FLLS!JbcW4DUBPgcB6spyQXz!XpflRW3Ppg>h6^eFur<-TT z-Ku?0z_2>`nc3KONbApAhN3hBgTsuKB2Q6-oZ4W3NA5vZXUGBsSpXt?R*0GLxI#5k z&FhK2x~P-T(^d9Gl#NyU>b)+9g#g97Oy!#;Y*bX-H__r##{yRRv+u;&LAoovR9X~HRE^0HalZxu;n2Ic`r#ikhk1qO-wD(Jx z*m#9#39iX5$~2oOC*69@9Vvt+0T=yhJ9qsB7u_GXTQ0+Gy?|#Df&IQ6;JP$N#$BIX zpRXWP$AG9DeD?Qy9SVs51k_ZLRbj<=b{llZm2bjQ_{d1YSK`ES>boUHoLtepHIrs6s;tE~8KgelX3w8S!8AL={5DJUbh{I$LL zt7w;*%uo0BcDePWuwXMr!L{Cz{@DR97616y);Z_S$wRk|7Lc*6j2T+a7@Z_^p?6mx zx)9pc5;J1@H~%n+cqxE2WzkRYQe4}3PSRQhu@pZUL>D?sYcNdPXYEYj!S4viaiC&5T6&Dm~-xpZpvS_XwzO^VFImksAaTGs_vpi)7pnhK>7q zBvV2wWp>>_N&5y+CZ>jCuj1w4>dQuyONxQ*)zt*@qDCBP8*+(;EW)9+f})p;Zq4I} z%g4rDKI3{x`|!E*S(wc6l=>`cNzkNS%32Xvw-5D|x!nSDGj=b)=iZe<%jSnJs*h%uJKIz*?sxj075g5oTg&d_Te-i{7yJ*4 z+R09Wz2q>W$Zx~^%oJ1E?%8d7L&tM;>d z@6z{SgMY1D(RMlO#b|lr?+cfpx3T9Ve>~xpyI&oNFhhu+En!KBu<((U za*uFKxl2SE-+`g{*cBRXxpX_8b$4`^6O2ibJj}bPxd4W!^j9op39?nZc|eX8Gnz|P z2MztX4oaBw_!be;S>XEaVBe$j>B8DO#tCz(G2z0+jDz}%5+|#ht#||0MkWbI zW-Woqzlkk^hSU2pnGptoi_6wB%PMWlMPYRvHuvv%e|MQTPwLgJnf?c{G*B|4aYSF`pMl$G`dx5hMO<^+Ws449--osMuR^8Lz8; zc2Pw_oBHk6z5LIguRJ|@+jL)%dzaUa*Y>+V*_h9Eeb0gj32A-&%G>h# zBmRs;wUx1^=^CYL0r?*Oe>&PZhl`vzxx-ntODAw)ELH@@HSi%kp=v9=_^+G#UVZkefRe{Pz#&~@=e`}nAy*3HW78admmiZ0tQ(Kt~v`ZdQ) zT*Fkpmzcb+ZKdzo%INXcRxWc?*?HG^kzSu#R@;}+-CDZ3u^-wWT5FVQOMf#Rz5Vuo zozd4R+Pklxt)nl`P2=oe*8ggIeeOBFEpK~`xb54uGwL-}O}$i8O|=>|o3pDn+O_&| z<}F>X{>B{Xne(Y}qh+(I-L);xZ{FO*=Qi9o+(k=sT-LR9bM&@PYh6S(XEt9=-(5{M zT-LvhT%+}KOj|u$r>K~%7aA^Oo}IdXt!2EoZ<&kz5ZnGP_l|WfSEJ!tZRcuhZTfb* z<-fbRvM+wOTWrH^+tszc41V_Qc3eLF?u+y>(?tgUv+f+smOMiajg13QIXAUp<29u_2#xP zx^?`G*4X%*o{gt`5r3a%T(e~czaPJ%sY*TdW$4OwxZJ01_pgSp`l37u{Mz`A>OUj? zYioa9jG2ne%XTCF#kQQ?*41&Zrk}s+|8DHNXX96hytWjC-9~7OS9;s+a&}vP>~70hvG1DO&wMS~vD+!8oiA%W7f(dqNDwYQPF;qHE_x8C1K(|$V*7qjuAAtxF#e$>6K zjt$pVE@ms*d9-Z1Txr_kW^_|NM#M%mUdz*DTR!`Zm`%A2nbUsX*LKl=+7(s(+fq$? zPk*~yZ=H(O9M3o-JZsccw~P^uBm8yG$0$uvUE4y{(c3kn(r;e&sGQTz*)St!H}z$m zN;%D4?NqIL?iv0n)Z|^(`>%T1$M~1W=Kh(+uJU!WZTVfszAbep*?8$AR)?VNRWuj1dOGEx#(w0__>|S&Ae;T%Cvr|Y~KYh z5~joRX$?^5Lxu~E1|f^ZV>dEFRJiB>QsK?6yY;ylYPw7qR5BVB1gK;*Dk>R`3K3_O zj7G(DS(Qo!GpSd9E_%7}N5J4=4;cn3AZR`()}S#!;!(Ttcu z8xJlMKo*V;4>o9IfF6KQ@XyyLCI;gX0;x|2BXKen1tH^s;z$;a4kbWH877yBGhIHC zgh{3&gQC+3ai$H+bYxOU9s=M8qb==Dds!<|1#{Acy*m=4f&)kj4HcTfgv!Q-2c5Cm z*oeTv00PK=UNjFhh_Jvw#e_3)Hz9)w)j0SN93Gde@se~ThwxnS)MFOm$k0aI#n)}oiG|=0*JI&JQEKK8Yeb5FoXsv z!GVP7LIyQ59L1HJ*;#w3XOmGDmP$sGz@juDkByo*LY7KKV;Ydhh5#Cn$EJh^PLLZiDBz(B=Ag2=+Iw(L~A_kX_ zj*g3zHb@>U9SImFp$SNc$n#)>!imj>1gfC1puwO~;c#IhdN8GUa6+R&gA2-@uWoN% zRECCz1_aW8KpGHesvLWzr~Jxde(8e->jHuz!zINBqyna*ARbQ!4-FR>1%nSAKrGUK z#-y2GXh5J&Wr7DnC<258xp*+S*swV4M+y}lp+W=?O^2nUxk#Q44Gai0(GENptHX5f zsVHLjz;J;=!v)5Y35BE*pXnlXG#W5aU?5^yFwtrFFkLPuE=+(@XeuF2D5pZkBUvUJ zAqp869wJU)Kv2L9zI#rJ%?alq2M9=i2V@%>2_sDs12l0m8=T2<4szKJ3LTmZ3>G{Q zCPZiuAPhRh@d_Y18t_JfiU}q(Fm3^XfRF*%NSIIn$&LyQIwXB$KAs7K$%YOaKpiN2 zkR+gga5Oj+Cngss)S)Aq;OVJ?r6Yp{ z4WBL|ghx7IL1Q6f6C(7n*aXBNq_HY|U_6%y6e^v`2M8QIB04S&IBc+q3!BMf8W3n= z2~D8m%KkJ}bi!bI@p)fvA?7dhZjyFt3#RX~8Yoow@UfwD0tOHpIvP@cPCzLrT!z)b zXq=#gK9fbVU@)JedcLxtFda30GJry#$uhwJ31vW2#*)!=Jd?@7kvN~}qq8vyd2}k$ zM56-+XPRt$I%X(Ppddhr5|$DrG@6Wx&ZY!Li4qtXB}$YiAz74z3k;Nn)k|?s>|aDd@}v3NY=!bgaK2ZRS6A#@^XJctltA%uva z943x~19aYN6$eOC1SnAgqeKZ#rh>uJIs4R~e33Rk1V;x37(O&K@&ST6Hk#>la0eQu zjNthoVQn%20%wRmA5UInXoS$v0kScX(coY`4SeIVa9lhlmeACH5pA&Nf#=!dgozD% zLORi@IKYTNQQ2IwFVbalF^|Xe@q|E~jt2dJL&S$(q>00X!G#8A*+~ zlaLhZd^S275t|AW8c4XXz!xs};UDXQ)A2zN&3-JQ38Mo?qm!2u69y9}E_|?sjSZ1! z0|mxl;A9+xrjLhzWde0*`0#*ZspACD1&5DDKhO;+CYTQvJU$>3PNw3OisjbiczNHu z^@|rRw+^%G`74-PmexKL6dY8f3(^S;2usHXg^g*0!^1(az@hOFAe76-(vPpXx;7Ka zXfh!W1!BU54vN#+Y&sSN!jU!#(@`lp6-}oTQkO|ZW;3aO$Y@ML6URam$3hqcxZq5m zsRJ@VX(rER;-EOw#{dV=Ai(1X6?Q+YeUOFgr2vPVz3k?cc0Ih;Z!4pzM zfItBR!UCnkBPqCSED=eBvN}AH3JnO<0a+*H0r{MDK!%|Kd2Gy5$!HXGG#8FX1p_pN zBufU934JCDhGdCIB8s{a7ltw$CDPE2a)1Wpv5BmI%axdW_?b2&jN9z!sX|54 zgfbfhD1lL;gqohF(+Od8c>eO0Y)tE7F1dIWB=iB|LPdrBd^jf@Tud4V9W1EukjS9I z35y1e4@UZsaG^Pv2u&eA77h(GP+%@XKw)9MhX)_ Ba>6CQCS3K=F`Q1KcWIvX0851gE^fMJR>KuBP)p}?V% z5pi4&LmFj^$D^Uag9jVllZo60We8u`Z_*`7LfI=F+1BPSs!EkIopa>eRF~P!zhtOtYnS3G;37ATU({SH0<-*q?V&R*u29%e!Sfkbns~@b!^efd2^vg5$iTp3Vm*}%9w$05 zkYJ$!1&*vtn9BnMaSiKh!Ucp185uei{z$PwI~p{wAbGG<(!#)l1djv{p#{2sAW>Ko zy`dc{7A%_$5J%%eqNSpj2Pi&1@B>YSiwzJTLSTkP0{L(-h=ZS?*e`YPOxS>sQNbM? zkIaR}=R;#6#Nk5cfrCp25dRA;(&7#dg#GyNfnef-0%SRnVi|l?C`=O#k!EA9WO<%0 z+@%1K0Rhs%0}2cp9}+UAj0NIRM3!si=575Pl z3?STEsaX6b6i6X4Xtcx1WLz?ILNH(nWVxh}Fjy>?|MLnQ8eFt$8e~vNP~oA01EfQT ziG&M{6C4^;8ZV$tg-j0<9tY8|nJyEOf=5C-hz5VS@Bxz(GlPH0J22RPsL;@vWOQ8M z@If5w1OS0d9VIYIlmLND z9ULZDxDSRJf8;KoEpGjV|QM1zg#a^X+`A#);yhYW)cQ3wwUJVDry*(fT5 z%LND&7%WcMOn|VVgW;GY=Ydx$WTp!pOXlMvd(g|5qIOynq)1kr_4NPbz4;pN8!vP9ub6FQWfJ7jwm_QCDjg1TmlN6Z-APhQ0 za5@>4iw_DANb*c9p{a8M!-e~3eQ@ZQ;2@chFt}lTa4ditICv0eVhK$sG81ly$j~u? z!UK?m&PRhL<0OCp!C^v^>DX8}4joWvD1)GoVIz95VZjoAL4qgK!Nf+V6MEob0t3&7 ziw7z!6QmCsA~+#BU3#)4>Ah(~%d9Mo2RmI1x^OeAvK2Lo7 zK#xb~voW!Mgr?4fK}SUc5T8qQ!eirdH5_;}_;i7zHB_V!2(vg`@Qew?N9TbC6qzXW zz(Qs-1I5KAvuQ=|PQ2Sl(k#);1Y;Y3&_+G9b)MMwk$44sd~;z2<#jp71-NQjIuK|=)x4l)oCLWOjxsJL`G z9?;|?eSD;kjI`OPcz`CBj`Xp+AR*6Yns8Vo%j6?{Xix|q6GVJGcqmvdDpb(8Udwc**?>Geo{k37`CKd$DRY@N7Cyn*Y&x9=;Sk#J08?SJ@gT*0P@#F?k$|z* zq>|B0J`#$}Cxe+(GMZ`A;n0LEAP`Uo58X^0d~~J`3{nIOA3~2JZn|vV0*EsXkcB*( z&c{>Y)6sM+9hZW^ZBA4=kW)a|V6Xw_LxqZe2=oEN<^u~37(CdZ4>)9SFcGo&s9b2+ zc&Gp&(%58Bp+WO_Lc;;FNh4W0nuQZh2GjX;OcM%@5T~>Gcyu^GG#Tl_$!zu}nM)`0 znLHs+$K!!9eL|p)2LqFta8PtE7?{kYbT!e^Bh0XwhBFk$!%rU{4fJhtkoc_MW9OdJ%Q$Y)ZK zLY&UW5)z>}3KaRl@nLNMae?B40!4;OhfAgb$7^(CXq*N~#Ns3lPy*!%BvmdDoCX9D z1(6L$DD&xTXr#yr1(6VF+Q?iYlE@|0*-R{<$r74293W80Gx?Yu>rvV1WJ);;zER_!im!mQ4ra9fI2J_N2JkQG9R6fCn6yc;Q&oInaU(0iBP1F zbiv42IManQc_s%MjfW>9!Oy*a)QCv-)+G^;x^N^leLU1Bb5V*xL_s9N$w-^YG<`x7 zQ0UX~NRv=z!!of@W+S2?5>XJDJ{}><6gptz)3FpDoQ#G5lBZ+g7@#CiCsLY8;z%Ls zLPS9%gD0{=K?LLz;!GHo3kHXXB$Bq!5`%I;xdeL(3Wwz*4S)cXNry*&Qn1nCi71F@ zJ|3QkghYuF7$r&wK!E~DK^iKUJeG*Z5|KnA9vd8q#0UiukmlnNkwh-jN77iP3#XF- zfu@fq#e){e3L+dK$rF)8KGQ}=BZVXjM&*J5(jX#05cH)AZRca4v1u;DSe(U2@`;UTIzWc z#3)E9WsD&N0001g00000000;P0{{*u!y-Z9_x`-B;hr+Zk&>69uZ~5Faxlk(rKSAq z*|gEf=r~oC4kH@w{m1RXkDFHub<&A2Ygmr*e#jla{Nnd6&8PKp-O4AS&?;c}`tNy2 z|70|0k9*PIJ$3j}EXg+8;Bm*G{htxgkav8;Q{#JQc6zRV66NXa1?6#!Zsi9&i4i*i z*}{M!#N8xI2+Jd}qE|lr|Cg@J1;O#zPp96p*Mt;1rDL(?c3-`K6Q$HI<7)|R6MWu0>UYrGTU+ATS6JeM z{%FH(e-Uth0{^dBd@}#Mc;54~fK6Y6&D^GHoS-E@F@g&IqE>2)a2}_N9!5oU7(mGK z>wiGdA`HmozWlPp_>T$Re)}8dJo!cEaSPH20gKQ7BMmK-H)ai#k1*A1Ta@P}f60{; zgfvDnOLi0D4_$$|v7Z~`VO72n9xxFiqdm?DG=-pl8qphoE{QX*Qfip9Ud2*G^>kEC zW4rMCnUT0SH%LbRHKb`Exd1*kMh88WL=j&zx)=X^B zVt%kFnyL8p!o`*PHNCbdew8m2DseE zugepc?4$jv%b!nA?DugxL;O!AcRj_*O;7)SnGcXCIPJVOeAcR4O_k_9XMdj@zqniN zHhyBj57xCCnRHQBbq(XoN)4|e(uY6&H=_M3T{7da6}Xyd(RbA0s?pNy3-`qnR15g# z8m3gG>Y$-Odx%@$XV#CD-pB+BlfvZ|)3JS7bKdwHysVs=z)zSnu16Ajs99aMKtZK{ zuHidcQSjnABKz&02u;@u<@wFr*MabP3Yb9r_ckhTuN~r!<{}$6GXiN>_Lh+*+D(Q` z8jJo%SE>pf*==yJtjjB{X6koIR^4qy@1|RI-4*@Pt2O89B6;B*xR=@F?ogI+^eI*g zXAQO8G&(?aFVvl-c)+ZMRn~>Op$=VtMXMFuN+-l45Bacg#c>c=5f)t~xVhU{@@)_Z=z!XY3wKvMig%&yfX;thkXHPIQ}Y>rVecCB z+en=(&0+Y-**6nA6J0l+V@rxdByXXaxk1~gXQ~o`awaWgNIz?^m>)dXw2X@JLJ$mt zmaSt+KgMT}o0i%_YW&mVa$U>W#WNyhM_pv=GzM}^tdN{3w*|5SJOCY=(0Th%Wn=@V zw1I_LsS6UoDQ<@Y ziHVCpKI|ZVowIKTFIA*;5wt&LQkHTC)(+>6vXFBz8)sd-3J?(YEkON$c{%ip9rV+JIIt_lqk6)qXX_3JRsglO{utvnDxAonKA4iy<1Qs+n{^@_ zcJSc3vNenHMqh;YUQIu&%eV!9ZD}5n4`L(TWbq99 zkxO1aPDk3n1wV^01$+?_S#m{l7`fEk_>8i*CD=p#E25d{bICoYne!F^n9Du*U3uJ_ z4}c0oU#NGVUkW1VPt`HYMbEvjK(4~F=7vesC&SOTw3C@c;-E^QqZm9!aUWv~M&_Pu z5#Sc@xw_*~jE~-b#ZQLd%-l3HR!twgxs;H;F|@r&i_4G^3UJMcMgOB^F8UY^BLi4h z6IhlS7f>WwdLT=5iaO(nkBap$ch)QX6&cQeiQm>#a|k8p*Trbr&f^b=iMr5QU{t%o zhYFYck|*X4kHM+TAC(a%ScU%_?}AE1g-n2H0k3?qYJzrufw#RZ|4MB(n>Kk8C&HDG zbq+S^K-890iRNL|e?2aOD#Re85~5vA#PP^PuNt_1Ked{*-Oy^UrmtZoIf{a-@%^q} zzHY(32yx>+B{Iyly7rva8p)+WAl2}i(y9{Y1ZW*<1`0)_Q8NNP1CDn|cNI}5*oJgl z<%%|T_}XEADI3B9i>S<_+xS6U-=d)L@ zDjKr7AKUzZu3e|-AgPA9t_79UNRFN7$92kxxuB(UfkI{41!}g*$;#F&& z>fU>cxoOJ?`B$x-IeO zf*-JdUz7{Q8Frd=Nu#4#8y1wfFehQxITzJb>=*5Vpl3i#myQlc7{=mC7cM$Cxw=gC zbgnUV&92Ld8x>rc#M#=G4up`6=Io;pD5dJ%zU7=A1}DWvc-R;_YXU_wytpv5jHkKUJPaC3aFfyxW4P2DDqpF6LC%}#F^Jfr-O=QK zA^{C-QGc+WBHh9=T0Np`%ZWzze|(9vkUo-IygHFe&tq$R<2n8K>$m!$e%0ie~smz?y#OV9GDZM7x@oxxtULBfx(_dAPW*xqvogA^OjbDJ#Fs<*KJ zuf`{h37IuhLIma)5YGbE6w>a{7LC+OJ>Wi>;)6!~Wyy$Sg@CHukL(%1f~b$~;Vxfp zgzW~|DJASB>&Dzo4CHNIEk`9?m zkyJ1q081ayA9$VkiS{vRhGLhNf$Dp+n9CxKSyY1aVJyGOeIatsh0;K9E|Gx6kz9&H z_f&=D6@B(aNL|7#TLUP9hJTgZFP`Q7Mb8U$bsvGcNJgdSjTbdVJnT$=XUF>jLQszoMVjJ)T#hF519;}wuiN= zgjxr0Eu^7*Vu?L`-`xW2Q07M|haLMzu?azD5S!~Bl%v7vYF=H{c1?YLW_?|6lq2w_ zDiZP`WNN$90}iJTUWhn<)U!hzS^$PZ>1^9z$YZYb^AQ80w@!K`Our!vMO;YJVU8{4 ziK3%Gmy`tRFCIN!Dq_jOD9@(^v^Z3LgTY!5C&Do5_>oiO=p@GYU^|>*6)J z(c&ye2E;TdpYMsCpJg3IHaMmKxhwncDE0@HlfoO@G%`XB5aoVC#vwr~=P_r7zH-sVN)cYUs3TGo&Qi*m(Y614Ai3=Pz_v$=!y1`JS! zm?ahrLkFu+J;@AzYP03%@g>O5W`P)8Oj5n%5ll3f!fR+y9zf>yK_!ApgeGY)NDb#aGn1Rz)+$ZxvFrtAli?I(%N2c!r^FGpXW68AhXx<*4z%06wmX(J20X5RyL~V{OjY-Co+O4#$G@)hLoTA} zv#oiWLFC0tq&ymM!5PGCDX#mHPzaW2jS>p?I)z@l!$O`_un@&W>4O(+J{BBd3NRyK zl!AbHFxOtk98s_sD8k7=-4h|Q<>v|wCezzY3w3wv*04Bpv?*lS+k`B4*{TKwF59AVPswQ*z#v@%7u+bx`Xh|IauoY z%T~8D{k1Lf%NXd&_@DK=e%n5|w zPe@$n?LYI)PK}fMzvUfqZDh_4J7>@;%yRG@N0vQE&#*{&=7Y8IOXJZiP6!y>q+Moz zAaS{`cw;`dP7FUAbTH_+$U}w|CMJ#mA9`^TM4QXNr@m3Tf+KRKqqO17O#&?h_~T!= z>Q$T9DWIixg-~+M4`(N@UG>A!YP;yzZL;KVsjpn% zLOh>lVP{MOq08*3)s;b?LM6xr$lTq;edpRbq=%fu{ zi@P3jHy)5|D$z8nmC!UyPE;dcs%W8%^XPA9O^1Jq+CCiW=2y&`_BWERGc7?wC zvFhBaO-$KtzVMQE!|29pR>t_bT~?GGdPS+OkoHAxsYw(HvcVsTmvm9cD`y)}sk^Lg zj`P>;n>-)J$D)|o+l9lXu7Xc#=sAIcHjX-;vWNUZeLNS z!t=`5kc?!dwJKD8`96DpG8e7PVzXFoFk%JXA$4!l7S)^kJe#2j3%~H?It9}(i~x#v z?=;pxuHdAQori-?;COiB3+h&jqO@w8XMTjnf-|^EtD(i5&!YOVm!~cR_&`quc*oXv zo$yQ_JKIIBZ5yiiE7KN1$=S>%A;;hDWAk-n$gU1}EpOR~UVQg|V_JF^n-^2JR1Yk~ zBUrfI@krv&$lJUBrV^a}5j#*tX6N zq1Hf1LUVRk`3O8>BuQ;OA+$(Toe^qtR$d}g0hkf-=F*AlpdcCGIb(@IY$)Zz$-pAJ zF;v5XUt(n5k1Ha7NTHJ5MTu-k-+cneT~eG48>Vwlegh)}Q(#%pedh4oJcTUHPS<_< zp3aF-Z*-0vG%$Re`ABY|aPlbCeQ!iVMhhwq5DG9{QyUQ`o3X=M&O)^%mM0;+GU+5! zBp^TAgRsn8%IGqy)TKK|huEn8w5nF);LfJkQ-y?!aYylggCd&<`AjNDK?vO)8uMOf zq1Js>yD?Dpp8}az$)p2yX6C2H2sSJ40)g&G=lsIxebd5ugdQKf-U#G7%+ z@-C^YIT&7l24L2M%B2iIAwhG~pTTZtGA*+X`y*O(q8cAi<@E;NMkKAFdRQSaP*r7>Q~hC#5{A9G z3?!}q4R#E<7I$j1(Stx-hx`R)=zROSDc0I;f^;%}o;e?phyn0G@iMj%(ZDw(atCl{ zoDn7|)5<7pW>B4_Sx3&*5z)J*h;@eSCF<2(n*l{Mns1cTYCx!k5+I3gS|^>?`%>R1 z2dB{~Zj`>Vo8N>gj(s(xA)ok}P{NHuph?%@TH33nVOf0z{8MH5ZnJMP&M1bW;UwKS zGJ?#1-{d&JUR`>LxM`bekNQX&AhWb%^sp*1an?;=5qsU|jw}iFUHrpv!Nkaw?_yk6 zA%KL!M>Zfk4aS+K{~i*!CEnuzW8-m^5fnP)dRZ98{0Y7tVeQvN>rbbqrlQGC58pMalo`r5==!1x9eu zo7yO0>Goa+U1B^`;M1Cj}a9!TWqolVmQQq z+`LLXIzy*O4njGEr#ppKj>;SbTgo8)47UARnsBAf(0%!ZMSlXd@YOybAcpwNMro*k z_}G{^@xtPfA&FP>{gwCpRGJv+J~zC2*q0C12gGa#q38>cgYWY;_qGE1u=;{f3TU(% zVJ{7F*ka1&60jh;Mbtp+WeGk5Hfy(kGf-o_?83SY3#MBaNDM<_1hgu$PeK3A>zf&z z?98K!nl`m{(XV1P13;}bMXPFBEb_peA%=T7US=Varw#BbbMFxX;5!#Y2SQH~LsAYO9MHZ~( zC>bOwAWeYb>K*j1&$=>;(^f~kIzkl4iO{;m88vYEUDJ*~qlOtu8s8*%KuXFy72{Wy z)j)tU4<)*A-O7dMA287%kbRtgtc6o~v_^G`u3*W-Ba(S={B-xI#fm15Tol_**rq_T zXa=YNqc{Kk*%y2{EH>+4^394e&9w=wg_ib3-QdB&4T#swJBdrICX<~9iD_Nmph)0~ zO4$R1wgCdHAixfg%hiUc2bM<3zy=;o6flaBZHeYj@Hpq4THm+qfIJg_iKAL4g={Ag zgn>XO91Z8cwMvG&LI*NYlN~(fZk2b!FrH3aZSD6L6dwPw1dt}I1!a&X=V9QbnqFGM zfj%)AZL%}N2V>}qUc>$2%gw}@9z#um!uWmm3O)K{gIz zShH{&A{hwruM`)vtzIvG1=O$eBoKB5(H>;T;EVJ&m~TYbu)T$eivbGQD+$6%H`|=H zU27-EpdSgQ)A|68o7k&lfPKdM7L0r={8#KPugQnmu+v@F`c)d2c`JC1FM5++_ViH` zg8>=8Eb$=O`we&K%L9+(y0;#ANCBeQ37<|VP!CXk+xn(99hgsH>&~T z!~q!FTwE{nD|?IYP?wr?`Aa8c`G!vKB1a}+QWnafMZyaavv3rvbN?SkAz^EmA2DBB z_;4BT6AS(+Y%Wx*wUgn*_@)V z>1v#eTB>-5Cn2wYuDo@51{LMs!P{1OMv8$u_kQp^sTOi&&I>6eObpOM`9UZu|FX2R zG$WK@N7)vV#H?1({YI^+{12a&xC^Tu^6p`ovJZD7%2V*7vJ5?(jcqV=`IQj`Hfh=H zRc4LyV_S~;D)T&hLVkv(oV_>f)b%k}b|gep*@N69LSo~8OSE;}|V-^70a@wqMiAj*1Ec@;j$mp z#LJ9>j|KKpbI?ADgG1xw%7P}@OtF>{P1Lk@MRWHxq2OR)D z>)o5YxWu1-;?RAfa16Z+CorlTe;E5-T`&Pa_5q{(qxm!cp&i>)=YIhM6128ZEM;Jr zTz`SUg6Y8m$Ago_mwMs}Im@PzEDyUD1#S6l@ewX9v*ow-z#K=zR>q)#w`yUYdwOc3 z^dqcpUX_>!b(2Yg-O`=|D>pwj=Jb&rZ#w6M>TIQdzxXHvxx%nCic|D%_`c+_eI;|2 zQ*)+CE$@V)`1qt8CwTQoD!z${sdozKve zHw|rnccrh1;S8Ju4fYwwKR2wS!+50cdED6GmrGA02|tQ_+3JOub||(fR)_UD4dW}e z=bhk)&hwxDcIE@HBdrVx6#DSq9Iii?`C=*`v|;)=R4z{=;kd-%qzA4a` z^WmwcS>&{yf0M{!z|2Y~_S_{1sx|d^iEaHV2n(&4{l$B;WDcc#S-2z0065Jhz?6El zp1JC|+|J|fQgeZ(pc~`p%R^!`I=aWw3m-tPhi&^q+#@jU=0ru2mnfc|;&EbsW5A|C zy+jPpj!C$RXpOe~@KeU=M(Da^;M}3gmke;j0IE9RJc<+Cb*~$4KVAfU8+5&KWz~T! zVR0jXOLN3mKV+vUvL}^c2c2zWVuzw_4jB}*0M*_P0FjC|Z9#mTYKt78bF}m%@rm*` zoyVUb$_*#^x<7wZ4#ufK&rgDXIJ3rGE?T&l9E4YkBkkEpGaDpwPgVeJVad5ODA9jY za))5mRGh5Yp)XKeT2*IB>yZTg_RN24j#@aN8o;;SwgeABQhTegPc=^C8fp&`bWH{T zilqwLMv6jZME#yA-KkoDL>TqnVa(If34k%$DBqaHAWr{besu6op)d4*9v6`!f(>9q zdO|6}yfQbvIj+UqTxa@8nLAFdcqpDWKcBZAT<-Fm8SB#0aFx@p@|1d47}oO&%Jd1B zb;cAwhbFn05L9IKp9GYXP#4B`UOWm2wgALT$dUovb5YNvp{0fPak2OuuoIvGj)?NY z<)PF57e=}5ePM=8oWnSOYRt4aHh#bj_!19XkZFA&-WH`EqLIQQ3e8Bn(4t*l2xsD) z>n>T1QhEm6D#m#8^iYaAfM*GIej`a(4oL-p?_DJRi=fv9S_rSxPeq?@xq&7Vm?r2Q zEKaz0F?I=|h1!@2xh`sUF;og!mV7G%Wn{B?O8Z70a7dWq*eut7gBN67s$;_d;G)YI z#bH0k)^)~Vkuu}(q5fBEBBluy6{HLA=ky;!)QMfR#;0O8a5tt7IPS8E(AQ=^G^4NI zF%lqU?piA3J0A9qG4U_+@4vh>TtmO#gjF93S=StRG9^)LBKKcMvDjs+LIj0K#G54U z7^bYs>GZX=1FcYhs{qHBF$35E0S=8p@_G>5TJy-GTVwW!B)Kbq65!evNM;M1qD9Gi z&pu?6ckW0rl8rkI_11|$&bL9rF+|3PZD0ZO%@L#s9o+&*Zi_7B)N2tp9HM-sT+W zf-9&$ikExrVyc@eKo3GV|G3Kv+?jM`by$F~HHTsN^yZQ~AAI%jAt& zgsX8uOLl#t6k@qR!jH3q?x0@iS{?noWrdjZ9IUi|XG}?)u@-en(&EfS#bNppW7XBH zFjv3%RK&-n4y3}<40>nbFtPi25>t$&1lRM*-o;9=cB#@ zb7#zuC0VblEO^?5QdfEJT+I~(+%i=re!1?Pkwg^$hfRFrItx<^0-azPL=};p3H@I- z&q`i@xzTH0iDl=76V^)kOc)R;feZLRrF_J&mPU2a3QI)&X|$Z?B@$WK`XUNFpOrcd z-zG0```g?>L`f_HK2K@`fR9u@AGXAO?o}gNXfUv6F-$wx!^=`WD7Hu!$3#o3oES%3 z18elua8Zyv5-B5C{93h7o3;K&F~LAJ;63<%kvu^M1OUtpASSKAO~_?IuByb!mY9Z% z(~1dxJ$K~aOTplvhdrqA(-Vo&EK$_rWcH{wvh03{fQaEbS(v~Zz_wRZc6tx81i;YJ zcG{)xO#J33gQV}b(&r6TZltH|OIeg^+|M(MomuKt2B-=J?`28*3bMh%BTn=-v zq=Ow{0yD%cg3&wa!>4Oz)wts@0}p_GYiJJ+z^ij<0}KAp&T1A|`?O zfW(Z85y=zr2aNUz#*u}N2T(oaaxCMHnjNX1`WGYtd;(lh&0-krqoCXJN~(H({w$d?A)v-3&PA06RZPKh zY$Na830@w6EK&IXaIidRIsLAGBTIoONACd&FlyQEr1(LWTxrF{G^uzjn4lIJkydUH z2tila_vM23U~4TR)vLF0BlWNRt3k7%^(-iZJ+^4;5`92XIY{jy%iwPNRA0te_g}fR zXanLPE)3{zrQ<#Y-y8Onp%6w?$10gO%m>FS#c@G~m3E84PhPY}u^g#?!z;f=Yw1ym zJC13UBX%OeGo=N?fdiQr>zt60FY0ze^LdSGh`qFc9f}~N`9J4VFRQ||a(34bhT=lV z*F-~a+6sR_C|njD?jgUzc-eOEk`5zV>`93$86OM4FxSPFH~vJbYmM@kA5Ptd1gmc_ zsd8kObL5qM_GD!B?LokQrZ(czH(LDWLa7xh7+7@b&Z*9&H5&#S#g;#0?;hpPfr}YM zSsJ^UMo2N!{UbrxnlNh6fYaq#KUHMM+XIqhlL#mAvEM57uP_qOe~3z0!Q-C{s{HTz z0f63COl$e^J&Xt8*@&N7=Qb9G$2D+&p?(zeXu}vFH52l3;iq7KqKg!-$xCo{9<4jv zM;6F|b!Yc;l8v^cl4wMzjb$ysc7yD~mzHxayFdl8Fva&n38%?R_?3b!>68QGm#WO2L;r^H$ z5Z@3XdooEEk8(0?#});Z9n9l6vV%(a^z&Z!s3~FBzdL?O4qfJaOpFjvfR`C&rE&xw=%oEO>UeGCdNaRl+6+hyNcebNmgbfA!D-@_RRI zTA1@z62z#l&YK%~0=BY2;JcaY`BRUts`qMDX9L$0OpSqFf0Qr0;()lS2e4WQDiH~% z!@}4JWBODiFF8CuFqSuB3k+e)5B_r2CFj*MzZ7djv~2~8e!vd4d@v8L&OI|N-+a)h z9_gAD&^*yN?4btVoK~Jfq=b+ljnq4LolY*pNr^ImLK}d|+&P~?w83`e5P)EVAr8Yj z_#s$M<~kE3e+R)q>UL_xv0`sP^6L)^Q!5mA;!%tBp|EmAAi=S`K!6QkwW>coznDg% zc$Jl;=nn}dCZBA6D6L=zd1&J(28sL$$myqS_Ro=D6@dX-hnN>(WF%QY{Sj&1R^K1a z`n|(E%_E`ogZMGeC=d$x0XH9DVOcGJTS=0wR}4@Ze}z+{g@C9%FmFZT7PUh2rH(Pe z!naPhFYjkiykL-x4KB{koH0Tp(X00QE{6s_9-h_a4(n|jgyZr#PD?{1X6E0jfbwyA za0^;4pfH$UybmS7hDUfwB}~{&og)zESWyznNh`kgncik}F-^rC7QvJsSUi-W2%Obs zdg@sNe`EYt4sF+Xcnf1crd`6It|Dhx%XX3&+zJ5o$a2i4C@w-c0qRp8RjHUyEw?{j zb94)dE4oNi1~mrx=kNiSOE-`kb=>CRdKaHT$at|07?2aQMh~-wPC1fpZzww&Nzo~S zPX#JIod^RP2hucy@YgW_?(**0#%*Le_c!#qe;m=@X?7;qhy)r>CsqhV`D;gg7Eg;_ zt-od&H#hXJfrTSd5I?rU_6( zJ%VvoPloD<0`WkqS=3zPyryLZl4eEpEDcHCs8FM8gy>k-16Fs(`I9n!3jsfL(9Z@a zf6WHw?|dV)@QuS3X|A|A#kBUFn32B;b~0waYi55Sh~5hMQK}B)R&o;rUxX*S&jwcZ z=uj>W1--%S2MYcIMzpKRkb7Rv&Klv&XmOZseROCvW3o=Bv3^7YLfRIYSg-Na1)3;u zAe+2Z93cK>oa8;||IvW|u3J{r2`Mb zmm>iev#^aYrL4`Oq^wdUHhKYyO|V|b+!r#RWBp;x2%Ar9d@O>vI8_?o;d&tt{IXe~ zjFdxJ8|Y{0o1;mh3|5%aaEi4MDjO{GVNS&1*x;!{4xgoba1+%t&~s1J#7|Okf2d26 z{$~GXycdGw5Ae?IWLIn**j7bIQh`Ke=+PVw15zm>iew5ey#Qc9=3&4H($20@b^`-@ zCmm@ArAX>_lTwIJ4kbHM=4070& zB=o*Y7|Xgh#n5Zv8Fnmx4a4d#f6W3Ao*gRKx34PWYby#f{aFWU^;s-Z+!D9ebzsd{ zwY0b$A{KnFeCI@0pc-$Kwfpg%GvG!Rzdf#DK@hXE1+$=4Q(v^#6Qe_LqLYLFbP&S7 zI1Wn@qbTeMl*iAn6{<62qbgTO%7H_nC3iwErWNP_PQ<}aPu`4(yd=R3f8j%sRWB_1 zaqN|=072g?y&|=JujnN&!tG6A-kWVj z2rh6?1X!s;2lg~zDY}i~Z&&ERd=s(m8XP)k!-;%EZ%>;GGxAO)@&5Uf&d)1L;C@Vr7z4#6TwNLfZGHN+60F z!1~Y&*O7WV-;wu;?aoNh6ob@jM-14u>_kRHQY`kHxkV5pK`5NBs4466k)o%BKEy}! zXS2&01wwU`i{E#Q>bKX|DLa4%l-hk65DDj#sz}7j#CL}alBaNze-$`I8wMtZRx$qv zP}-$BKpPX%x$}a$)68WHlQg}+=8PoNwsBfR3C?>YA+-JrHlFOvlhTmFgQ=WT+iH;r z2@^sPKiZH=5acByi67}ucK`0!l&qrP~e~f%V%a(AQK|LJfq=WsQOzhP`!y z_*oiPi>YjFY>5*#e?{IoZgoUrSU~8uD)@%r_oWBxv@+__Gh(r8dLI(Uot(|VADnBo zw5S6|kZwh(KoEHp+Cws%aZA%P!bh=0uPgld+PUFYgaje_a|kUg=CxM#(}Ab4R|5C{exYc7?RZY4r?v%sZCj}B+}kYV2-#9w$Fv6(`* zVHmazLQvjG7G5C-Ia=bagFB;rq;GFeSsd{039Lj2#hqU845~{orV{OR@>USm^4&8w z?{~jjxQO-de>#P~>Z-FLokM~!9y8}-GGM5}llQB`!VL>Eo>VZVfHpwL95JdeDoWVKw31gd@!@`v z>0dHCB{oDY7oy`gnZkn+CK3x>>6{R&%)&%ugkfi)e=PDmOLc2Mf?wCAeTrA(`&7YP z`8Y)y7!!~D|A{bX!D58g1o?QWHN#8~P(m(wyZIq9CzuUklnZJ@gtJs4lfug{#)B{| zyH8R5`Cvot`b4~{_2fSv!m&$`#|?iIe--c^yOIxLm(#0Q&-`VAPz`n6bXPcQfQ-dmvp7R-cRBpohZGJ^{Cs(XfvqmR9 zUr#45`{HN!f5xZ!CxK&AfnM0-$2N}D8x^>Rf3H!?5kCJXr?rjq;z>Tx1Wf-ZnhL$L z$*{bXmnG4GDU?Mxj|)rp#BSU8%`aK1P-Z%?8aERsE~aIRy$}#l)`7^6zd@qINFm21 ze#PDi^u0kc^#>cy8v*XpbLGiX@XRy+mKuKtR`CxG*fx+aVS z8eyb;S$70r{EBXpmrHpO-H#I zbuMlN(jjuB=RuGki2_fxuQWS4VTxxqvJq3pX)fwB?K2+dXaZwkSO7C8USwV=e>gL# zK>1pOfvt35t_BNBnZ_J2^{i#mJ7;>MBQ&!V*4hKOjE;9(b;ZCGxtZeJyzHxAv3?aLh68v5(KY)B@xKHyF*0Ld7;Pr#VNM)To3CeZ)Qe>u`8p83V! zM(*kshq{;s2)g|??6862OGUb7*@1$l^V>BOz&D$#ckYV7<|sQCLL?)U15OtI2=V$v z5p#3ml+yb%(`NY1fibKyHgPG|ove!ozdQAQ!LK)(??3CLfq|z64TB5{r0CfN(D^7S zP(Ff8Ci*i0vH@lG71bvif2qKUdCXXA<=aq4aRsI|!DmJHn~%poY+dak z8IE(4kpHlHt2k!Wn??0QZ#AtIJ;jt@y!c=R7E{#s$sZPejB;JMyJPloV|9y20-imw zZwt)p6m78M7jo2%f8H=B_=HhMAt$F1ZC*j=2wZtv2oBP?iTW!r70dETc)g}46r#uZ z>M}o13z>;D>paz`f;^_jNPI(z3i4Af{fFHyj$OODC@#t?`CoAfQ}MwYH7CySR@_tO zK~;&+*R$``LIq2e$`xyv001b@lIpH5Whk+<5w2shz#B`Ie-!j4E}LdDngb=H0$f>w znGVP>7GzkA539Qf7gjl17XS)bj2>O-mElbwcm_>8<*}ceMfVShpFkP94rOZT z@yjj8u9IO4#E9g{E|Vn5x@TLNRy&pvD4Obces*H?tDA(N|m9M4T^0|^Vj4ZXDEp<6@0R(!{>vt!DRzR)dlo@E8Z!d9P)ByiGj3O*!R_$=gia<7jwZ6Id@MtT|X z4n^6Ne`Ch1vl*WS>d>tJ@UwtJS{2BGUy9sL}CSG!Oc$$H={nzx>|FGy8~=M)Jg7$@T9@3trgv50FDz5cs;Rb6u#WX zf-BXuI+&nnKe8YSoopR;_-y>9*H(cFt8UH$f4NcElK-hvRvNOVu_HKXthb(n&F&ai z9&r9nTDPJp!L_BT%^SW4H^2(D2M0;)={fsuXlRph<4*+F5j~8uYLUECv$W1TN4tVLk$+i$k#6`VkQK-@l|*zj)DX;cB_T|=&F0Rh z{PGcT8lMFBX&qkl1zcZLtD*scr-L640Mw|EkON2$d$eI`EH(okIz*NttJs?+d#9Xk zKp;S9a>)obLpeLBjB_%5-n8K^ZBetpe_7=x0}k4VV7X3{n52IJTD3oiiF>=|8KlMW zwE(J)PsopN1;Y`FHUWY{6{cGE)rM=lz_zZW-Lp)hXx@6ZQ}k`&I?h;fnNOOthpfmSr> z>y=iHO?tM}&jCv=oue)fMdq)8%i-nCqGu|%(Mcrbl5Nh}x+gkgiJR)OgE2QNSSs3} zDGkx_kVl}jjmATzGCUg3t>%%+S=sA=6#XbFqaR$gH)=+KpYF+tq3k1tzYw&R0D$;|)O-fwF! zH|$ObGUU!KpAKxCJ)XPAu$sN3f0>cJ?9ko0&scNf zH%5(iDNL&(0KBrvHT*YZKXHa1%-|08mI}me!3)tR$iLrNrG%GLjWOxExjKAV1f`W@ zI#Zcp{vr`hC%%M8e{suWEg!g~C5}A{OTJ=yF);%TfoT6||Q9LGu$fYKzl9e>6 ziWEr_qemdxd`OGBU5Omm4t4Pg$q)yDI1Cg^{F8F_fs;=G(Z?j!Q>VovbFm#*R40BV z7B&@zRtl^Z>&sdx|NBCx5mo5;BlP&A=MM@RUBmTu)C=ED)KR>XUz_I3~tAtPH`NUaK<4b zxZ}5X1}&~o0anVtZRxosySGXXZMm^BwX|s7f{J-#uM@2WLR*n& zsR(v1f031JVWYP!gtmRyYMt7)ZObyQu*)s1f{IPpzDSk$Y#STaaB)lx0Fx-hBLpm# zfCCeSf!q1(vvyyeN@^a3-d1QW1)Z)yqs{igO5A=qpX79kejpLd&wzjsL~H|4OZck@ zTgB*A3a@H*ERBw9as-1TGLuD4YGt%-eMnWHf9x|gXCp)3ey%DvhZbu4<$gTZJLa>ya)JnfFP{q=v$BB zRn*tpATga$(hHIS{sf32pmUcyULh>dYI=@n1<;T5birUX zI>^<FwCQdj^5s(!zHs;jQ*KC=p;&``5|yFN~%9?N3>s)+Lhi6?Im<*uI_uc5|l0VHuj z)L5+cDF8no?Za9&{Ba!cNjtLu&PAGUgFy?4hH9>u?@GToEnX%J_=4nquyl3if9~O! zCYq(3I9afvgUx_+SsVil?AEj-SsdA7A^3~5fDLbpkV}+_U+tNIM8QT`wV4#@)m%Vz zh(V;56r^ttNOk}Gp=azVZ)Q@Xg@vFqoUPXx+gF|QlodC{rQHdIiZ_7eM!O77iS9e@p<(o>zoI z+HCUU6TgI~tTfH!ExJai1HSZbOb7)DgX)ML8B~t11gUL>Ry&JWzjIQA3u$2M4=^ zvtJ8gsZM)J_Yi~@vN6YNf8tHH##2jw_au-n$+}*;CzO=owT1 zwb#MgH#wod#Ehkap129uJ zKbHaVy#mM=&_iWVe+#y{f8s@$py4Lz#&&v>8SzXqJor?&7&rRT40+zCawU+B z3~(`~W^(mLQ(%J5G1In00&py`wJ5?rGg6DFu3+@c4-?BNwaI}zS38&vVGqQO0YkAA z9Tyf_Ra)kWKJ;U)9xVhwC;}Bz58>b@*Q<|adc5mP3(;|yf7>XeE||C6{u`pA?>PcMaBSE~@(ACn0KJqP1|* zE4x^W9o21CI29xfBX2#U{UA3bl{PXFAP0503fPt4q+;XE&0{`Fu+ha{vY5fDR_2hW ziD~+M6R@;De^b^-Udw&Z@77V$5=ZB;>LJ#!sY1)YaHABFprm2d?QhUlB6Z zhsvAqrez}?y#`YXA@1z3Mnla^j>eDlt7$&UnRTNIHDq})Y?{?pvv1`2C-9w3!xtN8 z_F^j<6qbo?JLHYY#_XGGrjRHClIIMSl&y$!`_O1B6n;!y&(YO1dGR*N+r!DNNAwM> z&@xQ`e{|zSQ}mm|mSNNmpuAz`d_wX61bXeq&!(xj)l3vhD|QJyGoxjAwDSG104Fvt zQxHB+i36(OwMhloxDd z$#KdfSRyt;6UzP-IKJpszu~+|WQSaeP7YbZ1~xE#K@S_@e}JpTPFlPqaj(0x^7Xns zn5~p@rSE$jP6jhHW>jZF(D)lJ!b@s$B%FVF6v9IDm^dox**9)_lY8bMjM>@07?UAw2z##iA2m@vH2K$wK|+@Zl-wr1reQF zx?1-qw;{-2#n=m|1F7H$p`Mbhz-kKxCx=(kdIgR|v8rUWI%DP5ze7ee=Qt{MG>hfg2qWBl3|H)p~=j>XmkI4mf4K? zDWm1MeUWA%6s^S|{$?me=KzB^R|_K^q)K$?wQwL@RkyEwmY^eQ`U=R`?K{_`e^`7i zfcd!?lu8={D4Nbd+ipfT_2YH`y#6nX+Z{q#Kh)>HmG>0hF!RP?tMX^DnweWKf8Vkl z;sQ$N?0L{g3v<7mYpHe2{Sd+nxY|c_33uyP%o|b!%t3(*(Q5HfaUooU$7nsTvy^fs zr)acUV}6Y&I$0G4m7REHDQHpR?}xcP;!D_bQ{n1Hay4R(uDx&1@Y}o_OU4}6`WcDq zZ@fmS`Up~AOnX}!R-(;awCn;Ke}!WLx8@E`39ZP~k}Hyhwm{HeSpi=7yb%E^!T;YX zROAAomtTpapLbtcdJ1YU;1HwuUIfY==?)ib+})c5^m)+}q;wd>kiEJeiNU8IU7!@i@p5G}L6AOIsdV z7(BW*M{awOy1RfJDI9d-0j~Y$PBDO}qb#J~!=P|B(?uupKhyO__ySXcZqmk9kCmDim*FK z8 zH^#FtH|3?l6o?m8%(r=@*-1k87NGVOXn!uvkT^{3uhA8$MdJ;(2!Nhlm|N=0Ld>?n zPKMs#b^%Eef33VSXlOQ|k0T+0nSi@tVkVll#!zdm4B?4iT+^?!n&O8Eoq-lZRY%BI ze_qVj*M%!4MXG^3-~vSP%cFdHX`zA&Mj{gHD}(j?4!D!%Mcdxr0k?C$qW=m-$RqCz z&-lQfiLVilUj8v3wSWNe-$U1Xp?C#`&mEWI9!t$23Emln$)K%UwK@`4 zm9&-G=0Wpz6!YZ85_U&=I_`kh!>m$Ue+l6*cHiTYsYo@RC4??r)wRK|#IkFSjE4U- zY9tu+d+r;^ZKZewXoMgFKCPE`%0rmfvpTM(!5jf9VypiJ=K%vaEj5WM)-e^4v_TvL z6F=Zu`5AzAyvKk7#2!0KaODSQCYiEwGVp6k%Zd#DQBcH<9A4SvluWHPH+$Ake~a5W z4Y2nW;Y`ffL0PtB5I(ayhBjWN1Jvtpf0+oL*Zd?>s!#*aVzm6fSYeCVS*FP27R_EA zZ)nghwP>?eKLRo&g{$<&MM0R!(A&1are3*<=$3a0nO|Jslfl&rAfl?>T!NfFhLmfe z_y0+oKm#+#ALLV8Nc9r-b`^HuupvdG*wA|^R1~?I$_)LUBMu!w%tc$TxH1vxRPnKEyf1ySt5C}2{ zYrp{EM~q?OnhI-7ykj(=zOj^bq9&36;YC$F6f_^x%A(d01`Lpe^4g#UiWHx`f=MomRa}YR1~XOJV2skAQ1Kj`!+xQih21R znPiYT{6X|&0c^P7GYbLjZjx-P{vzvcWKS+vZX)$s>zbn0#W$s&+()XP{x3BW!OCTL zE%5NH)s3Zxg>+hOi?WiK!L#a0Hj)LpTAmXX$sct}=rzz0tv?QHep>Gp`IV*o54M()vc*S=2&?$><-RL&^pz)l zAsPOA2eN#>rmF-AaY`5zop3m4P|-%Y{q;8>P_>zb8~{G#7p81WYw0$~Gnkkvn0V6-Lfv zuVgn7W{13Jy=7JD#VS%EfV8QBn(KPO^cID`xSA0?L4u_ve|Df79bHHh(U&RiuM@ay zORi!M)&P`5Sb)I}y{&jVPQ`;tFFcm3aGV}902s9yz`XNfZ+ky}1@m@47-Sa`A>bCO zAQ)VJmII&yY96MoYT&=^y&0)p;0X|1E@F}6hee*`A zHxvgE4Ag0Uq2WTIRUpL~CSxyRUSR$1sAiX2I9wDpq@~~BfDeC}FeC+7lW&*7Cv<<}8ux>>Mp&O{QjS=Fn9!Xv7@$e+y)yG?X(@0$k!HnixGmZV!a}PE~oy z-r=0M=E6o?a?92qN%p-~5_BG65IRQueRwxpC8&usO9}xoas`!UV1V5qP5{bLof4&m zEwuDSS0a1-gxW8U_8+t&b}rYB)?J@@;UM@pQ9pepT9xA(YDnN>=RLu{8k7C48+0OM ze~#^Rl&t0JK&pj?0yVcN2`VTa!1EH-t_rz2BV#Go$sE5bI9L_}0&djEVqZf(fPf|G?>{IhHM7#2)YPjBR`ev~&SP=PjShmCqgA$a3IKLzREq+Y-No}fr6t90C3P*0*v3H5%+uP;i5y4xlAvPCu}iEL^@4mUM=rSsObDx(nKy9!ADt}H(BeoYu^OZ zthk=m>+mKCQZvI;Ibvo|YYiYap5E!Ymx@=xgR8|!Bc~G9UNz9I{Bi|*eygCs;ffog zv=#vtZ();lXyLBhW(~Ri_DWlXf7DG#t>#SmTMN3J6P2dUv|Yu>GQ~DyJHp_2WVC#! z=1!a{BheU0vTzF$_5l)jS;&h4XbOLRjIDZwaE)!tDCAa1?lp)x6c^b8YxI_ig;i0YE*Wo)Rwm*WpR1Tf`Dy;D_7ee{Ss+MQUU2 zBc<|v>EAA|zlX%s)jF zC2&MQ6ZS7iA?rLmYGQ@=bZ&Krg1)<14QGq2?VjKzIkUiqmQXbbe-L>1%jKRO|H4V>dMi#CCJf7(D-l%_n zqC3<(4G}=L*;1fc;c0`YUFQuDYZXS8n&er<0wslUtUv^bi z`6!;xrQ46kjGg*3>c}b9vT97_V<+3{BF)p;XtA}>M(wnvHN&0voOr&fpNo7?O*hsw zbLT1KxLPZ-k zzt28Y7|2eSDrw2os?P+)M#D0ty;e|QKC7Brd5RoIzkQ!v)y0I{IJz~GP_ z2oBhnChG^-fAaCpj+`G~j4)I8`!n8|fBial zf8CMRDyJj2-J3s0OZe{{mvqMYK358zH!YQv(&_Bv@6E{nNoQJ1afB~syes5!OU&cc zlRI+j$Rn-MS;=LF6goa*)NVVG%V=GVvQnvY)tX`$p_?;nhrX=&uFui{_9mh^8vwhU<_ph;~(pfiM zepAXEp|tR~%O7#Aj?)fniuJ^r*E}VB52VkjrN*BhSWx)=YZNL|mo0Al59L^iATk$>r(Q^7SU2S!~ib{W{4MMG1^Be=Sv( zwx~&wA_&6@;szOimpql;(e+fv8WBg zqBM*Zy(>|e=yF+1-)JNpx`B|;Hw(Pk{+R}J^v#8HzFh`LNE$SB{IRH-D&5LW-aSgErLks5C0gHBoNDw;BnD zZ8-R=F;S4EVZyIrc>@{=N7gWDO~$%zPME|0ee6 zP(rmZIe3QZx+Yt6X{(A7NX0unq{NCG#E7g4qk02E4U|P;3#@X8r;?T}YRFF%DHa74 zQZy;g<4L4yN?@cxFv?v9w7D2WDJjwv47|ar@+Jfd%nbK4*0nqc=^KQEE+^a>Zp_d2 zhvvel%_hDQ!Ov{Z+ax-uf1GfSq9a>CilG5Iv?xI{xCcS9P)K@qJvw#yg#=O>Yxzus zp(V|PkqxjMXvw|g3zDE2A`C56AXSMRXakLe~0US7RD1gbVf(5Q+1zQ1A$roIJVe$Y9JJY;J|^y!QhZ#4g?2G zW-A;B4g?SY;r3nkQJ(6GAmtQOv_UKgLZ(M$0V%AqqD`_4ie!GOmo2CP zVnI+LMOP(J4q-u+$n&rk542I9Dq1W`O19`>q$<0xiULtY3>ZjU>m@EGijMy1mJ7ur zQ{@&@rS+)+Aw3)=MH|Q#Y4QV6gay%SL6Yi$7Az060I{IWwJyDh>WU;#S0hqAixa&F zTeA$kT@2hefBiNnEXPJ_kaqi{OZb`SlCLTzXcLGn%c%OMU%c3&sCXXR-J&VAXoGnm z4P!wX(VZ8y5oKhX&?W8Yj7EtIG@k}xa4cH@hkElkf0MK;95o?Sigry zWcNDtWaN~@5m_F?!3dfoBYOOgH0VbHg@Z>w$sr3U{Aa5=^|RwrQYIA+pjRt7l-(hO z-Kucfyli6-LOc-&5%}KgIu%#N7-cn9=zSaX1{Q z)>{5Jh1XsRb#_-3Mhn(x=}CL3s9ya+gG3?7n&DDjtT8;SaTzAA^@a zAs32X!!!O(2HYSmsv6%f6!4{P6;pd!_P&g>lP%v8_rC=Hi3RK zP$Pvn{jc2V;^ln$;zw}&#RXC`DP0w0d6 zGPp;D3JRh5@49{o91mhioRh5E0|!aV*3LI&wKmVJQ!E&LA3-SNb#DdMK4Vtq$*}QJg=&hc_{98K+bf zcF(?$&H38x%dTz5cz51-WVvK7f{w`!@M)<`&>w@$e?sY(0*s(Oa}>#sDr60LSd3R~qirNcBhtkls8M}N z9YZ2;4II+uHGRN7GbFyUPEHIUg=Vl{N(Zxo$>*@c&g-vJ*dnPanq}J?za=6W4k=9H zb$v%pzMjGn?MaD|mF0Ot!KE=1(z~w0;(>kRv_udbjLZ}qDqmY_s)m*De+tOX2SoK# zCG<9?NTYRXJ~*HHB&F2t&(nNXK&}&wl0Od^s3%gRQQJ=+_&s1GXt}Tfa5JVtr6N9W z>wQ8m#)SF@@6x;A3ChJUjfI;f%M20fT54%4Z3tD<4`rqEwFF@^NkSW?3*d+QrKh_i zK;5i2^Kt|`Z-;qG7JOLGe^&gkSIx1@$%@X)P6<-GM&cB9?!?!?r6gOf3t8AECp9`s zPp#E(u~T7fNfN=M-}9XdvNXc7ge4C>Eg#xQGjm}NJ@oVB&g^17(;HTj1lzdBOz*o) zX7N@Ex(f(Gk&C005PR)YqOn-d@nxb}Hkw~FQ9rQruD<^OwWJZme{`V36d<{V2)WCm zyI$Bkv;#&$>BWWWFDOsu!TDE!uB#tos1k%FVzDl3A)wOdj1@`3>h+3EhC-9XB1R&*@s7vv{&AFRmQtfB*U zh^X(RPo#Rpb|Lp#qeiTV+7i!!5cMq=bn<$P*T4D>Q{>B5r;~|WJ=yNRkBvr+#tm6w zLxF8r)L5)kjkWKlxbc5F-<|QW@=E#%@7!GLdG9*509`s+e^$|26;maclx@_je>leY z`=a=1POwERh{a{>3|3kffa|p<$_v1aCrD+VB4RFogm4Mu;+&=dn zOCH4Wi36cie`-r{x=+Y|0K~aLOij!T5$+ja&ZI}LE(FGOZkL!I2rX&UoK(=mj}Dli z^@xCyz@p?)x819OCTJ2OsXMgu&Y(zFCb%z?us&<%IT+qJ419V9fD;o=Z7v5!VjWx# z%3&e-qT@bl-5fGHpw}mGGxQo2-pLY=0X-D}LRLg1e-LjS04K;4DOz1+mbH$oAPp5`>TgXs zcv6liwK1hHCdD+PE(KB*@rJmsDZoCdB57>%XonWVK}@hu2@&IUXz*= z*CA~zfBTz^hZI}0qFw(6BQ-NeV;M=752Nv(C!1&`!;u}$$Y>wN;Y3E$52q0$sCgXO zw9|+Ub{-Gn*pDd2ci5GurqjfKYo1u~;oqKHw}*eLSl0we8R9TnlVYJ~pQL<|B$sZG zw8DGhYT=DB!XXV#x&>d;n(#^TgG-Y1*b*;7f1sMv0x%#j-~yIQr)cIRHUbNJpiv$g z6AeKT0fHm|Q3M1biU1j61V)(p>TKmlN^Li9mN6zXgto22@AO%^N(5{>#p1aH!x&G@ z5pSA^6Qf)pTRNQ(hhw&X$qC&QZI}JBp4n*zm@K`B!+6u{{-ab76_@o#mgvTxq*vMe ze<(E#5<2Y1sK&SZNwM-A;t@QIHoW#@+l>86mqxGZiV&GS>loAl-B5=W21t53U=3nX zgR!r43ROCldyD*`0=U5wd4KeY&2t_}Gl%cUUwOtfeTWxC^m^qR((YsU=ls@C(h3qT zu7=np|ABDd)}vBBwT)B0l;=fN9=B;de~q}_pyKtB@itVh%D9e( z5ySV%wU=nu9tk_Cvxot55ki#thp_gsAot?O_TmT^({7C46K0=?h0n(Mo|D}&EbQj{ sR9N?Yij&tn2ix}(9bn&A6y5i;O6^~s?H^?1pH=dBd`r-zFqAO0#$m|F{Qv*} delta 49125 zcmaI7by!s07x+7LBVCds=?vX5lz=EmN_Pw}bPPxjDJ2NfEhr3)NJ%$HOE*YM3*CjsIY*T2pS0qiHZmd1Q4>avI4zq z9H1^%`cO|Vn42q5id6{g0=0!%z4mj5qOX8f?(WVo8!I@vlHbSGme1DB#tG`lXAAR! zd%~=}|KofvR<1BRs27~iM+oHT<>pEWv~hE_gW03|qYH2=m@CvXxfctBL704u#YHSA zDkdT-Dvp*yR45#X-3Y|SxL!c!tYMHM)BsYbRRi*OVyX#KGz&-h{Y{w-);9>?@s52iI0 z7uc6rieE;|vPAZWBtYt8rC+#CC)R#oVhH;W9CvvRtdH`Z%pnX~1f4$tY#12x1`k=R z`nHzDC4T^x0Ef`O`COlOxdlqL;H+n{AXOUMkvBMlVef+M&B3bp#3hg6wjuKjZ6kje zK@pxJ%h!nhk#ZCf zvK&QximX~A`A4cyB*-ch=_#^i?a@C{gL;IlL6Myz>(wl&&+qzy%jY(vqVB0JaU|B+4iR@{xzn5q#wnE>_;)5A_v!4{*gfx3vv*}dWsxbWBW%&P;AH%6z~)|zV_rF z8Am-qj-%L5k&|m2|HveY138J}JVnl|as4ARC@$m-iu)8fzsB>A%%gaa^Qfn%$fY&V zKeB`ZA(v3#Q{?Iz??1AN;zh2a_)d}QYyAJnI*K2;juJRUZmkLaBU>mzlW9tnva2?O!};jsV1 z|G!@AW&`7cxmejl`CzWLP+vYD!T&ib5d5#}|M6chw8NVGN6_hi!2z9%3Q1VGy1K!= zfNq`$dp;J_ybR-Z&M=UE(D4zq|#Tg(XA}k_`4r+pe zq9QVEN}A7J8)+%CI=~y_jl~%;@V%hUP#d_LXL_lLxDgII07SaE%vc z;?9^j?rxrNuSRQ2@p58JC|@Iqi})}ej;$5kN-BLGE`Ee#Wes)qO7Hg;KTmJ<5npf2 zc_S`_f#KXZ<|~fENbm3$H$`#c$_<0S0t1B{AW&Wy*ck!^*+NXr zz&7ZUG*m`}7Y1^ZbA||m+@zqgUcB7GXy5=r7lc4=JWz-rx(x#2B@G3Ecwlzi=&3>j z1ECOz7y2vR%W5lN=IO@1O=fRLEvDxGAAd52R)<}5FFs(3AK{~J^_M*co5R) z-e5QoitZf5BW?RnvFb3dSnU#B+7C*k;p%LWWbepGzF@Qgu*dtaKf&89C^Mf z(tSs-`Au<6Kf+riY46$hph^-bO=Zy4tJgI`nvMrr&-1b}b++>}`-}rZ=9w-v+Lz;6 z^|X3t3cn>8kSji=S&>QtP2Y0q{Pga_OTGBLeSzWt?I5~mrqz27{#Mi_fA*Ajc`ml^ zMsMyZ4?&Vnlpm^9%#8?8)9g!jy)5UvMRIZ&W3tl^vqF3*LZc18*J1s^w&1dMdI2)E zhYd@4IdxeONsuZR3Z7(KZPoYDuy$&ClXZQjkE9Kq$4C)s*a)8T8V%lc+6=>!|DXgJ zn!2}@qChxW_fgEPxEpNos%twld$l27Uw8bu9X?Pue{9Md(fdKpx?d}x3G@nNcs2vv zeACmttnEsk8>Na`dAZ$!Wgh{hlL}*Ec2qtZ!dAmj6J~y9k|rjfY?Sx(@kgpC>Y8tK zPFFdHO}(sHe>dp}=z0w911<;?z%^nt?>3mZ=*bbOME5`(-Swl-bc5qg>HR?JAx44D z-vR~|3e4T`nJJeXQsUm{>h3=&*>H?S7S!z&=$3ir+>hQ?%k=ynvFpzH&CxyQY`Znz zH|S!UMlQote7CDucXeAWtnL1!|7BfcC3elD4o&NkCphIT7=Lta<<`N^X9+1k^V~WQXp>c zKF?gHnb-7cHow6BJ;LfxO6ANyRM0kToYABHGmTh+d(jh0vP}0{kr%Y`>s651VB@R; zyZc~So`wiS&L_%-k*P^ZY3j!HomxZ`E=8n2BKicADXOrN)U5C>Tse@o+s4GV)?#$y zr%h+i1Ts!r?WQnb35g+o?N2oIP9{E#-ZRFsIVd!pP9GvcStdOs+4l!t>HOnB_J=%9 znhDv!28y{KKHI6cT)6U!dh4&8lU{<5fAx!qgmZIphoGnQcN~ioqvdkEXEq3H*-~O+ z1S5H;a@3&@lOsWW0u#B&puR2hvj|*ct!PRvX8yS!aTiPpPuXggg)0qE#@n;>n@WN%KH{Sn%cp|??X@~XiZ77b4|*jH+?)fBudOd^ zZ#3#88G)i_AF|+#i+Q1Q3g@u&1J>X-9NPh&BILuKkAa)lDw2yPw}zt6B1IVgD%SPr zh#fonN&edN$lT2YMCr=c4CkoBkUT2KSK$EFmVU za9-Q@7G=&{B#CwNWwuq}3|u-C+WclKUoga#%@g|QZbQohNi(MW78=UQ# z_{0LOrCxz%L1GQ$q_6AVe?DJ#CPysT;Y@KYd9+);uoES5(!?vwc-l{B!DB)uy+gFe z6G?Ck4&cD1;*mBbOgD;(RKs?)JWNP zUWJ0ZMZ$|S6}~(Tw~+NJ{768~^;6@y#7W|4Sf27Lqu()qVJ~ugO9VxTyer<*#l(m^ z_n8+sM~s`an5_U#Cg1q8d)!QXv;Ui6#PB4afwfTJd|#AR#ulp}sw1RS$u)6;EgCrd z%&>AXVm&8|JO^hagg!(8F)eF@{6ycYswh^`=}aGB`Vzr%WYYbDbmErp%jviYdpVNk z_&atjK?NoWuIPv7Ky>`DzrWfe=EaWK9S*|gk#)Yu49$_kbcF?sKTp-RPUq+jue~_F za)!gS^{5vOJ4nM4?{*@*`E(VH@tP1sY}N+032aNMFb^vgKXwg-i&p`33NZ^j35u7Z zb&T!rI^)K{{SI($3xn0qLH=Z{W99QTEL|Huk!9o#7k-oMqFN_%-9ZqA_d$EGz*z*( zdO&zRJDKKBWnPct+m0M;+rMd*4}GTME{@CM zQf37*-!M$ICs$fWa1nn#uO1&hiyeKHvq(l3s~803zYDe@cj0!qm9?smyUmN77RE?#tfKH(l=jQ`0o*x$hyn~kV{qK>?A)1S7C)!FZ z@U1M3#q6cH9(2R#=qqHa3cs#JarASP!)Vgr`?B9E9xH;k_vF@Q1V@e%EQ;ekI=!EO zZd2PSB^24KCkSR*otQ5r>CdRBZteRaWE8&NXpV?NeQh?dZVsxBd~1dJCT(5biVSKi zavmRM|7cPN=|bAbgkNbl{&^uQEVLq5`KAHVqEbA}$$trBij%O$>(VW-vnXON+DmgU3NM(ODM}mMTN~Y8- z{n+m*sey&s$d}a>%l98!-b9nU-Cp4ldrI?=iO-R@W?)*aqCQ)DJEe3=eVW}gf6kWd zBk5u2_sSt2p^o{D$F7CN*hETZBXlosguQqCw=>ho<6jIoj62024a#~u-&Unnx)M7* ziVt~_NE19;5dQw)F9Yf}gt7~tHLa|cW)b)1;Y2M)nuFZ_XZVxvY0XU#->->SnY%mQ z?=HA9W77Vdp_U21Xx_8_C>STk17M<-`yFo*dOS~8GZ7aDznx*>zVr-8f#grxx=n0S( z4vrLwK41T2xTi$M>OY%a1NX(8urwXoe;LX6jnVMaBMf%W5BVoKrASMeg7YtyK*tq8 ztWhmOp#=wShnG}VeV>fpYbxSCm?=4cV+iMENh~Sj7gs;7E@h@s0m&LsNv4>44Bd@? zy`1~|r}3|l72C)MJ0B?gxB6z_<}dfS+GKuO73?haK;`z|(75j#-@-{=)|Njo>S-@$ zEow#2$BzwteGaMqhy&3|dQIK46i|n6IDlh-n8A|rT0QgsB^6dgS1-KFTFGk&E#Z(B z&B@RhHW;5UyN}T%-^@8r`2InzWFZ!#{H37`!212}lM!KITIn&T zX4A-?k{&smA>X%e=6mfwv@?r0c4L#%TIZJ>=VE5F{{HRfle z*ghP;@^fBVQw;xAakt}05Rq2wVYy37q>3-0G{+Lb zu~?uM{$!&5v2?~RNK#=#GV0SE+w8s%Hr-+)PTCX6f{0em(%5%Ddd<#T~9lT*`rwx zYVce>sbOU9Q4abBL& zJajugmFfKQbE-);ZK$M4jkEpAEA29M7n*0Wz0J1XJXM)ikVGZ9QuF07hI4-!;q)EP z+gQYK>s-WXlO<*tb72>LhaECLXiI2hq|!W%vu*BtF!z;8`n3+nTZj>*>)-o%yihiU zAN!im)5qU)y18WFT6#uPvqd095q_|P^zTZ#=LA{n@k`beVm$cRkon0O-5^7HtIu@m zN#HG$s$`l+!QOJl^?iSOI~P-&K(<;fkZnCJc_8_gFMIW zOL_dHhGBqDkP^@IW)xI8v_L_8E@qHGed^ukDovPbz{fGuhT7Fq|fN=T3McbGxOyybN@;e4kq;&>Fi4uXadJ0 zWp1MGXI(sz1f1Gi*F%e{$I=K^!YVB$-$;i5ULQ5n))b-Mk}=h6wzra} zS;i6;gKm;W($doKC)1NwPN&6luE{!C{JEpw!#t#*>tv_9jGu^95?}vv9{+~#bRNR= zt(VA(&nNU%zY6n#ALN;BA;ZRdiR`oA9f}xZkhaMIK~cl&kx{}1jpb~F2M)X-g|f~@ zQnG1A`_=2D{c46F61-`BN$N($&Nr}b?%{s5CwdBeLUBu&odSD02W<(Oy<;yE6JM;2 z#Z-reU)8aSu#P_}X~?NXY+*c;9av&n%Vfs<;=4(xC3n=?`0FT!T1HLGuqx;IzI0eAnvl;VPkg%5H8>@@k|_^aU8|dy1d+F;26nR(^9o6{CDK zl{m_BLNsMd;#fK0u=huMDgC9RLC-1#51UrY14<`SF(NGp{-_-9fN0EcA#Jrb%~Ax5 zd3@_27i$_UJ?JrJ2jo&z&UPE`LYH?ki8-s5-{VCnhV@#-Q_LaSbdiiRH*T=14=rH! z!XPrKRJpE{w$zpAXf!DH_x6jQW6jL6>bfi&RKWwb1<(b{gJDvt5 zd=HuaDfCL)F=xs7alE0R!gEb7emZ|44V(6!;{=JVzb(o{l_M6`1`Pn-Il^)=5v9Hb zqrFCI*NoL+=UT}0z@73RjY}qmlb@T}W3O)lYJT#mOe;}Le@C45e{7$9HxHpZS>tjH zE%i{jD?4%4-vmi)N`9mYecO3)E@H%Il<<7>=cxRs2pwC7+zfm`$yF21+H%I=LpyIeo;67HGbt{CTKV&su2CP@AjGC zXSX!gl9Wjgz+Cqrg+b@3hsD9DAG6i(M>;y@uGh!e_b92nywVrthx6o zGE9m3eNSEQE|I(-eV5N69p^Kf@sj9wslM16UbNEVUX=1OA}RVeYr#)jPk*t8XRQM3 z#QAW~(AzHK&SP;Mt}QAF`m8{rS2v3I1JqM$!YdJviMB#(fAtzZU6y0Ha!TLssj{lj zUeq?k#OXQnEd0_pbYlKBJm?Ecx@h_tmy z{fAsdhraWHRfMIBpe7!J&l$@Q*#L-U9V2jFkq3`urWzjdZ8WUzV`9p6+(c25h{}Er zgBY)bCEjnISSr;IDs7!{XWeNa8$@~YGrNoo!tHkqslT6fi6!gsV)88e{P3R+u=QH_lUY>0w&^ z`p}A2%JEZ+Uf_@Au+FZ;m<){fT#pkdMAM7Iswpvmw+Y>v-}F zZ@~?}3c!d}q1UHeZC^%YL354e#pgqrq~JjLF{061;yHR29^`(yUqAt_V>x@lqYKzk&Ptpy2zH_!oD-xZkev1AAF{S;nq4h}!fXVKW zZ7J$Pw8(hz>n##Hf5c8_UNu`cv4w<~LQ(Q|Yu67!Rv+cUJW?jY+`J6k*gIj=rB77P z*r2n2bssNKSjhR5KSyd)qK(UQ1T^yLQRPw^eBo=>x(X;t2zz&V)n+4uxIbp@y_)9;uqwLFGFkg+BiJx+A8Cy>YI6_k zh~PpLaViKD5U@3VOqA@PxXqA#nsVYcGZL|>_$I6rz;Y^x=Nyr!Fnx-9$cMT#5KbkH zS*dY}wFXN^h%2ZH0f77Oh93V6ekeaN80Em}!O*3Z4asY^%#?O!WV9jiE|Tb_aV#?sACg5*l(?s(*( z+(|kaUDQfV->{{=)acW3X!T$@S1Hj<#}E-_X-U)Wj;()dPD!fbz_jOa_T|tOC^Vcy zbXgoxrf%i)$fo0Lu^n1`u!@Q<7*ZR3tlLjLIW?-*ze_jvh;tkFa!c}>hNJlX{{9QX zywk}>5`vN)D+E!8nc35LNOPGNJb}QnF#v~81;Yh!$c(AJ5whSC&@m8QWLBTq ze^lsdmW%iJ*DT7v$?IVMP-wrI7Rh_yWB$IWif`*ZYNwgjpzy$le}8r+=xO6z+ajLb zfsa&HW%;LQq}Mb4s^Q=y7TX|fglwBK^&{EecCO(VBLbpWo*rrG4{=@5mssB$FF%H&g5!j!-4dwM2M`^d`)g?$nW9btU4lM7g-&Wk+Vv>D0=?9 zdh2z0t&~jPA)mU*j!`qBUB6|we$A-${oG8;<&2T<_HIDtYL3A>&HU7=Gny)D`<0_j ze^^KP`SPXM``U{J{g%`F8uc4VyK3IuwPBq$F1_JD2Xzvf#|!)Fd_AYHk9voup>A6* zTO*9#A6mS>zDAzgBTWpP(y3VbD(VgtTY96?hu0$g-rHolc%HvOY$KP-X9E7t4MPOo zB#*5Y?x&8-b_TPjp59Cy=idO2aM4iNEcXi9|dGg(eUewrFnSv zDt1J*Of(*9+K}96+6ZdX^ADfb>)bIf*Xq0)kGUM&u7>Vi)^Vg+EUpD@&#Vep4oB?Q zJEvxR?HKz)rn_^G5CU4KTko5L&jymJ`I3znPxNiNH9_`g8$qXhEfOd7a|O8ho*qMb zZf*P;?QY%~5~yk^jvcF7eXh9~yVd>aA%iF$5=buSq^ll0-aC|cw`dWM+?(w9n|C-M z%Qxd*KP%tovN{RxFzDFJuKhi^;m^Tke<>9>|CPR4V5%4qV8zu~uc)4_dEm9e^=j+7 z`sRiVxf~}n@P~Dn0Z;Nl)Z}bBeZw9K*>+*e@QuD~J94{wYdC#VI zOxk%gTV^S}bnZbnb)!wG`DrJ^Qs>Cq^24p=zI>r6ITt@av8PH-VXk`N3V&aAWx`+VQkHJg2v-|qs>gftg<1}S35>Y9aWszWv;$cbem`=W&GxCu8Yd(@%*=3k(y6^&_ zJJa%&5_sH1ec@I8-F$8+z5Q&V=Tv{$x8&yJ`dfm{BMhHa;z_D z-4tcas#be5GR@oGuiXTktj-*jr=vcZt!!t}w0&#yoZ9rS((hm>W7VM5BjJA-lDI1N zpFP@ahnh5%&JlO`Cm)-;(VX^F$7@O<^bcHlkgMQ1V@=Qw*TlZ)gxFl!!sGHQzq;qo zMi-UJci@>Oqk{nl@%8x^e7n;(+ZLldXZurpH$#$a$3b>RNG??V%&-)1xvPa4mw|X+ zcQ8d;$MIi6={>6=Pcyk-vpl2mJ*}&KN$4AIe@VHa#ZjZNT(eP_c==h`Rg(xp|IAur zJlkZX^n6-0?n(jW58ko07;ZKjeq=&hKIhroy3xAz-Kc-BtJ*mpr)xhZs3_O4@vz}b zvYC!p_0jXSy4$Hm^B|=6z?`+F&!9`~AC~&^dYP%OEfFL2J8z8M`K=hFT{5;;ZC(ZO z?BAi^mU-;5)BOva0@%zK?{g2`+8qPN zR`Dh#Mjre?H|<~f8`MS|ijC}MjO{WWRX^xuv+a6iiuo8xZLf{(I7*WsdcUf5@cx;6 zj{4(6Tl3@U=`l0htg>}VezSRcUpijxeoDys8MLZpvARcX#N0R1_x%I2BU_%z&8puC za-r6z-8A|zP4ng+iE-OGuexe5&4_Iv+z^}v-W zEvVG|rTECLy@j(&`JGVPz}gK}%?F}3S$+pwwT7BK zesSlMXFPL`d}aPFOE+l;93r6QfU!Dr{vh*(ytmn@K}~u6*J&$v2rs6iqQmm#0J40q z8F(vq>kK<88>BJ-y*mo#3=1j^4_~p|#WREMy|$fs9jPZJE&iHXQpx<`&m#%f{vbnQ5NBB31%RHvt>EU3Zb7$iQl~j zJpEz`p#5gJ-q}Zpt8a>h$EP1?E6+U^OHD&FAYUhMkAYo?1%C3?(8`0BCJ74Y{O~k& zBo>ePrz$sagpeqXnuJ|`&yw{^VR)!Wj+)&E3G$bCp}1g7?~j0313!geMm-|u5bjc<&y2&>SISCs zWVPv1{@jc8$W(wnA*R{XnU58Rjatp>`;P)el^sAFF)odzWi6n$(+-0>JaiQEM;K1_ zFoDKah-!bB`ql;@4wnxIVkDEdt!;|tjmUJ00t4xZgh)(9+(W1{aDaH& zKMPeqwW3Pjtqyih(;_#5cg2oMfb(j+6TiCzB`+7YLFf#b=$A?^kB`03^kc zyaTXDD^Zv_TPg`8Q8mqX8hV71x|4d23Yn0>@X6-UKMY2Dzkq` z8ua}c`p%}aQ_vDn+lfif7>7e7fNx3qh4>x1iB657rBK>%WFMz>C(Tc8-=7#{W9-%; z81(djXt)j>n3bquCZ*?HK*A?Rn?&|rHT*kPw>x>$w`faJGT4_GDVj&a9ARV#D{wjy zE{(&-8n`5AeJZ1@2^itAU z%Hwl9F|s0G|EZMyvd%~$RDuwUX9%Y=L|X=!52(>wQ}HF54-A%~O^Rpx;rBBXTZ$0i zZe?ZlWf-#66nym#Gr1 zb}x|r10H#tt%DFV+R=bHI1(hpmN@-ro3MNiAXdZODWr_C^_^ErqGE`%eXUGO!^jlN z5fK*K7fMY(fk|KsM@viurcEmWq$N$zhbZ^R+lS(JOXWm=EwrhTNR)ru7dBNR05GMq1aKLD zOiscG!Ro{yRw5FaSE40h{1S~8s2}T*p*o`~>!&G?&cbIkA4|sA7ty+R<^wX~kGpTGB*mFF+*^27FcBD`#6*t6Kvg0u zGNFuF`9%U?YFP2*+q_a%3)H&*C3_v}q6d(>gUNO&N+(Hk4_V)t zlFYGK@;H`T@9_aHH9@mowe;b(f3Z*<6GA>J}_EOIe?JA8BQF_U6&!)h#pjeZv8J*-@VPVWje zo;RdWS0@_wG9j}I8U$th*$u-JW=Hyq8@V6}w^^I-5 z+%6aA8#n-IR*!*qtI)3mhjRBL*1BN3*GuKId}Dk{ZHld5mxAxtPBrfW+#+Xlib{$e zY-bCp-7@D+4IFFEi(1aBdInb1l-tnHk|Xw_CnA4`;U{`d(kpGXKJOdN5y_S6jahD# zxq9?%S9y-0scBHTtFV*o8sAid@KjZURGU~(i&SM*i(`wu<`eqMg>&#o;A#2F(8QNV z#}%g(K-u`x8T}^v@ADOPaC`n(K4>a?C0-&5TOUVg69F%D2d( z-N-lPt9{EeeFuikmxE&rh)QIQe&gG3r2#X>ZKVUw?PmG--AxJEQ!Krn+g{t(EqEQ; zL?y#HlZ}m6sDoS2N8f5YSfhZpzvDvglt)@(x*DpEds?&eef=-t+um zM8mQD?#4y--KTpo8b`++|G>X*=7x2{J6dFQA1s2diwD}8D+2j+5pjt0n&qLhygBPB zv0L$HCTc2Ejk{76+bM48!{#>xqcy&A^%pE6VqR5&*P8hr(wZHE&I{pwr*d7)x+L>oJUKvgsn;*8= zgZihedlfY=&E6T#Bce+iGb7uLf5itFB*2Uk9=>gtl*3H-63q7qDyOF`q{_sPV4_u} z$QzwjjcLW_)k=Z9eZw!Ket!-RoULZ58{N26-0a!c?1&$q|C?ULOJsp!zDY5(_YN?) z$+>R>)dzV=8kr$?9hDGzBnU758;$;3q3s)R9hAS-pyIVU;?A|IPvd*G|1$dfy90GMi6Q+Q#^ z`9noLL;p^Kw_~fn=2FagWyn#ddcNT5bFNX@wYWCj_5jXmMB3e1zsVvjbH(hyU#{M7Zndp+ z?Gq?~!Oq~mwjn5(2uN~OF?RR2OL}X}<`(isSIkLs&aB>AT;o^=@%QgZ%MZ%av&KgI zxvR~7v+_W*frN*md*>mO74ds>StZ@_)z2=555Fkf#Zl$r96Q_e!A;1HeiiV=aK(Al z(-D$O-cumE zQn}b)sY`jJQ{|#H3)I2aN=^aoAmN?sigv`<+BKwV>}W^{RJ+l$+0xP;@JGW&7@D8< z#+JrFohK90=NQxqs_dw8Zdbb+PrWnU3xb9_@YjRtQw%R*jfhmg z;al2+>s;X_!nF&r(uFjWHydsi_sb6WPIzkY+UXmHxs-J-0_g-^4seGEHMCWrHp!K=YD*VjYa zN0DXr<5`u^`uw+YXBO2wT$=+H<9`vYt{rseL7=OXIC9;_yyR=S$M;L;;wAxXa`zW~ zxns`dklYi!qs{kDJJtSfH%9N@cR1!Y+0+|(oO{b!Bt6YHPP5I9aY5;Rxd#T||6K4xWTGoJKV4m#5yI5%IfxN<%nZpI6=Y zADnVEx$0hS*3wukZoN0V8tu!PmOdxXEWbK&(= zzT5-uFvMZ0KI`v! z*+Lf<-U<_dto{9*WQdbJfyGo-{S;wVqb)fOqZVXiwZOKRDeiG@F9A)%JJp zEG6xYmP}5=y;n>QZe`MiJvTOu{mnBNjK7bh-ucd58o14!$&N&3q-G!1Hcwp?J?xHE zjI>HGJk$iLR|K>US@8N)kM0f$ZtK~57C5rWRuaX92jsIm@apYs}lJJg?X}*c>>7+nbJ-#WY^3v&0Ki zE}0EqPqfa}!7LW`<`DTTm+C#98bRYlS+nJmE=`;xEpB~l{sh}%Z zU!~cMUeM90(K9o>@K^b@!`WA}Ejd%0L8aRZM>Pwc5b>v6P-Sz__U@Z<=_c`64@Fb( z@m921KY{dm)7MI;bpMx5cSpi=GF1n?E%M7%kKHs+?{iym!Jh}!Nifl zNKxi*tph388e+zJV+?-3ACSe*635S$y>D(a8_*rpD{}{)ogPfhgL^EbH2JfrTx@7$ zM|T{WeUC}*Fd6lu6|K)pz7#k2dBcG`f9ADSxz!tQFf!g^$CmHEa-3-`DCg=5&6!^2 zCn2xr1)clNfp&UP23fSKAzHzDa~0$8L#O=uOui;{M6JM7y>z<8#xT6910H;on(UqxjU5Ypzv(uS$be$5*)x7GdQPc+YUelQ^>@q{4gRkX z`p4sY^=XtBKnqq6k_{s-T^4vi1!{Rp=hj%Ce<$VEVBk{XfF}LAO0Z$(5)wb^?C6^} zt&zQgXl)ujczns1m=V&3{<)vs#PhX8+?vz z0lxx0*w;^2-HM9TFA||dNQcRXEy9z|#8-5y>+e~{`1HUJpH1$NhPUI^nRcl1jnw<_ zMblE_%f0!7JQL7TML>LCxi0ty9(gn$8E1hgF*VG)9u>iMk*U4 z_h<65^v28Y2CICY^PhK=A4hqgluPGITNlZ-84UJSjhJQ|ALZ`u?L#2``>@JCS3Q%q zuU%KHH9LYvk0TwS)jYIL`5L_XGL%nYZE?nw-+W~TGya({xzQ*hNTN$T%mof$uCN9l~?E~Z4 zjZqDmAj4`2HtV2(OwN1$o2s#W^TSxFn@FEjQBOfK=0b(s_ zXA}(KY;yt+Oxrox&HVjo0<#w6blKimkqY$ZhYWkP3=7>IZKm!_p;j=A-lh@@5o_^v z0Nv177J)?w?H95D5k+pG>GrmD3RldxJyjfVk+|i4^kY2v>kMlcpfPv6M7wC zFCBV(r71E=`9Sdeapu=z7i>h)OZ2zloP#7lGH&NWvR@QU(Uz**bW9BR&#ap)l^B#H zq!Kwj$rqF!XA(_^auTys;j%pf(k79TP@$!Yo`2g#W1zyIgeGIpIkB6S7*)GjCs`@{ zO}QNa-mHZG6$KJmb*%Pm1(Y6Z4PZ|uvYN5~R7xIwUi>T!p45re{gL40 zKNgZ`89L1xj=;diCyah=D5X_6jI-}9K!c4>Mil~h@|9JdC*$+N0EU1JVRDU93Ldj6 z4KxHpi|h1vh(HqOXB+KKOrGYS74ll0u^JqopM7R6q9)|l!e!qi_b^PP_>4{W85@QX z9f_%-I-Mj$fj`7i8yYIXOoYRj^XL_ud}0WNHa987=XZ$LrG~7p#S&w!Ekje1Bqp#a zT?$|JDJp~jx?j{S@A)Ps`M|g%znKtOiB7kijC1# z9L@@5Crm+G2%!`Y@DU>(758EadXsBNm66o4lO~!EpAh}!3u)|#$_HSA#_4zGrv$qD z?y@qI&k=S?Xte+oFdoSyf}ytVWUSns-9R&6C8oIN(=~=lEZG{(s-3K%n1ncG2{<+{ zehAh$s3x*145=pJMHC24Vvtn0%L8D^rR*B;8dV2Y=;yc;fi!Gy)|W$;s)>9Qwo)07 z&>Hh>b7t-&PkUc^vkCc^En) zW0lteU}CV#C$0aK$xv4eLEjqBkX_aCi2_=ZcN{i_U=gVwMPZ#fn1~pgCRXl`Ay`s5 z+zMfTIxyxe_$kXBH04Sn!01Premye zPKTwXL?jP@)dJ&CB?3GxSrg^i zb-N7dY!k6Ch>0{fdjw-_Eroc(09fzTI5*iKJVjJ7vSPWaDzQqG*c8!`VW9xrNq68x zkqvs^l>{%8gp3pylMdha%yGktl}w@gOg`F_-G&1kfyWf0ipvEPVj{&P-^Jp5CK4)w zU=kzWee$7e&rpCx=Vi;@&5th5 zN{#dFjHI26kmpdOF-w{Ex+`tgoZP0c(9@^pr#DkB{Z+eoO$ng0wyy@7Eo!4p^@&qW z8s!acYLAodL?}n+nq?%(hY?Nc*_B>yVZ})QEE)?Ci#~02p>_S~In5dy?Pjh`K!@K+ zrrxFArMH2FkbbQ`%M<-GJqz@)sn=rQbmmttd)>D)wmWK3d1!na=wcdZT>0XRxmL(+ z9CS?6@_M2DkNWX?>!Ngpo>I`g+vshzdH(SK1+zd*zb>_{SH14#dd*|k%DaE|>rHd- za#uXZvvPeLvrv~)%?oc?^BS-8v{s)_Ehi4)i}&y@>+p*2wGQ{X?ryJmA75U};zcyPTwHDZR!oOjhRco% zWvb$no5yYHj%r=2&pqmIVFL|owrjtwFEjer z>a)(Z`XEw%a?VeE?zOl0)2BPL>7!b9_oiu0pVYtk=%r(?x?O)tf7-R$PP^E+Zr8eS zwJR%4_qlgN!+mbY-@MGk;!kUPZT$Qv%}&nWl%MwQ%k|0E<-+trb?3q@_ug_Y&qTN9 zt4w_EF4X6}^{mh5IzPGo>bc(Pzt67B@%c1$KGW0Z(|YE+udh?-(}UySl!9 zxZmpfa}%-Eww`~_bJGuxxm52&`0~+0^b-8M73zbPKn13sIR%8PW5x@DdC0t?x?S+H3hzf*a~=EX^>Stz-`$mcDVFg)jaRIQ<(ST0%JKClh2jy)wQgjSLY|M-yU^sM1FQtA3JOC_Zz?S z!+&1RshNL2f8ETvp0yJ{Sc^;=_NfepuhB!I`NQ6MHLK@p|fKXHDsQ&E447 zzpcsq-Jgz`nP2-Ke!dGNK=7k)-j*XOekMlWy~KZv$yZxbdF}REEBhyv(Nr*T}K{u-HE`2Y0P`X~KL^*Yu4uf@WLwM_3dbnEnR3lr--Q~SR>&;H5MN3Ztu zkKKQm>&X-UXL??j*-PJX%l)}BeXf1{+3naWe{J>fRrepy%GcOpT`s<^RxegARkPEF z`8Cq-m5;qLQ?vfOG|SM{_?~@yRL|;WWp;g>>oq->U6@#$sQLVsVcxM4SbtcpPimR|W;%NN?K`8}Db~BMU#+8? z=Vo#CTlIh1w$DAsFY~U~hr7OAJD=WC)znKZ)l92Tb2++0X)w+mW&Ro8lzPp-SxU7HsxIXLWn6-a; zWv7^!s|^d6F|SU&%!>E+E7RByvFq=0?^w6e8Vk+3&b7=oeY?H#-@RPfjo<4QyKuX9 zb*oQmruX@9{$v7zAH61<+?u&{>8E{`%LdH=d;Hw%Yu|YGz3yKNKlMF%6Zp099n*h4{MXg~YK)nR%vQS(zj2wf z*Lphc)%5dE{ojp!_gwr5k+-%Ve(bigd-CgWxe`(H`7G7Mx>mHt{kpaGx_y7Jj4i$E z)||bJ-OHR6`>whD%5AZZy-qRf+^Y48SM#x2yE}P(tF^0L(e=K%wOF6mVs+bMRn`X+ zi#f}m(`PH&+ef`{cR$lt@9(2oznz7~T)bGwiG_^+bZ@8Q!Y#|iY{fc%mTS$EW*Il5 zm+~BJ4mzGp4#ISUprkN`e=%AU1@U@K`n^hXjQ}Wg@9i^s^!S+|K1@-kqophg0Ih;dpWsb>h7`-cBNDs9;jON2L;NIF?fZ!Vsdd@E;#8 zj6s1Rqd+g2U}X~F>0~8XiIAOQ9a*bUu%gg%gu*>^xG=^72FU`;Mg$54&V=Jb1P&cE zI1xfJ@XzfNvr_r!aMC7IfiMsGx8r?kH$5p%(~0f&;`8Er8IWIo-iLWG#4jFhcSnBz&MS;fO?VI1I+dhz=&| zL>n3t5)Xg*8wU@?0my!ANJe;gNGy1e_{3mfEE0tf0rKeJ$3zDdCrD)Y&=Dbp1rixF zEI`PFg$YL3OjzInq2j<4=l~(1f&wEnCX#1Ukl>({4NC=+nNThun9Rh|!9*2IX3~i^ zGA0tsrE-Zd(1g==d4I_H;bDLh3`#I4Q3AR!*hGJv59snRKn4&xJYaC{5Tq%QL>5VK zAqpTWa8x|}k+DsM3LGgs)PW`hgMPJaG=6NZZHiR3n=Y?!~_Nu z@Is zhe!6rC}>F0euJX?Pk0!!Kg%chd5XZvh!X-loiHCm$CY}gUiU=nS8kCYqdwP`0B&$3-K<1&sm}6lf74 z4!VPJ3nDrmu*U=y6ijre_=F=uf+c^%V**BnknFJVpgRzVWuw7xfWhGd2hN8IA)pE9 zARG@4#R&`y9Vbqt;8-Y?@qnU(d#C{RI?!3ZJ2gN8&0<$;F{Hi5w-($s~+!I*R+ z&aq@aiX<9UDs6n;lryaSW!^>5Mm?$YQFcQG3n4%_bW+G5f|9U&ejEE^!K=7D=?CLELxj7cZzcs5uQLG%1^!UTss z0iDQ5AXG@8ka$qCDG&vNQksuwqv>!m9S=GJ2MG|RK#>Ow2Md2XU_3xzpzwrTLOfVB z69}UNbuycc%!P!9g$fTQEV#fJC~!WT9; zJQ@xaxRL>5fzXLIACrjFu^~hR4pT=8oCO{>9Xf(?NP$raap7YVf`PF}Tq2pAMUIsB zy|Xu7oSa={?fHKtm9t4}ABqYPBoGGZL`B4;W23@Gw7~)5BwXOQ_=u1UipQiMUvt&g z(y?4DosT4f0)`I>lkxD#Oi~C2@<^3TN|BLVGMP@IL@F#EkqS!(j8259PK2or0|P9; zM4KqXK_FcsjYs4mVWJHJ641c_j~fP8oOLNOk`T^^WD$SzoJiOw75=Dl8yYMjmUH23 zfSjn{GvY(#!(>fd=%ffSAu$#SCrT072@Q5^SmfaWg?>J4hzGfR;N&?-CRldcB$f+@ zqXTJ5P@>Kx>SQ(=oj{PjO&&ETQ9=|?y*{l#UV+wpvZ<7g3LiQZK=49yIu|&rB2qAg z6beYFz!86OA)`YBHK2G*A{UVi>(D?dE*wsVQ<;t?WOJ3_6oU)r!=ok=%cVi)Lcx4U z7;vHvG_h1HolP`h08Jtn5k<8`!;WR6L>AU%Byiz;ctq^d5_1nX(FTNpJQ9Pni8N7U zK>}SmmJI`xU{Iojmfj_k=`iTfJmn?XmDa6L(s+M0qyr*ifeH(|*575TP362SRoyvz!HW=D+ zYoUL@o`OBa2oVZkbf`R#J&kZ3#{l*7(Nd7{y5cn~4NhIeElw>cU*8WI&C8VgcLppbYtI2wz`h!2zu8+CvX zDWFh5M2ZOtoIo+@&>tWuNK!P2#|C5rh)jhHBRoJf7zK-nO61|;L5LH!f#P7nBiVnr zFo8q`vk(!L2;3Ybp2UdF0t^&RXTyJ}aCmGg93C5v0v);og$p1cIvySqjLj1=p(6Qk z8y0LZoJocbl_nvC{$1^*w9fS1m;b&GRI^CIlvG>1c?P7RyVxnpuL4InoHDQqwyL4yO0 ziPcCne4O~;V8Vq56*y87RVWcK#5b%Pg#{8UXlTet7$gM;?RfCu0t8|r$%z9H6EqV* zbc}-ms<0+{LqA9^OguI?m<|{cClaMZKmihhBU~&j*bot71Zqs6kPQciKzM%&iv7?B z4TTK}78Trq`LHbLumQQ4=y<@8i2#A}LBzk|1TyZxNLY{%8wn;TC^(Z7Db@jqq(X$T z;kj(sLX+nR!(9py77-yIK%mIb0c3(kq+ud3Kp>&HKz!CD{1IB~}9Zq<7AZesn9z9029JnBAuDJmw1;%y5Ew#KGGcb{5BUcN z9x66uFf=+acnEQcHW)fY@Ngk<`HiCGV+tJ_6bR9X`Z45#$_NZ3G(~@g4HOQ94+St7 zCeh^BFpOvl9~%)&tWtoW0bM4U5Drv~AQ56jgGjUzrQ+&F2IS~a;6#cC0tFBANxusH z3>_pqAQ?V11#vcI>IN~S3^*N*Xa!7kNanYgR~8CD2d2 z;w*un^)aribB7s6porV_)%CgA{rBd;{zuGg$@!aFkmX3 zRH6A$2OSkspoG!^g9HRY0S$!lfGa#2$_Vr@k-0=196j-1Bcgv$I8;cmoJaw};vmE` z;^P8G5;#~q6x9I*gMMv?3&)A2OhZr0R`kiF$^F$BoI|Z90*Z| z4UGvHDJ%~{9CUw>z+^Ne3pOY?97uyP=|q_m88F;G2I3)O!UJRisvrjg!Cc@xfbbj) z#-tOWutc~)LPH0I3K2LHGMfz-jhi4s1c!->rNiUGdH8^$gR+PU8aAE?8y6-DOwd?9 znApf%Z5||MmFolW}ra%adijIE;WBG7_v*}1mr9($88ZZi+ z2noT#0|^TiR4{}GoQX#U5fuwU0MYS5(eMF;V&a4O~j zgKI=6Kr(+3HlVOPod_2!n;Iw3nUhFNJz+#*-R!M6_nB_FocXq1t@e- z;Q@mVNQ_VcQ6wrTnT&>mv4KD~5Qqix*pPg1FeZN)2xNCdIvS4%gJS|sFg6g#29@wZ zfy4%crov=_1q&T0Xkp?QDo9}HfYIHUj}68K0)ap{77q-_10&i%92?FD2j>D!G8br) z*>FBEHk^;{z7HCYP6%hik#IiDIafi8?Ys z3S0=$c_eWW#p5rCxZ>bcN8^#%Xi97{m&~N&QaCt|6Os<(6cRit_y7Z4TFjW1A`(%VNkJPbZjyxIuV8f zWiAXj(dA)AHISCRL3$4N7Jd?j<7-N3| zgAoE@H0)_n%zI!mbTFIF0}KnE4IkN|c<7iQVT0m9J0{RYg3)op0@4^94Ui8X3r1+v z7C>Ma@xTLfNIrz9L>$O+fiNf)NirJ^CF3yyq>{o?p~EN~FmP}vP(dR^DTMf-fv%$h zV#bjM5st-U6KNFqu!%4zGLa321nPfaGMmYYNQR?8ksur)jDv^;C^jfiXpnrMSRQbE zhYpPnx8WjUaS#VbfpWxwBnuMUh6IrY5f6@zWs}*sKoJKTL^_;k!$OH%L@1q%2galm zO*)YW2Zz(qV1PuFixm-&h;k9x_Q^rq+mb(u1e!n}xlvA`G|5_o@9oDNX%K(uY%&@; zG!7~mIu;L)%+s-KL@pv3C_+du6DXb`LkGu(4G$3xIGhxTCKiyGSU7PTA`K$X^jM#r)-!KjX9BhnxeX%LAvADv0m zNnm4>sT3a=%f$eYCNsexkRVOwNtX!1KphA}q(MZ3CgMPYNXVvxi5N&I3_L_GA_1X- zsDsAZOb~MlAv7ZZ0-yi@QxO0lXe<^ENMw>BeV;A~6M#Wm>TwXnAf$g3GR6=>00000 z0000005T&C022{u1-gV_{~HGlsbkE7Z5P#q)AVF7EGp6Ym2$->2B10RXiw=}J@p0K zBPLpMmn%Mf(Y!H(xdv^U#!4oqEy}i;dL%VMnK<=msFFXHgnJIO?y? zLeI)whvApVnhCPSjPvVL{{c0LhNNpF z{P0-|FFG*b9&-s5&CiIdJ%2O8wb;>w9&o6osC+-BH1YaY>U1qMQmiK)HlJ)TalkGAK z!NPEVOT8Vk3F*_6C1=g_UXF$nrQa{(&4xN)=6waM@*knPgQQ)6!Ii-Hcm1!Q{R<&r zIO4%$1*hjR_Zf8G+dhAv_q93d_t)J@PGaCs7|8|Q#nXT2{?%!VNBAs0nR9yaQuEu2 zO}2_T+-4=5pe0=~!Up_B{mP7R9w%%2qhfRzQpoc3e?Tl33|thyep%whl>~ghEtfe@ zDys9C0%?R(%jbUuLyMT*tRd@P!wGGha&Gc;xgG^^e?CSpKYH5vu8R9v*F<59&D*h=9_%IDPPyI7#bP#rbdO z2MOoD6mTd?RKeOtrmk7{f8lCy2v{J2FkHQcK+k_C4d5rD>>~Gjr-{>impMtOzum0b zcK(YOqVDq5nP1vmshwC}LqJ)^K7ijkE?QVO9G=+YXeR7sYEqI-&DhR`bFi3={)(f}OYP`-z-iR!4v2+D4fSWsR@sX?P81 zAO8Q(i1tVJ$!xWhVN)az>7-{***0{Xm_!~(mLjj@<*w88x|*}RNY_lOIc+wrOR#nu4Vu+Xc;(t|;|l1=3$?QpG%-83%D{i! zd)uK)muiKf(+N@JnO_&qFkg~Dc;4}RpauRTw<2J2C0S8CUDlRjHsH~(HJHV2(}57v zYGD|64zul&`-gjX1Vr)EuaJI`!mQbKfjD9n9vJY$3(Z8;L8=y{rm|@+!kk{*#IvzP zdJqY80f`qE{Zv3o?;_BG&LFrTEdPJm?Bz3l@fuZNMm<~R!2QYdrOD3OMfb+rT#9j) zx7wHyPMPB~`zZqDggtb~K5LANA3Qg98MVVgfTI_Jt&>Hc(KE=EmXZi+EYjohF2E7) zGc3xEYM0kx1@2m`fEg2R1){<|0392+c>54!WZ9;)m4#WYC=wuwpMELqxI=&A-Kczu zU_kU%gfx@8WzShavS3liQufZltFL02u21br2NKB|R!Dpe3_%e;aX#9qFoAh1UpgIP zHT75_h4L@=D(d75b0tz2fywuuy0?SkNJP*f-b)mcDi(u0+9CZqzibETRTM4}o`1^Z zi;g2lHx!$?l*oE|D7c7KFhGA?6a)PK^6VEyM2h|cdJ%-~AhXS&MA@B<4(4wVhj=HA zU2!L3*7TEp#&DeN8C$AA7yfZ3WjOC=x|EP|*0FHdse=1TMTe-t~(1j5!!jYhV;_4b<*0jA?crx$+(hKzs%A>5qR zvvn6L)wn7r>xhX87S7CDAH@*C1uSZJ-Nc7ZAo zp|3(jg!F*s4(exh)%1U}x}V`*OS8Bi<$!c^E+y;-BD{QRpI`^W`>`7o5T1}1h>@Ga zs2y`-ePt26H5kGo=KN*EHBitBE zHT&`AQY!n#(DsteEhEO3z%@hGc8r$!>SG;@4A5RpkXWb$Kv6Z*HCdt~pf4xR1=iD+ zvtHz{c=!P)zJz6(!-$NfE_TRv_Vxh@Q5PDnO|=_bOLEySc@pCA7~G2eu@#yJ&f-5M zUB4G8q|-7j?~s2-XA>~!@b2JdF;W{e(*vD1&}+O^~!ld_ZRY*9(A zS%yJBQdfT&7dmt%X@VLX(H}eAh`zHVcYwtx4_fnR=e-sFFj53|as#@-CAo_me{AQ+ zb%F1p2YSel`q!(o`H?zdK3B59&)IYEY!9#eu2#sxq`9pk2!mGj$$U;T(c9CPdMBgX zHe85HcWiedg6`P*LOk8E&4se)7FYN9bemna#I1h|esH^n6zaM7led8)49v*6BE0++^&UYF)a<*EKtv6AT4fhh}M%ZD3M@TepY# z51Y&B%eGnc@`tYD(usNWF6iZMx{gmLY3AOi*l*EQh~AB&kOkjIjxyrscDJpeMHcCA zWC?!_Cc(@USs}YXe0x#6>f-jAV1Q zV;GcHa7#=dfN%*pRFqH~mz*cAV_4X@x}$%eLjs!EqW)l=a=L}lf*o?#mR|f$MSSD4 zP+60+T%E{w=UW-ypqPIAY03V|Kk+WgyE(BJAg^3*vGPG@)R3dY^5PhBq;?mZ;eRmt zP_r)^a~<1TAT8JB+g$|Ka5>N2<<|6rye!i40(1!SS_Xqpso!Ncfp#Fq<%PHmoNs?p z8-J_dp@Yzjve9EMiu)p)(1Q|yoInjSIpykxrN8sP~LSlmA4Ai0Xl9)~o)3-?&T-SuT zn6hVRNzSD8Gf$HMw!nhJan+5-W+cP)*LawUP+=)`C*ek-AY%IY>9TZ-0)&2oaHBy{ z-+4@;__!i|5;6iGLE!Q4-&01LBkEpkI6W;N0(MW*6!omC@Ak2En@c;ZhE^kV$EUB0~0ZZ)`jd`8;S$ehAL#|89xc1j7 z%#JI@a2;awccgv*zatFKN;x3Rd61~ZV4}du_*%8|=kB@H(^KMGp$4~T-{K{Qbkv3K z=pp*u@ex32Bu@hS=ci_T!OnkZpKCJ^ih>(+9f5M4d|x2s>pRB@*ReiukCjvE~2x$yiwe>tAhtq!t6(R@fi31fT z1_NDlwj?p7V6I2H8v$%bXC&8Ce@=$tbkZ)FUznCtT`K&gQ$c!)Ctep?s&cN#!({O= zT?SPfD`8;E$4)dDwwc^Bc><;4vk!De;ZLz$ye4--pXJb?p9baAF-Y^XOjnT&?(#pk zT>l-#zNT_Q%VW&q7x#aFa|aoa)(9t7b{z@rUAyvi`nPpxFkcbyWpu)^%mj=I|DT6& zJzRitBi*7WM9Wf$bVGEA(ukBATJ<67>eNTt#XzH4CwtwOE?5g`F$>Lw6KB28oQvbO zU>d*9cm1OCCbO`3YV2X4?NJ9Nsx~78cd)}Cj}aX63&Ait_zHhjJu)*VE3`v;8MV_| z_vMO~hM(ChdwvLz+Q=e5P6teYXe>(X%BSP_;341IlLd{FRHq7pA__WZ z8KQrw^CB%-mj|`NH_e3BKF3xmIA>RCHoU;EEGooqVS$4n@K@ ztN7rVTRA*5$RdBTw!g=z3(d+BPK6Izw3=Le0e2KGroy%zs{E~wEasbFugQ8Qh(Ifj z;ZZ7C)Cf4R3A_)V(Mgw5xT}j)t6=&EYJ|KJ;!+nqW;ics+==f7=E?ijOhhJSLBW85 zoy%NceAcefl4H`rGXs6YVqicHf|?advbj>0c#xp5m}7t0Y(%hy_H7L*48S;Awb!3Q z;voJXZzU1JoOX1z)qcn_GbVM@OJXUR@6-;=!e;J8cBkcG;DMf&;>a0w2OZL)P0=&$d%oT4lK&V75xSgOvisR zsgP0QW(6ED&hJHu#k1blg?adhQa8^{92AuxqR)DVc?_!hfJ!sGLGS|MBHekL5)6j5 zB}Ev*YEBLTO-I7YbWzpJ?QSxTjY@Vm>5X`}Y~BNW_s^=HTIZkBOckUQVMMm00L)iO z3blV56n$EUal+UKjEXI0a`qiYA=ZNO%NPcPW<`1;#V#%V%|WyrE~&xPpJ^hMbr9)bc~+crE~mvX>FLjn{#;Th3kFhVCg5z+2P+_>9mXxQAl)sdJJFuTY;g<5rvHcm`=SH7f4yQf~U`>8R0 zXCEud>%OAwBTD-iYN`1GrR(6%@a3bZ^U8r9P@yWzZ)f54hE0@*?(rsO7VKi3sr6vd zIHa6l$cK$KO;|)Fr-8f3T})(vuNLau5ZNA`t4@TX&hdOFe5ggT5?Oy0F~5x1o6J|C z&rf;!8#h^jHKgLuv=M$@KF`cB!y+zx>7POt3>DepT|JGqk-JaYXy+}_89Cmp_*%Nv zBymt}TbX~szu-w+e8t7-6t$l$4+TcFI$Z&^kuq5P!=|` zLCA4y`q3eFug!nU7p8oQZs- zx&)5^$f%cy11khvXsTPJ%jRiVdswIoiDfPnE3;cNy$SSZe-KuhOG#X2NiN+nbx4%z z4_Va;y4=~4dYXTc@J;RLK4@PP&(GvxOoXt9BV*om7HXrf+8c9L|G6gfiHtN*zhi!q zpI}S+E+FiVX3kAsEj7{Xij>7s&TDc?@h=So6|X{+qA|wJ3R0D}vAmB|S zBBNY~>JVGGsv@mvh51QJKN(}cm}cN|p`^nv*dVoV6qlQr``~Q3?73xIo=DhCOj}#N z5D0q(2`ln6D0(%V7;zSh3O|gIWZp*Zv@n-#uMU1-xhs)Ubi{ZT?XFsqzh0eayamE&knUjB@eQufYzj-@=J#^{C^V2=ocJ)PR zfIDbY(nF{O`mBSy!qauc9rYu4cLg5?i-`xfo{Ldkg=O-E4+22ZG~~{-={>mO7LR8F zjHSg@ZYp#e>s2=nC^OF6kZmnnI9+9_kVYz^dGJwOvYVb3&=Y;Ian2k|SMesE*$w5@N&|G9Yfk3$r%<2 z!IA%0rB2VZ&}3_bVjy@-uEIa_qNk*X-IE0$7dE+=%;8RLO7MM62 zpa@8}xS~icf~V=!8rbtXB=l0P)%3XXm)>2O2MfIjoWLVW^J_{2CY5Km!wBXOu0e9WdfWg)T6kj1O${>lk|J5B2N z9~53aiRB~r0a>+!*z_LA;rslUd(Yb5<;e z@Zk>%XM7w*UrZX%zF3y6&H#@_dFG0i>>Pn8ZKV>ub1u|1WLj1`jAfI$jX!A^Or*h! zQ2vY7NwbgWjYw$!g~#YYxE5FxX}o^|Ai1pae$-$f#`LLm_P5o>5I9$BmbnnHUs$5X z+})AHV|Y!G8kv1(7x+Ji(=$K?WVUVve;l)8e9YcX(bX@CG5Ly?#oo3_R{l; z2+^TW#CVI#WZ;UqW;Fg>hZ&PKeoXKc0it7YjN2?rOn~YfN?GALy@hA=V4{B@aQJbK z3#WZFMpYkOC6W(9B=PIOn96tTLC=>Wl4b9EVxu;hKTBQvO64){3ZBeGAJEG(A5~#6EaQ(P9*n(L6`I@kXHXm^Lic~2t_&1u+jYdTiy2^0kK#nDPEtfI(q1K>1pm2`8S5Oc_#9 ztx!SO4t5ZKKkOw=hEkqPE0*CI9T8Z+%J}peH zcRd`qR%EJoxSA-V!TXd2^>F;KA*IVTM&#b48Q2q$HNs(g8TCcwdA5Pv5KX*S|G zP}1_t8@u!++B3&5<<%?30!_s_W}ddcx~rP9*Vc5)jDe56@N#u*g^W318ik|w>imgJ zzlM8M)xk#C4rGd5;^6GH=`aUGy z6pl9w=7fJ$w(?(mY=)>Ztc>DVy_;lTZP|a4tNejDo20hsPElNZ(u@;?`ePK|lw#^> z0=hId5>Etb{oVvsHELoPD2Yk)y15H3?KIj^LC_aKZ-!)XY*NXo3TPp{hxfb?^UDTy z)P#7C#p2({Q8~S9Bj>^E67X=VF~3W(seH}O>~epbwzpg9t1+AzY^Px;Ty?&x41 z>6^z5GWh-I=^){UlrKBI5IY_UXo^+8KBxEi%H?_1s-SI3NZZcb0IZ^wh(K5$JexyV zZ=EkT$_HVXCc};7i6op;ahN|S7O~~7L?>Gb5D-&;;DZ+Qq%7M96wHIzv3CqOa$*-Y z8j*iG-~6JkN}Q&dQFH@~j0~07d>n?dXrnbLle%;Rg*aeJJSLT1*S}pfwZp)!7*%iMVn7^z|8TDN{TINAMkv7pwK5SpUo`1%@^j?wfbX;CPDu4EpG7&QfTs)|Y z3~ZG8Mw>fQob#r8(8+*7Z;4rxRkD|y{9>+cJfuw=GY6RUAvrj>c$N-Uh!&k$}(Oj{J>Avl_vPhmN(qff_#4p zz(4>Ji-OJ-;Q>{c@x7b^CK3`(rPxedKRQx>GPMuyoMsu(nzN0P#o#fQPULe#5SVJq z<3+di84wm~f%sec%~Bo?{j%6c*8n(DCcvnARCpuA^IDy^-38_{O<`<|-7jx$3UYKZ zrI#ZEIh<{;3UQ4%?PrM!p_jOt9?XB^RFnb3MZK^Lj}VjOh=>Dit?*O*=|*?m%i&y< z%2x?+X#%P#;D(J8e0Q%Ka6euRzS(9_M1v&Q5ZEEI z&143pN>JNp1E4)3&$j3_AKIb_&}Uh2OS~}op3coD2yMgBzP{Pdy@P=+P^y0?;hkCf zE?XBa>V@#b;)pvNi_NwRxyLSmu2^!I2Ic>6GX5c$#)=b(9f}?lCth`8v>v6i+m$(rN6VOY^CAj~IR+#8GhIbz9$Kp>D+HS|y{KwY5UdHg6a z-9ivE@k$2J%f(5P&Xx-8bH(B#U?;2wn2GZG{05n@ z1PNn-uiHp$5<&e18X8_znn<7Oez+0Cwl!vX<){VyDfiiQ}gX*uCL~sffxk*>d z)AX-{cn^D%W>v)wa5u0HIQg>C&^Km3TuNW-V`fLn>`p2SIi5Tnqv&7I(m!fxP<9{3 zgmnQF&aNTzSbL_!<#sfibI#_abYTdI|{Q9PNCivNNYN)j+l1KH5$jBKV7U?1WgC+mbN(TWr{Nmf@YNl2M=p<$kJw*0G=%%vyDS3avgI;S&ESVQJSSv=EFifO9F7O5w z!x6(+8renL5fNFZ(P5gG7-V6@7qRwy-_&WMOmKHB}fpe3qv zFHdM8%fO4pCGDIEk4X89*dkgSGcK*7F^=d5*6pc5ND+C2Q$};~Ymh%}#{H*ag7|9i zd$4~%@;o2-0FWC%4_a}Z0GCBlRppQ^aSrE9D;E4ncf_<8u5m%PI%ebdP9&mP5UPcP z#ECSrIQszr5&CuVH32t(saMoZ)0$)ng`u(GAV}SjcnDI~Q^{8u@2P6Q1>dwb>e#3-XlXUzOYuD=n+HtuNnQ6X3;J`jJPzUq*ePoyYN4MlW;wdt5tIb<}Lj56?c zMwZ{@;>?kIp*zSJi331QMb`Q_(l_sbmGN>*_=XMsB#xq0wuC!op>ZTX;jvrJets&}#hpN8aGOI1iIu!euX zJs=>{(mX?;58bIKVd~F-!|ffMcnt}J1TUM(R7fH`zvvhu#Egrh4ob*l^zbAH0GM&> zpAbpaKBYmz%@DFZnxSt`MZn4;0;oKuNMv=w#tgd<32glXMgs_%NfHn*ASyNQ{Th&H zkN}ZjJoZujv_z4@Lh;N3GBPRh1Db!I!FB*L;3ZE6cjM#3HSXAqGRvSPlnBLCFbQCv z+cK_3u^}`c0U$l!!t>2X;^^$ixU7Yp0Eo`fjS>z|#GmX30raL$Vf(nF2PfyJTm{Jj zuLBo&vY0`9RO+^tl3{P>4<;VxP}#U-U6jfYhbfqkji0^a%8LomJPPR_Zry{m(+4|$ zvT|uk;XN=rqgMA$iUG3ZE6tRdCca~V2P!5b;^f8;5fuW>zRd9+ajiwA`gmPXK`l$PaRRn~|B1VA zTI4s~L)A@|z>8CNcy%_%*&qlhc3cR1AWeTxU(8LESL|*Yp%ydlANkx?uc(30oanVC zuZR(E&(#(DGn}pAu4(W&&(Nc|L-{m5Jy|T)*|A2x*e3WO+U3z*;qg& z*FbEbrYGhx4`WhlR?^GkPgRM3jwoKRmsHq!hVCH8*N}tk&WUo8OSYs;(I`=yOt=u$_BxuT280OV~679*L4nIxHDwsknd3GXtM-_rzNe-ydhzS@cG(!;1eMF#( z{R25>M>EGhbP8$d{%NJ;N8{t2=#uDMX)gu{NK#U-3x0>-(eZmrf)|PL@F)Qk6|qq4 z?ef}B2jFF!T83PL1l{D?faxYX<&8W=z8euX9EkG}kBa#)ohc-LwV{t6Y!@IH$~6o} zA&MMuXc!$J3blAp^3QQJ(Nl`@nVAcW2aVYD4WiM?FJ#K}-_n4X>l?;sT_PWwj7R0G zlTm#F&MRf$F)6o}iMiu%IEB^o4v^lvS!rSLx6*z_eFYac`UrrPeZhC&)U%2D4^@lO zDjFNGA7JY1^kQFsxH<>Ky&j$eAz&>MMh}T%C#%wjLSBM!d~hq?$W35?D}ThxX_e2j zXMRzv4Po2#7J-0W-SPn+9D{8$P2YR~T0L@`mEkTXkx99F>s9$#=Qxjayj+imqkvLTQm|hA8 zeh<&t#t!S_Hwex1IewdpO-oyH+$SpbG`G= zbTi)m62>J8TBD~~gQOhDxA*-WcaP{7xu@ca&nCjq#sMVFp!anQfGcxywsjks&m9cC z1`qImcUqkZ7AL^hCeGw1iIg89SCpTSBNIFGC&n4S` z&S^Dz6ht3nU1IfpoM|beg>e5v8~^M%y47ul3Y1VgVMq7qy z*GE93na*_*7wdNo$eOmuka`iMF2IHYXW8WK;sEt8jYxWgemcbbcm1+rjPQ6-hkE{h z1B9S35`JU?s+6D%b*w;UP2m<7oQBV{cVCEZGuCu13)Cr-GL(8>E)7i;Or^_PX#BHO@QV= z0VKyrRgx)>=>^9C`NMz_q{UvPhz$(uPP*d`iaDwLCdI}l)+7{^NP`1eBlhnmVW(vb zco^ipsS(A3__;e~CbYs0A^BRsF?feCNqB!1C6Wqy2Y$U zF`WjldCo2lpc%aS&a6YAbE~3?#~KzQSPvYG8{b6eAe+Wmie`)W^A$Q+-$XXM8$t)v z5Z*@78apM&U){1Flz%#z=4$X?Jp~=_eMyBjNkrsUGQcp2&Hb$e^dDt^@ZCjHO-9#H ze>MerAYBC~51DL;7*NZ)t@Z`25>!!x(ob;VVpnf89XUU-5sd`uVi3J{gvz!Zp2(ia zLy7(KwKx_@Y71uxHE+9oRrFuz!~N*IY!;t+AQVL9?R_t({`xv>WCzXxfxFKe;&wg| z70I=k_^G)3dD;@P4oV(>FuXBoiphwuK)cm0+8Dbok{60Q%|KhYOVbvcPbA@;P1G8; zbNnI+jq2Ok_>g6u@`l70yyhHJNQ)$17!iW!XhS=LU<9QYKO*{?QtyuTTLpRHTOv{? z-1gE4xHrau{$y2U)WCBtXB40STw1?q%+m5yM3rr62o_=c<8|JDtv)170ioC`+-?ZQ zFCC^+ictqLBWAkV_n{2*>G8(5!~W^oeO!GGJYhY2)xPwdSWr+))fm(@Zzu_Pz*YXTq?J2 zDMH49h)a(TIxO%Z55GZ}y~R3mW{PFQGY$@?-9aldu?TQWNZ8{)_{(_xy-jKB!Yjs_|rCd90>FljPE z>$B2}gvwHXF|}X7D(}*M$Ez!!nr9|`oL~ckfk#IF#MCT^F+yb&e0=$uq1zj0fhj*X zA3)|FvLQg|0@W2emP%Ym;nRy}Fs9}9DJVZ5biiG&j#qy@Ip#x9aw%bC&)O+yG=5 zlstM;uc0?^6KZesNYtfdV;zb%I_L8BL*UC7-?snne5#)W0-6fNK|Mb@aI7Cufd#%6 zEQdmW{$HMEX`I%RmVlNv{WZ}T?p19D;ib1MWd(v!)>`<#FxeCK+NNuM-J}Xu(}CK! zc{~B0mNfPXftX;OB|icP5^0YVl$ZJ|_K`r}4bqlBSYzHxI5|D{l&7#}p5t2_zWN(& zJRXB#C1pHo*gIx}MXYPW6l>Xo!a98T`dGz(c{q@MBUZ=LJoOK2x3KXjf_jvL4{)ZU z3(<;Ti2*W4&QCXHEEE_Hn5}^71}2dX=lcES=>`G*Ziq*_L_TQFO@sDKeNq;7tdyI! z2QDi}hoLGR$=QuDIT@g^;G!T)XH#^KAa1n3)l|Wm@|Q6E2O6!E6)^;8KWw`H0_1al zq1ZfC5b%c}9QlB=oc|;rerdBL90JuaTD~lJTv032Fm6QSX5r9FT%o2&G*6h2Vw^h; zC_Ca#XZCquZ}};x_#vlVPN?ZtZlX;ETY*A|oalLI#8jf7Q|&Cxjwfv3nVxLGlrf%* znyGyT;#`!#co`N_mI+*#_XcN16exdxYcRN#{+aJ!fh!Z>6{gHu=27Q-b#%~}WmT5EsnkfPeZrhhW35wVwM*0aM|a7w^z$af*Z{3Eieb+kC>f zOVAJW`^hz=XQ_ts3340%zJtvG{+8SICl<9++FI|gU(K@b_bjV33#7bKrg*@A#~-^g z*xjhh57$q%gvIzIL8I~D2`8IFFn54gSnKk=RE3%)IK>+({PAjMt76JX%u>)v$q9wrq(65SYeD+Vr;v_0rAd)Z!@)b48A!!b&P08D}0&vXc zIOb>`k?K8phaJYb~@_3$q0VcZ%kXvLwMM~GBe_@&Sp@*nvg*65REGSKxP*(C ztbAj+k|Ms1%SKOsMki1*0)Q*xIn$jC1A`1J?XcvF5Mb3->&_$-ZRF8)hm86J;ubjG zzgeMJ6_5SWSyVJ6O#(%$>&T=A#V?Z_o0sgW5R;K7vP@E9)}3u-VeL>xAatq&_}Tf; zugb=e57ydN<8tWA3)nvodnlwU5HhsP7oiVN5~L7dJ&tU0Jceu#It%TPMw0 z;X?r`o%MDn&i!zv4bE(Arq?Xq0Z=ybn7cZg>{&*C9U3T=c-A*ai&xn_5@QyGRzEnHZ!8StsGX+s`vInt4uz{LhTMksZyEzKvhRc@x z0F{z|-;kunj?hVCyY)e|jb4JN?GGMSk=ZfO_I=1Ywlz2bz?P2mbsRZF&h$&4rNo=l;7;Mh zXGwQU!O>Y<>d8u)G~s#Ak()%;xR|wqDNL<@$Eq>pLlQAHBQoCUT`Rmqr+nWj6!pbWm52yD5d8K5K;#OEV1P*3 zBO#VH)eMyDA)?P&tlsoSJ7sn(LV!VOOUAnyg7>Z*a84EFEdx%|uxl(hi$k*Ipc#>W zCf6SlQ}gGb)yngkxL0fXBTXFN(_rfOLVkQI7*48a2_R^xFx6_THhbg+7I!7h5Gy|p z)>3*{)EPi338UhLGTNcRfQX(6h}*g>oZkkb;IXLQP-3Vib;n>liPb49vG%oX$4r>G z>0yQo{89A@+?E-Q^n4IUWezxnZJQW>K90F*%j(-ZULS;2y>d5kMRgKjKfgRjgV7)O zcONvqqyVc%3@a*<^rS=FQ&;#(VnPVtxlZy=rX^faT{w@hxnVl^7|lFljQ5ErF^L{= zK;ZtVtU_FK;x`;cSIB?EvH6DyD#%8&O*-RATK3>r-9h^lG)<9CMBjum1!5x6(fp&Hzz-o^!{EA6Nih(4eb$C4G)+ zOa7PmZ;I7mi-<%3ikv_I(fl`mF0K4x8rf2F8PS-ZbGAIp(qAu^!`YkVpQ%ivgI~&Z z4V*J|od}6gZdz#vE75EvRs$ zEm`qwoYDsmE%3J>qtXAFcF-#0jmEBIwZr*RoEOm?XY359sohU_=8y?_UO{wQ=mP(k zT^uz1;7YMnd)sRLrc5k`BnHYn!uM z;O>4<$zD=qWbgfO;oOgZtoiX9BSu|HUiGF5ugq}`F9_MWoRI`GBnKOV3bZVACi-mT z>~|C?VeeEMOu9v`{+>l3(sWEGRmRL;?&IW+FE#Bis`3a0EL^x4l>K$KWf%f1H|$Cj ze^qx7k8NP-ReMmW;HR)=ecU{RNW;BN#1Za3 zS!68^_E_wwBc<_)DY%&<{}7?WEvYomY|>SKUmnOOAPM&Bq>rLi?-AK!wBgt;goaHR zKlWgtw;=F4@bVjf&}aM4#O>G3-N(e6FZ1uc$hTe+cV37&9=84NXWh<(UgtBNu0;AA zw{cDGapI@HUFvXGcQ=RjHp@GkPkpUsUX6+<((-GR}NKH9#U1EQ&en!$)=LsN#!moc&&p{*F#0w zJq5}+h0rzO{FsiDOMaqCCZI_@Q6!q59_3tvVOrEpCGu@MWX=^T2pmKr7%1D|pA^|A zn|uO_K9H)O$1NVW&UW0PI<+V2{`b%7`QS&3#FYovx%COpf}HHO@humUt=owrBH5} zJCTT!5&T#p7*hzuh#+hWfVGBmRk$moT`BAevt}{sxk;ZjXkv4;a=MU=od$nJKm<5>sMXvfp~fh-}9!cGphu1Sv9s)Eflrd@bDA z9%;A&84C{J42ii>r2!}r)-?LU*8mmuUNy&PUqT8xH#q_Tf%F)ozi2|m&1jq=quBKp zXf&7xfjIIe7uW(B-^pT8S3nBP7!3dV3%X}ri%v!y5(bJa{VeEj**>jQdk!ip6cB%Z zDFLD;qK&I6!a6_eg5`{F$_0V9qj~fcA4*jUC@S##<)*rIRq-oZ4TUl_v$Jbj8#!1O zJLPL*1WCl_4S}5CxxKeFjuSwtIz&;?YSIEgLxmkyf8!79fQQ+cwL9m}eES=;6o913 zomv#gIx(skW`qq2AnaaqL5gxQuDh4$b)>7RjUc{J?E5?&`jHQU4%$~{LZVW zFoStW2LKRod=3ppL^eRuwkYTdVv&vl=MB)2qHD)Y2DzdzOv~|lAYo(lsg@&2?p2Lz z<`&&EAiDka2R%ucIdY9Y6Bs9?t(EHKJn)CsS z2zPuW3PN$HE)i(R#6V`WHNV;oYXek@BUK3Y#K>K9pI*2^%)kBrx+Cl_ znaDgi?1{#lALKhlfu%%u&FC#wgZViT5$-I!0y^#vrpWOcOM-3qX^i2fse8f`zb$}E zjw(Y5(JHgIqwX8&@2e1hh6ijN7C~9XVX$QDa3vyQ8Q%N_#l(adot!Jl(xbicX|$86 zi6$P9Zge&z6&!<`oPNg8EzK9OBYAvAEJy$P(xPnGh(hbg2#Iu%W zBIf`_;i6?UL^EhdT7;)S1|mzK1Tr9EOw*IA(VLI;xqg?3l9@Of8cT+PhD;b* zj0Gi1f@Cb^NY449ZlzflG&o?MJz>eRvg`P6CBOuR_Mk?wmffda(uy;ry5N5T{mUFR zk)dc4klo%RDL)CNObKGS&qT+@=%ED|& zP!46uPdhe$)L@@DrI!qiBFm41hT0?YrbB3%i_ERTvO*Moc5Kp6JCnolBkR?Wk7Au} zAcWdtd0{n;Agj3{@+1gsxlOYa8-jANyBn0Vi7F0lV6uh!hCox0DPq#IhmkZ$#NmHV zw0R8=j9dfQ-5Yta1LbY5$(ctC8!W6c^8gBnqUoc5&2e-X&t?tYnB#mU@hcX3`QyjU z)Xp^1Xr&dt1d^F;8HTj7d#KkFJ1bNDFi&y`9~W-3i*NIKkVSCmKVV+N_B$F7eJ0kk zw1rvx@a)~KpX~!e50m4{%NnP8%1^{aX{2Z$y88bI1o|HJ%-Mst-ZsB3hr1~)MpNHW4md4qFsT?!hOiMIgk|IH#`UnXs zmPbHXBs@9i10X^S3%y0dNnr!*QQ2{k6PhM};7GO;-&y*rGU~p>Q*3D?2!51u;EWHE zC~blp(=T?hC+e-%xy;?<#}Gk;a7!fX?wZ@xG7uU&G<4t)Ir7zmxs~~Cx!S=+q3^r*$VSQwOl z8WzwPC`2$-qFrbr){8s$9}hK~(mn+`_qQ)z%m_ub81!!jQ*=JTAQH9Uz=KqY4gmxl zc2`B^wQe3XMTK4gfZa1YmLZC#`GSFt95l;QM9RMNv%j&yBOxO>K z6yF3#ZZ$Ouk@$rE_jQXq1S#P3J1c9hg4^=moF%gBHTY#IMP% zxXoFhsD&tKc{na0m4(MQKLMx|SddfnZPuuMjRrbM6&5aghGki3QSR>tj5s2(jdCMc zb$f6%C`VVpw-NZwup72y?wWtr^7UECqXioTIZ144TR|zY$t}u20}H}2FSmw&RHsx@ zkWw2KrL9^pYW5l0TR2RtVkZHe-v_B^2cf!Lxm!OfzWB=kXD{K?<4@Zeq82z1;Ymh* zFu6M{Ss{U_@gV_z2^29}*_t}hBXp5uwuLWFnLLFFQ>1H^T)^8xrQmAzDdj%gfgSQ; zh3h%b2ayriGR3|B<;k!{p2O^((f*40aTca@HWl343VD(r zrw4N)A2BQ-*yG|j=p~5F$pB4TGPLMnqG@i;mM7K!f#&|Me;WuIR>jWah8=WuopfwMqmw*27medJx!Qxl7H1njy!s+r|~qV_UYDvtoZ z$Ii!*2B?UZg~;W@P^D=IusnGwl2lh!9eCCI^{7t)HV1_ZFM(bqNZ3#ZwjCoyibUqo zon`W6FL6w}LMT8(^9hF?@KMYIk;O%DKNEx;8!Bf}fa3WryjQSCkZumckZ$5QW`Lg` zw=7Cm$$J+JimC>2c%M98dBJ^HFW{;^di6zfU8R3p+GH^ z0vm2jg?>8`i-&JxMjhzo(N(howHd)oZY-`s5-J_>opTbRKpUhI16}?-kpPmosa+Y4 zR`P`&8TpMwCcx!)y+@hGA5=>LLmnIoDBOSuH3xXnXMZMfz$o_xX$0W)_dncxER_6* zG5`5u|KUK^?KKl?c_HJ~Ivi zb#NS^P&Pb%uq#mNtzaV%fQzasvC2vPC+fnl-PiC8G{mou0W{75!yuM$zs1065O!4k zDzw~leE^WU<|hw+4LH;~*daktD4bH5=6T8vyaJfLnbGzbN6s8YOH&W+pVn4pqM$)-`kYedZuF5M73# zGXEGN1_g2Mq;R4xNhBFAbN`%{dIdUQp6SRl{WK4IOhn^CbQMSKSh8V*4?jH`U{{59 zy#yUK5<|Fhy{lv6U;|XC8Fy%O$gv5KuS7UJF?3^pBgu8$S5#K3bRZqSfqjj%+gCxfOG;IC{WDrbbiQ| zfCb>KFuP8OkO%#05x{R;G~7@VNR^4_L08-MTw(zb!)WlmAj&g{S4vnZF`((bowC1? z63=#jfpRgm1uxc8gOxI9%Xs2F8Jf5xI6d)?5z%R&Y{x?wlCJBsMFi)-k{BX%b z<50D~kgm*KGyr6aKnCnWphRU^h~fY{ukG=g3E&YEbK5XK zhRSVaq*(keYkEgW(J^ef~EKQTYMT0lVY@1ZZg zo%{mtCuyb7FIRJ-1o@0cGH85&S{?a9mDG{iX5jN4^O@&ksYeHXI;DZu??|bLTH#QC zyKgAS%=!eJ<*QhE{ba0x-`ZnW;nDfoGQO{ibZ z$L0tqA|M~hoL~l!JSI6U)qyr5g9gC|Og5a`(a&I0#03U?l=j$mfRA|4w#bx6Bx93M zf0@|OA5|8Fc*8qSPMzYkhKbL~+Cn*hr?d9HJI;hZJG^L1Sn=u3ah}2mV1SVQ?MfG^ z@|vR}r6g*IG{?(d6}AX5KYKLt_#Ly2#xn!7Yb|Pl)gOQik=Rvmb5Rn^WR`B*cmS__ zdFhtLgbV{*ASZ*A3Lw&}-F$*9DGXWBLh=8XH-U6!kZ#DhY$4T4Sldz5r~OTTqAxuh zHB6uH^hz$zNuJqbb}kvYnhY7Z$S zL=x$bnF3FViFvtJFGOiyAjCzkgNZ{q`q?2vGFKAS-#`0}u`1X$sna=k;-Ue1iOokQ zvLGWniq2RUm{G{@7fYQi6a1lnQ6*k!?Slhg0N}Ncw$7CbvrN1+8qmv*VI4t<%u9HO zs-78|pU}!O>xkij3mqX#nzj5W*3kjT?9#l#dKap(VvIG*kB~{qUQ2Vum`&2|O9l^u zFeJLu|5)aSp?Jj31oWAcFs)iecKo|N zfnT{047z4t4I-rnVw{pMyQExl|YVv{!0W02LB62Q~})} zm=`kbRx}XCSj#$Br?db}bO!nT?z%F$>K|OiO*gP{KVRj}tQdSaR)R1+pcSkiZam7`L9yS$Ga}gq# z_)(aYSF|8=mL-sZnms4b!D3dhS; z4Nk8*0OYlqW8Md`fMZ_^gIU}Uq;yw^5CR2MCm5V>o(%wp>N-pxZ(xu6y+x@eu*DZt z-v4K`*y&nBt1tqXgT~w5U)H+bWCh`{gut*J;!{O|M!@BNZ$1QC+|cUb1-nvy_ZXJLdY z02=MXs1O#v4Digb$e1+oLc?auFVVb_=i!%>`60%ESkvIoi44d1mXLG`_2R>-9ghHN z;J<|@9DvGy8Ka7L9lhjIt3_Q)BR35uPRR9ZJiHlD;Qj1TaNxXnJ%BP_rh%m-aV+jq^6WUQy_;)hy6VnLR zM~&KcdA-90dyBWq)hCmAD#`Hks$Tm+nicYA*4pKz3S3V%vwdstBPgqT{X|fEgueN@KW!H2qZUMxY!@QKYy|ha(9Y-(W!pbJf_4 zu4f>B9Ok@RI3vmfIsOu;5icr+=mK)hg0Rn2|DWt^7sM4VH6k~6;Qq+H+qIIR^XP{| z|K%4APuLoxni!`<5OCdBZE4yM*wN#J+oZ3b1Pfo(`aXeH;iZNL5_q!nUV~qq$#TVC#^IWl(TU~aUr-fNyd-;>Q{>SQ2 zffKQ~R%jq1!~&kPACKolg$y^5JU7oBb(2)E5edxHrwA#NF>}tZUbC-f?UFen^oL7- z178YP3d96Blk|tJTu2r<@;f^jnJ;4sd$L zpHa)gH{y99C?=yz@@2IgtY(n=Ft~t!UICH;paD=n?YyKj&Zl>!(0S8RNhzJqPXFGF zUO$A+{86$VyiC#wQYLt~qzANW6 z!wB7+n>+Mv?t6U>&+m2TIH&uxPWNx-XRFUS%UrXhZ_X^GkIv359jzVdQu+Elge!$b^U40v!&8mH{E_y${nG!PyUc0kGjm_}l<;XtrK=9s zX{+vW=3S@LW$$h}wMSn0)6Tz{qm14?{d%t5X5ev3gMKRI?p@EA=h+9JF9ztx<45mtG$-eO)tBTzH(=4eVp4mXYOyiDyw`nPwl1a z&&Qpes%PZU)68Y%nM$3VZL5oPPiLde)K2y2N&-XK+Z5&{M8g{w2wwLJLv8N%dCDgT8V_p{%jv94*e2wlNYWA^V&5*t)X z`QzBY6mVMDz=nn=e8D{k5k(^MG0X9%i&jM7q_GyAfh>5Wku0_WmIEHSmu)>Jd;zlH zQ3XyF$N@LNKr}3TpexjW<@i#{7D$X>urxWy2x1a1if(fIc}enirhdFhNo z(hCsF#qPiKB2Ws7OFJC(WoVsVjml7$UclGIE&{`cq$`Z?_>pTrNSrLlBxCTkD-5k0 z3=D~VHWH|*Ry+V0M+Lt)jNJ3jra-qX7C_K$YGbKhQ9U1zU7(pu$o zWVgNh=WrRB)FADDe#e(kXYgfPRGerMm@B)We)exxY&a$!$96Y7rG_)i18JBF(jFGh z9D*Zr2&^3{=wqsDkt}#ca_tv8z1qek*HqaobVhP{XsqRN(HXnglX1W`lD{($M`8>`+Y_ro!(=69!){3Q02?1yE)JnLz*DVM#_(2(FQOO4QwNEO{ThT zN_oM+q-&6iR@_NW@JnYDuD!smi)9P_=H>X%gi?@y9OwngvLqX}ctynsoZ^)nGE!j& zEpSC$(`P_vGgVUw2ta@Uhv@JCAeoLco$1Jl00IFVIA9n6gH;6zUc(A{0;aMrx!}U= z0tp?{XiY`oQwn4`!4-&CuWZafaKPXb@|J*sApvv1fOQRq{el4$5-^z#p=h*$z|eq1 z`h}@~5Ew2C2TX9_fWcs3z%T{^118fG3>9PSPT7sG1cAdbulOLmgKTsrn;I$>Xi+gOvu4j zkX#qL1`s!Mh+0$8E(MYr6bjr6{ac0BF?YF?intnUaW_f@S&YZwZUt>37qvN5)U;I7 z#i*w25m6QeoMJ-4azE7D6|{L&5KKhaqN2$iDyRZ^9F^jMHp)XqOEt;Jh94%PFzcd! zD31ihfC0p<9^ztfY<$PJTqX~ZD5sDp?Ms_O@~XH2?zu03ZOEGLQrUvI+tO zz-S8MFr=kx%K;MTP$&?hAP7Ma1b~o#24Db+ftUdR0AL6Z0D&=1!Gk0S8oBQKlV?5v zy(C6y7w*<^KlH4R|G(WN#wFn=Gyu*znJnF(Jq9FpjuLQ35(u^c{`&3Sb)AfCmN)_e zvwtvxPRt+<{i9m|26^k zi)H@dsJ*a?pg4~30pyoilhV+CQE}_pT|{f2i#FG7lX*AXSZl2f{AQBIiWK_)+Ueq% ze0tu;uKR_QWLYxu@rtcy-8d@aV1kj_hgFFy1;p6UDmRplZe4*7hldQ#;#dWxYW^)= zQB_n$!W7iW)?v21j&AmA4@Wt#qw9XO56@UvRk`ZumNa&bZe{*}vw^UGP_ADsS@P9? z_kAgjGv}ak!elClQtLK0w*h_1j1%jDeg8>5-I|&saFi)-;>pr-GU1ortBF&p z7RtiEd>1#)6fISmO_d9;!8OcQoa=su%{SflIIfiMtgel_p| zs!U2e2A74>I|UejjfLiD&5sFW4S6gEQERmA#4s#ftYkE*aH-Q?1ZKerR;}q1_5nWe zbp|*wl@vO{eiZ@CO3&w@ot@XRSlE84;_I@V&TEPGq=FQ_5?r5|6GKm-78NOtWkr=I z)U6vcAn)iZlt|cTq-8rexFaYyfce6xseaJH>y;hW5LJSIFZ9x-D7$s4|CLY8lJd*# z?}n2rVClr6n5yYCS?Pb6AiO7uSEH2vemH7+5_Sa0yLuBeM^y86TTrr8!@6(r z!*+#=9g`J*axXjPuXbyy6m})H*Mw4%TCS7U*oI0COX-PhH4JW47%53vJ$mWBb99kL zBE2hlMABktLu#3eX4uj%QHUM=DN$Ig z=Urr?@*7PcO*E$ZyxXgPKxJu!VV&ctp)^JzlI}8pBzG?WKI8+kq!D!%s$Ov^nE^JS zbL#rg1`idxqSR!nlrapb$cjCRHj1b-m;ttJ_0pkW}ZA@StpcE=emA)2T<*gPN< zG6zIsBZLSvB8W&MWO2aMkP=LQOLja8)J&(Uej;@+qZ{s>YyG9U6ZR;>k2y<7UlBYG zqP9kVb|5vlag^npbdv%B+3XJI9$e5lwEJZIYpp#xumh>bJMBz;&lYzW<6ff-LQbtGuo;zV7Ar3E_T7|&>QD2z z84oKf($9C?<_b6Tu6G6W(zMcwHcjc4u(m*dQC|*~7#H8iN2fU`78f8Ehhv8 zTtcN0rJpHXFh-u}D1nVp53p#Os z%_b{(U`g_~y(CKg?Kv6Ut9TDSf-i3!xKg>*4R@3m%zpS<6k}IY6tn0=C#-MnEBjkC zzY|xKs*U|^=R`B8F+)srG~kTSF_-9wWQ+=oU;{FcY@*oo(rDN?QaW#m%|ML<6-S&+ zFU{i^zm2ifRg(B`OEW3{{!MYuz3<@V*$~4+i(#f-PFnJ%aq;&+~k?gc2b@QHcRCATZzp7=J$1%t^e6D{CN81O@>} zfDADLAPjyr#9IOKXyXB}2ZLq7%{B`x67-L|rkkQs1p8$w19q<*j48cB9wqI6mHxu& zk4)&s3n^Y@qv1n4s~FWx+b6{`Im9O{jJCY@W6R;=&+Y05K#b@3bm&ztgUFm&A6r#D zfYECsSBuF5!VFj&861FZbh6T|z`aGDQ3&7$PvqU-FWUlYE*}K4k9Lj-$S6UE0dl99- z2L&N#!2-r?OY)fEWG z)*eHU`!PJWHwVJSw$K=#2VwRE#KLa_=X;YtR|f3n`xJzA->1OI>zxp6-%p?e>;-HM M-S_zp1br!hOphxLD*ylh diff --git a/src/internal/packager2/testdata/zarf-package-test-amd64-0.0.1.tar.zst.part000 b/src/internal/packager2/testdata/zarf-package-test-amd64-0.0.1.tar.zst.part000 index 2bb849cd7e..d9c5f11fce 100644 --- a/src/internal/packager2/testdata/zarf-package-test-amd64-0.0.1.tar.zst.part000 +++ b/src/internal/packager2/testdata/zarf-package-test-amd64-0.0.1.tar.zst.part000 @@ -1 +1 @@ -{"sha256Sum":"6c0de217e3eeff224679ec0a26751655759a30f4aae7fbe793ca1617ddfc4228","bytes":3683508,"count":4} \ No newline at end of file +{"Sha256Sum":"9c021ef9f62f58cca6dc01641521f372f387cc54c0d959a4f3861c6c636d98f1","Bytes":3683281,"Count":4} \ No newline at end of file diff --git a/src/internal/packager2/testdata/zarf-package-test-amd64-0.0.1.tar.zst.part001 b/src/internal/packager2/testdata/zarf-package-test-amd64-0.0.1.tar.zst.part001 index 5ed2b42c1b9679eb0c7a1ff0406de9d42e56a17b..da156d41d4a55c962aac5260c6eb7716c94e2b1e 100644 GIT binary patch delta 1050 zcmXAlZA=tb6oz+p_>f&#v1x<^+DyTZR$yoDd~P>|g0VI!nxLUYX=AuMb780M%uaSj z%F;%bU|B5?E5vG=rU9F{grp5kS|JF{#>fxbYT9B`Ox*@;)RLjWtR)gr(!1gQIrn|e zIrqHhCQno+PgK{u{5}0FE2up6{CwwyP8eye0_>{{U_~GB(GCV5iD5DkNP+|Kq9h6| z!-;}}0i48hXKJ?P@POxe_FL6Q)JqC4D}oG#R^XEYt+FJFfaO_63?K-6fa4J-@DSn( zNkT$^Q6vs2qED1%iIT&b5!R7znY4vWYiNY%>*4_;^1LXB41*bVfyZJ;nLMpQU2Vk| zQv!GZPbg`*mNpo;NEp%xN&N#Gc0sPCYNsfKkw1r5Wb+kxw-sw;kKk4r-qRGClX`VrbF1a|;awkrxC>;vEbt2&~joN=}rL#FJZHv3_dU zNfhro;~S5I-n-I$;#WBDaL!yvhXN;wf61xKuH$_*O^xyG-NiSCuMfOSZmm0iifBI2 z;@X@%cjI(L;~oB*d!XRzsn;Hte1m$%QuVv~=D&{lW)CZ+`<_eJO+^dOeK+QPvFF-9 z#VhausRZA8^AVeO`|YUg8l3COHV!TlpU1fF@@Nbk3sjTEA6J&P><;b^o@5_>;hLX4 z^yBZhdj@x3_-S&TRsWncw~pSE-}thUV!Hn_7j}XxV9(`4OR<;sAO6ko+-t}WO_T2Y zORlErlBcki8}9F&B$}VmqWkfcRM|5M<&w3oj4;Q0Y<(^A&?EmUu3_ekPl?1R#qGez^SH@0-vI~;{D zd1Rz$d~8-4?X<2=l&6SC1@R@DNG#dTG>P+xr4;FjFWY2d+0NP^%c*QnJZ)zu(ss@U zNvCo>@fABav0`u9AS&G-hG-wWkBwAxONlI=@$}on6%@W=}@4es4d&vv+ zR)l&h4swG0t@yV1lj+xQ?CH{2Tgzb>5g;OX|2~KhK(P=*&~_GxQ6T1G7!^aP7y%%G zP>hH!9V|?MMM4BYg&()=1BceYi%zZCXfc~Glih|0AQTnC5QGRJ0V))TkeI+QiU>t# zlG$u_zD?VP88t^St4(h<BcS=)xfIWU&9ic=FpRc1x9m zmGMrP)phHQaCcR~!lz*4Y>3MI?w4P)dkq5b?Ztc2yvwVP`?8HA*L5%Fe6jE-Ppaj{apP)V z20}nnGv~Hv@Fq zu-f?{-j3(uui~HM3AhWd#(%(z@ew>7e;?=LX8a+35)b1q;$PuT99AC>Y<))ck;W$rX`r z_%>AxvWH?DAhb6}mg?(wstWw|RGWc?4(C)45PKCvWC?}H>cFC{;rGsQMqlDw`GzwN zD+;mc+RUos9Cr(6`0tXQjFMc8D3syX{MiP{Zuy=1Bz6AP$|6+>RXcxpM)?Ve7(}Sc zE&q(P&(~p!F?H6}y8DVw>Okpa>C|oY)97Th{?3)jWQFrkX=R^3G1%Q$Q+_Q=B`0Sn z*swe3Zj{gZepBU=1JquFFxa;uGx|CdFZfSTCPR8~WaY?nQ)x<COuSnMC5SI$^Y;@P^FVDsvsiR=0hz6&10pt@{xc zm2SD$bo1JK?|Xd^#E2}GhBg>21mF2X2qB2zgal)M1S4WUpJ&c*pYz*&FW^OJglFLg zSOO*Jgh|*4Lr@PNLMyxsH{dzA29Lu}&<9(Eesy2pl-k`FRk;ir5QbH%FQhtc5d$}h zz6iX!H!~@A#o;RJ7M$wt%!EdJ_A|Hia zw&_jx;@EUK>+5QA1aN8m_CR;bObySV7-Sr+J+S4g&xH5QllI2&Z|g z3G%0WoeB;E000n&e5(qle5(ucr+=Lc4g&xH5Ql%O45xpq4f3agoemBI000oTf~yX` zmVch7hO}&cx`4eek?7e@EwBbQ&>q2AL8vRJUHN_^wBaNNucX-njlMq4%7F+W@ZJW| zAjEYEOpeoW(DZV$PPn{@MyVqQ2`}aUfk|{u7ee+1x9l5_Nsa8XW|3)DD{)!VNUf7i zPv@BaeGzBD?3RllzI^Xmm(>cG-!4zHrhmmk{#nUERv*o0j4}0o|01gu^{7zfCapNo z>@&IL!ZA^JH>gc+|3t)pdQW&rcMPc8Uz_D*)3ek=*J{W6mRnvt-pQtCyW~YytHxrS zBnKt>c_(Lh*+N61{ixcn&{WvT!iA(W(sIq9^r>$NQvGt3Bj+?B#JC2Rtp%Flvwy^) zJtg$&L6sg<6g-@#(Ddk+U9Crt0}Z}3tV{!YV>75le{>!pbpp7Z*(uSZtsrV}a~^*0 zMTp`6%AQ*#yUCYF1!k^+yaJUr9Lpk1_5Vt|Q?oDCKJn|qG zw&hLCGU#oQMw-@#g@`p`9E{2$(l2C$R@g&jVR8X@NBM3emhVW%@{+7Too@h^3(~P% Up2d$#89Z7Y@-In4z7u?;N4NhH>Hq)$ diff --git a/src/internal/packager2/testdata/zarf-package-test-amd64-0.0.1.tar.zst.part003 b/src/internal/packager2/testdata/zarf-package-test-amd64-0.0.1.tar.zst.part003 index 2dac39314de1c0c7be41bfe2b3a0eda5ff70da9e..3bb875623700c409d0d1495e68ef8489f3e61558 100644 GIT binary patch delta 570 zcmV-A0>%BnggwB7J%663hO}&cx`4eek?7e@EwBbQ&>q2AL8vRJUHN_^wBaNNucX-n zjlMq4%7F+W@ZJW|AjEYEOpeoW(DZV$PPn{@MyVqQ2`}aUfk|{u7ee+1x9l5_Nsa8X zW|3)DD{)!VNUf7iPv@BaeGzBD?3RllzI^Xmm(>cG-!4zHrhmmk{#nUERv*o0j4}0o z|01gu^{7zfCapNo>@&IL!ZA^JH>gc+|3t)pdQW&rcMPc8Uz_D*)3ek=*J{W6mRnvt z-pQtCyW~YytHxrSBnKt>c_(Lh*+N61{ixcn&{WvT!iA(W(sIq9^r>$NQvGt3Bj+?B z#JC2Rtp%Flvwy^)Jtg$&L6sg<6g-@#(Ddk+U9Crt0}Z}3tV{!YV>75le{>!pbpp7Z z*(uSZtsrV}a~^*0MTp`6%AQ*#yUCYF1!k^+yaJUr9Lpk1_ z5Vt|Q?oDCKJn|qGw&hLCGU#oQMw-@#g@`p`9E{2$(l2C$R@g&jVR8X@NBM3emhVW% z@{+7Too@h^3(~P%p2d$#89Z7Y@-In4z7u?;M}V{emRSP;01&5^Spg1*nP&l~nP&p> z0{{RJr<{9 delta 574 zcmV-E0>S;jggwB7J%g+Px2ypHmRYAoTLBIO000n&MQH)2MQH-^r$}1^4g&xH5Qj)< z1E)x71oEd#TLlgS000n&OKAnCOKAr3r%qc34g&xH5Qk1_2d7SH2=b>ix%(H{T3Sz2!=Cbs`wPqRY5 zD>qi*xA9#g*x9P!(Xjl=`ltH+|9|x)W-P4Gc z)e*G+z01e7-wF1MIVk_eM=<`X_gfmJ74x}pnEm!t^*f+`^Enaohl=iZqx!>6BiP}W z&}f}ll2-mMCzUCXsxR*>|B8Bl;!Jz034aUtWm^mW4E%qxg1?`Q(=?OzPl8_?{OJ+o M{~STSil_Via2$9gWdHyG diff --git a/src/internal/packager2/testdata/zarf-package-test-amd64-0.0.1.tar.zst.part004 b/src/internal/packager2/testdata/zarf-package-test-amd64-0.0.1.tar.zst.part004 index d04f2ef445cef48634c4a4a8ed9cced535f60424..3a595f2fba52eb8fa64a3d8a12c2482592da2b03 100644 GIT binary patch delta 48439 zcmX7Oby$?o_ckdh0wS$6(%t<*y1SMR$pxkR0i>isIt8RlVi#Cax{=xymXMZMkZySW zzQ4KVk2!O$nP=ucXU=t=d*&R;p1Q;iym^u~zJ2q)tmV2sX~R#pD){fi+rgldf|=x3 z^Dm6pIPV%ybVCq;n19F2o2M>QGmp2d&?gJ+X89gYQKR+N6APwai`BnpzTc1CR@^>p zP9_ZBDQ|uUH3QYhcLj1G&ByAN7#^?x>AKfK;Dx3Et^#l7-TRm$S~X6B8}|JG4?*Ts z1kQpVzZY}kQ`aj)_K|zN8>?rXQE~S=8D^@#{G`cHbH_cL55{%8P5}A+#-n~A1k)qC z4_LYQ4-$H*%_zHDcl*#i^ZQ|7NBSw`pi1?8XHf6&P}3#XM94kDrc7IPL`jN%zX`@v-60Lj`oAmEMZI$vtrNNFq6$)1Nt$~|FAdMcO14ciV;AXgs%}^2Vlx*=TAsSbhaqctm+|6kPeaOlkJVQo z>atg7?H{rqE)6auzlNTPlbprG9r=~s_G>ZyTF?6FRA7>3^vLrzgFU61_n7M`E)dwz z2&%>d2(BGK1doLGKvP6dQR1A?mrLykE1LT~lC3A&|GMKU?jAmTccs8YLnAJAr6Bs` z&Qjsdf`0lxxx$?SgDB=B3r5997R>+a`AC696ywc;RpHHo{eL~)6wioa{8*k<__5%e zJ`?)5+XFTtKfL|A}NP(&DwPe6oEm=BGfFAM!Mo_%X*93B-8 zAR;3CPs1-Pz|Zet=j`lm@8HiUEFi{cU^?ZxQf>B!^p!NJ|j*2c?$$K3|(z$ih_ zXyf+5+1)`xkVgQGPl%sSke*S)CcwkTn~|S~kB5(uUrXxe$668YT(ahcFYi%!wT=z4s{em%Vaos+cg9 zq%>OnSbF;jwEthQ(9kd<8*p?ChO}wM<-5jSGzF};5&SkGTy9R@0X{5*J7GevX&pzY zGnp!neL7QcR&mhl(%$ypmoc2n0tecH?uXM8j#*LYj2N&#{>vht%!uJPEPY~&NfT>S z3{YmS=((I>^{!*Z&>|fSECvD}W7;fY(rO!UgcLMc^j*FbUU5&I%;9gTJuO9n{?Esq zrBnG+Qn8;;jk&X{UzpoKYK91DFsN!4AU=${Sy19a@2TPsh@$kfh1z8a)jEX zE3@B-ti;jPNXN|k(aFCW1_m2oVG&3B%86xtHm$8fKJCIEK`v<$-(Nl3L<_JrhFj9! z;J^F3wVdowtQgxl|Jk?YD#5P!T@@p3!e`qbW#_2s&gg(Z)ty(`=vsnbDK84>(H!z&Hq}HsDXL5#0Vju{)kEX25f9WPs<6$J0~2Q4#K?d2+W_ZB?2ev zUte*F(E&M{lz}`Po!Mqsg?X&>SJ~2g15~`xZ{9d*%G~)FDd3SIA|Wyk6PsSs*)KzM zzjtBjewHJJjcTrH@;0S}evMlj(wNO#rw+7nl;ydnn($UBF)6GJWdZ^#v842Rd7~6< zUTjM_LraCizf1@`hvyUJ4SsGH);=979sp#YE4SK{WsVN)F0lf*YU-{d{>o-dRBLQvvY&o=Pf!&pei;pR##rTR}DNZa@ z0=K$-=FCRjuENLcf71a99oO^bXad9-G|*Dp*Zw|D+x{9nsNjws(PQO{5@u1rAA(VH^>Mdi2%@d~ZjsNx6l# z85#;?{QzP!Jd(ekyo@x{3IF4BwUMg*)wX}&Pq>IENT;iOgQg3VGgSDmXX_aX_PDo{ zZ&v=f5LG8&QzO8^28&u8*~+1-a799C&P#Ca@e zrsC;(J(BNwHyf?~@rnUZH{T}acQ@up_J3}VdbVMq$;XM{xUu<3a$32Xy6LwQ^J0ql zt(=4vR7r=X|9vp7cU38Zo9;NoAe>QTh%q?-m8|qr6wkfk!aKXi8Z_J)kNkfQ!@@jE zPZ!8A^q(St;2)4B|IeH+1DL7Wd$lC|uxiBos~&Hg)M-ZO-bD?aR-n#ZR-F6hwx3S* znmJ?J8T3Rrvzt1L?&ZvwN6M0Tqdk0LjmCi&mq;At6d)30`Hkd5p{0G%4Zp}T;GOp- zkA&g-M-_>6{MsLj(5{qs3_H{Qv69hTe|6jTh8iLO5t{E1s*m1(-2`<%rH8j%cjZTz zFWj+ydHxGc#iruxydUYS>`3Z3Jc3{d>auY*W~LCY(zsHyRE0}VMwI2v;mzNUFtOf+ z8*}_0y+l?0R4CUA9(Td|L-$v)>!0B2r@1>J6g7Je6k4{_FMiEPO$D#w-xz5B5`bk2 z7WZ!*0&95|}t8VV~JfZL{fY(~h55Jbo zkl^F`4fD9RF>mjO@={m6ku@HdyI04W!(Pcb!(sVg}XNl5*gMBQD-EcfG;cSP}>$nM{AkBv5MBidtHk}@M2c; zznK8vzGr=G+ADpZ<@XMRga0%pwa_YJzH|d$y#E_bOJYwt-u)nCgzK7S`P+8}95UTxUi{~RV(p~NU6}hdpWcQu^dT7ow_w)~%64R+sr}0d9Js11MQ-Ri2k*4(PIiH_}OZ^KaEPf_+E5DMh+p~%i zKeLRpt17-&d&j3Toyb|P!xVB+yX5^PSOIttutyeS!Ev96m+;8^b-ydmRMX7yt(`tT)>p0TkJRLu+ndr7K+rS{{ zz|uWmE{bc^@VV{qTiAoY03qtrMVnHJE$HtKp~hDFGgUsFWta1NZ#72mF>8FYg^1v> z=~Y-XgwwGu#HhyPsBS(ShktO95L(O`!jW+G>{y^qfoP&Lr$ zR{DY(!!Yr0a@xt(R5~3i{gyn|_26tYU+C!NmfrHIFppzD#p@1*FKb_`zYo)XbASEA z?O7GtPGg%mNFE(T>G4jk;E3gRTLuL7X;s^0HA)@6Vv^F;C3}8ZR!8(k z9!osS%ffUrya}EA{93Mrb#w>VB}5;D;ps<3{eakG-w)ug!cT|A{c%>djbq#i{^0f6;?$N(25Yky-GS#vr(8073HqZFM6tiV zMo?m+GQ#fBs1pF|>|wqv`ph~_-PIS&zpg5~x!mu3X0-iEh)@Z5C@Mm`FDj}M@~z}A zqDRVN89qFtz7qI@W~DL@NWLL$9jmhO8kqbbqoDZW)AH~`IQK3VI<3AuKXx^j{?|#E z|4Ye03mZK4yeah`&znThck-Jk547wK{D9W4p&PAf+a01Eji~S33?;ArT-CG0VreGB z`%LXH{$ShBiWof&D`wiStGt#Ub^mT}hbbl2Y_$DFgNv^E^=}PNDDZkYM2F~EVv7Cv z3w)-hczfHelx@6+v~-$}80AVPx=%l%Q(Azgf+K03K`iMRB}b?Jc^uh8trr!Mj{aGh zq@zn|>vGtG{xzFIwy&^X(20XIY?bJwb}@0Ftahwq*Cp>r#^nefRxv5`I{yfl1hI?u z_wKh-P<-=Z#DnxiX8?nml!>GG8$?O7ZSEhJwy<=auB6qZW}d^dt>a8Q50hgmlOCf@ zcos>1zkfSeaQ*5ujX@(gj`qVOH5kHV|QEza*v;MUy-u4^if$TlRI4 z2S^G^XafiAKX6PNA6e`cDW#B-;ED+v;r-{^h|MtkD8j_odH{TPp%gaAd`>3*!iK28 zBgbZ(nXymhxu<`=4DS}{{%vq3M`C}s=lmZ`jLr|jy-QE=D*8Wn^d-?gNUn=M=?Al1 zV*F;p5%HUi$e-EP&06-@mbuO6Vclv%%X?>Y82s_uJKx^h&*#&`mLnM-3w7@?0@@Hy*q7+W zPkfm+heRh$F3f>DYx`VG7N_c%qFxY|PtbGrs1 z^I48&4-KPWcBfY4n~ESAc5trj**7ZgL8)j{8b04GCRV$I_Jy#6fpafa#McX1yEq5KJvANOwEujy;a%JV7>+I0OK$X+gwhq(R%Zh*n z1NW^mb(dgx#i>QOg}8T!`A_<}`VsNg=4=h330tPYwtWcqm$L-*D<&_K;Z)MUJ>ubV z_&KM)-v55C_u&TwCey#9PQPx;G)-1#aK{x&BF`KM1-)KP5Aabby$?*`4kk74F;ZC*1> z8A%0~>VyF`UB(1o5=eemi^HLCM#Yc;u4XBTy0&pdx=miA_^Iv8>3nPc3C7|c@FUJ9IvLZ3HQq0uGk9kUW$u66}3+pbeEE452eS{E`y7;2;P?<#kiT$E41EX zt1LHBlVt-UzqrdTiesVcx@Bp4k-@^FXmOK`(RfY2DAklEAdw~#|G9ZM5fz$wxS33o zL;{B4<%D%suGVh{x}>u=pXb( z%EM{v$nTiFa>M_WM`36@q&`4CzvD6p;RJ+dy}cr0EG~Q^i#XMM5Y*ATYIrLmnDSBA zYo5ZdoQ%t$dnyftIE3Q&`q@k=j-s+wQPZzqFuZM}Hrm3O*j6aTGfWWDt;ixkQ>Jo^ zU7Prkw31KaURKK~Z7~t1gGPn?uN7AlZMGnz&|SFG#)pb8Z{v1iQ3X2p`kgY_DHR|o zQ2M0B-lk3>oHGz?58_uq-ijsKm)?bHaq*Qo#u~NnlGkuVpkKwhzolb^Fl7q4l0sh0 z+fdnxeMdJSg(c`+d-ygwX#6KLq-7lRQx{tt?G@XzkNB~C?b41s2A}9YidzEp+~4hd ztTM*Z(Kl768P(A8(g}v8-edPN#zq1(eE|21c)gpWFXA9#MBMWGuW!5~M}H;Ek=YGoRflT_%n-H#r(< z1X|-KqHS81$@^LS8E3#dY+!jBYQ9q5E{p#08Qp_GKnrKTOTo?AYyaf!Ao4+=r7=@# zjJ;uiY?EwMkXV|WpW(+i4ny9Tk-g%-!?S(s0fKwC*kd?zgrT^puwCtT`&fT6-(d<1 zF+Ki*yl}D|ReH4i)oiEiqoiNpIC zwdD4=g@{fKLXz+lo{_6zZ&z$_54n?9iRj5xv%CGkmORmBP*c^#*)J<@Blie!bnC9( z5*#lu_&SHXq3p1rjU)1zzu4R!yn(~k7d@8U^{o|BRGq~-tu7$k?E8Wqpc;|Etcns} zs!*JC`<#2?;p4UcS7(uJ)qD^K37zBFXo^`e<&lKlN8fg8H(9QKk|ZLC9zRGkf4o|I#U# zy%|k+Hw^Yy2F~%}KfaDTK-AUSC@xy~a2<0(q5p-5_t*2~4V}|l71K9ToO`X(+JbDm zXj~DWuI+biRtQa)BV;l^wI-xI;F+y{^yg(Lq{MEQ>-0rW;t)JeyX0(} z-C2}KXZ4ObTJDp-dlIcU`tXO)P8pHY$-!#yvhAaGb~KcS{m1UU18y$Ns<|E;%bM`- zZ`6Kl{jL45Nk?`*&v)iz7>fyBF1rw_r8ULkV`elbj6#3$juP+dPR6d*t^D$iKL4}a zo!po;)UNkUlkZl!M2ub7W}{EGXU^~6TQhe!VjTVwSFhe6KieHGU!uHh*%w$NntlU6 zpL?Ad%8^e&kksdI41kucXV30+Hw%Ko6x_brXwac3F3vB~#_3?s|2rbUTQL|*4!3w^ z>USu>gvAq~Zu`n9pkOroy=&y>jeK-Xb?}ZM=6^B7pu^#k;OVItjcm24+t>uX%;+_b z`;Czr9^D_2yMRfkcb7~ufJQEWE}_LO#oNUm5`NBE%@ji%U7tA}YA~**&Qjq= zEMYk898V_5&Oz<};)3P8bN17h@(yJ8+p4Q4A)SYeUwTg187s7J8EC#2WuOU(4PiR7 z78@M&MPVz}W~l?aS|4aFT-a*LX1rcO3(|sB(6td-ycK^yd%Iu65E1D=4|zXB><0cc zna#bv`z>&zb0hGVgmqVVu04E-`gNV+=uc3YgkG7d_(|8Z9_8y#_{M^(ZYB+lPp^j0 zk8%=9ZF|j}zn)!>&oF95H~B_UPPOhHIgbtvWnlydgKmicG(&L$VDmLV!cLY5)J_WBH96`n@ z%abtuuQ1L5SFsT53V!3nx3Y4+9TLBN)X_u zWO@dzjE7i5kIHD;js|bS&o*EZU7r_WEi=77k_~`jtGj4E9QL~G#fO!nE?Szfj=FhF z0eat#qn@XX`Jd|buwB?4`g}4LQAZTV3u!cL_ek{nn4`z1|CNzW--Pgk)@6-R;x7BU z|Nhdie4G9nN_i?yER*~tJw2USGXm>J#*dh->nE$fYXrZD-V)|KhfTS*jfelFaa`ggcq`=1^~M%%>Ax`PVDw%yTpGlm}^Y0zuk5D*~Dt#|%BX zM2)(84s|}(%erP{$4t7^nH%Q?)EROXy{h5@u^O20$&rUiI5G4#A+hTf;|FsHgj;an4=?ywh-vXS2zD;h@$9K~mk(ec9p~ z6$teho~f3RG(vTq&+nVvR$O-wQt+%DL&|EvD+1;g(KSbeqGsm6QD^AAYuAh~O@rBH zrQyP!-c)6(87K5eV$IC;@~NcR2jmwBYLIPhtnReh8=`*bhP*+#S|L$La5_xwBUQta zBhn*sub?`*R^-Gzi+59ax67tvbe@56^Cu!E|6}9SnwU^mJ zD7^&nf&@=a!+|>Ug*0SS>9+oHVs+=iPAw(Eznxpzb)wd{GnhlvtlQPXu|00aa?!FB zvLb2(8K3l^s;f^Jc`j(Cpf7u1&;e@(5L$@lMx~kqLW-waW7KZhdW|sW z1oTdSdNdyTIM3s7kYu^Gq%AH=4U-Q6$zC`es?l*jq<3_8Df`_VaIHne63(}pU*zwE zs8Q5+DaDL;u9+KN%^o>a-~)m)BBjHY;|5j8`k|^cT_2=YX=ux?{-0m)>R{f0suhkc zhhIR2w-s1aEx6UDvpk$HOg@;I%t~Ce|5U*xa9I``_|D1RF`SkI$fVp!>ibz zMB3GJd`$@2D=urYP!0tbI#2KG+#H%ZwEDormB*GQou>-GlP;olXSL!m^V;!5Q)!QS z{u;PGLTCpUf||)*2n4~wARx&f(g@?O85f+=Ps)dyC|+k4G`=yBZk%p;b+7~zc7tfK z^R^zT097|N7D1PF@Yhy}7IpgFBAT+ZK2T1NsyfN23F!FoEae$&+Q`!T8kV$sRbF|O z>~WyMAJkq&1B23RRG~yCcP@^i$D#gI^_@As{!|^AsC_1+6_X&)BkpnO*-^Z|4Q+u; zp3T2?JY27O*q6G<^7V7k%__A3CkMs$7|qvQWP*wtWeiK<*D^^ zNDGB`yUm^PKLMYGQyxqTWSQBTgZXLEQlDkzgslA@31 zoJ&64Zn1})rI!!WkPi4r^isSj>edysso1uZRCgjEC5gy6&Dp5Zgs4Nd54yc4ojg`3 zwIK%$W=xWn=iP261|m-d!j}c$LJ8^3osc=Hh4J!S0I1THa4hwaDJlxE{8oDfbB%$n z8fcgCPTV_MxuG2Hpy!OhvA%-3i1(dTM)qZ3Y7w_|#%^Xs1snke?N=p>UK)1k(Ys1UeZynR7Z-f^Oo8ng>_woR^#xz1Bcp%x()!^FP#yR8AP(-Revg# zYyxDJc=A9XckqCjI)|=`NA5GS9hzfyLy-yn2ItN!ij^v3NJho!oVPYZ{X^5Tepd+s ziaZO8@gIM~i+Of3fHd%2UqxWujQ>N!oaTD4$y}J zJ*9WhZv7i~M1|NwphbF3-Q9d>IjUv_Xg<`h^1oaQ-p^{_c_#x2J*-Nj;#WgRTkMT{ z7W7GXtX(8N9vtOIA21FApkNmS=fuIn4AXn-@?&x23Hwe9sKRKmdwRa~xMjQI=r1?o zUqJGMYG=UUGOvPoK-G^kmJ9#bR6S*pwLkFYI>VbqXzex6b7Pi+oTd%Pyf?5=Uc;cA zy$h`&&Z23OxD>SbLmI5z@Jg*CihZpD4K{SKVg{3G@FYqnFvrpw-(TS#utu_ zN6Ua`%7Di};)!phA}_^8L`X(zYx9x0oTQlKnFay5LlbVJ*yq6(HY|IxXLER}^yoxU zwi}TqCXw_XdRc_{>6r&orRX(>OXO13N6@g06!29s+lUWTxa8ob)~R8F0TSs%Z~IeC zf@L^~zDCMWeU4%t7!3xb7?gX3RGEttu$b`}_!(Pz8SN!L^!C}R@sXs+VJP>uU~Ij_ zNF7NK`(XVeoj!8(Ly8HLJS`r%Nf=x4t90imMb>aEIZn2(nyg#$5~KtKMDbWd42{3h z+PyhQ@ngQd`=LQcw3%X}@C`R+pyZ2nUo_ENncccZdJ8 zIZ`}RUAe8ZR0UE6Hj39}Ctu$^!+bHuDBu2vp8mhDXbkxzb8#5NY-kwi@mdj>IAZyD z;aK?L7?IiU7143Y> z@yDyL7#gH*0!7$GB+N2QtaHSF8GcZqtNq=xHd0|EQHx2F!$=4E=|563i!mwb$dOY} z&|-=akVk#_J@>;}fIMGIiK+2ggBgyi6M;o~jb_S-L!`ror6A8PPx3-#M2JD~OC`pr zGAa6^0+|NQUIa5^s)87HEZen4@dRsW4y{Ihf|9&#B!+f5CbKCPTbs)3=QxVHO%Wxd zA5{}O9)blrrv=ve15|huGh{4L9h$9{o+CWnq>0|UxO|>sa=fY

F{=19HGA&nG!$(E+V{NIp6 zIH0Ja5<5tSr^-k&h7nJ!iiJjkoxRuJC{LPNj)}v?hC?KUt13@MIv1OglChp5mOw(2 zhDFXmKB{bshu3J*YpUCeo{Ae4hKH$OOHI;bLLVhy6DGq9SF~UzC;5p%8pEH6t1Cwx zhdvjMNt=#Yjzx;5%chTkr$IKx(reGf1Mrk%)Bn>(lxmO{5NL#A%*o`EYcAj0X(d*^r;voRkZ!z_CmA- zDa`4=y?*ybbWnyx(4et+;{@|Clj`z4r&sv5#jh$V3Z$RIm`MoV+Rhl6tV_S`d1#ZhKK*R5$&r~Wd+9z| zRODJTo?qHJA=+g=J~(BkzTIr)1|%UI3*8Hxr@#djJBz@5&XD>{wl1O&0{sYO*r(c9 zgrRnygn@;gtML!Q73|e}$~n-s1VkqC6jXh(ukUvNj!EvwiVOUg!wQrx42=J7EsJk( zLGB$DK!Z9jb35Jk%+A0i%^anoR`y+P&iji^M-Zd48z?u*$JH6cD+zR2-X0vzFCEn) z6oaTn+h*!3Y~H7PpvGw_F4tF@q@rSV?W!-DmO&%GDq${_PS^g?vE{zbi3OGId5$n> z!B9T9E(h#fdD(vM27&NM2}_H1f-XdMpdyyab6wiLQ%+q87QP+CqCV4Rb)py9Ssuu@ zfghloJLkAF<~Qbxz#~tehk=u+L1x(#k&fJ7~O?xYe}u zr=pi9D1C>kI#BgSBKe)(L&aJV>Ta>U?ZNe-^ihPm+U0#v!nGe_Qt(p`QpWJ9DCD+! zSh}Mnfk!_P$eIbx*;Q;9QV&{xGHdf?*_^eS_H`QP04#Wb4iu+(($HNMlx}?klFtpO z{&EQMN5r>Q794;-k1cUt_@7PB9ybP{EDNkmLwqjAEL*Ri8zTcOOZ5Qt&LQ(@pBYvP3!aL(DaDvmX*s9i?=x&!ki9wD@?X$E`A18H< zy&B6TVPycPd3pWgtZvsw?YfUyFqr7zfr7BNxB7swerJm}j;_Fn(}P4G#QEO6?fU2K zg2$$y$Ya$(Ms&kL$py!Z`y#3U)qHyeoxhxPfE=1hgP3k>-e2?jf!0Q|J=AYxo+FxQ zRyoZ$%0oqwwwzm<((X|%!A)l(tA1(>;O~l=%q=J_U*zdbssW zyw^DB4BG6hv{*^WxDxPd8Qhn&C18XnE$nV=7W0OBsY~n2ZW{H>i@b!Oj*JR>N^dw0 zfFnqq(KWcC%DvvbhXbH1N;I};K%oLGw-RbJ&*q<=`kwk1z^EBn8jprQvK|+*ce565 zw=+-O4;<#x(Dvm-tA_^AK9tUx)7;hck!$*n27d+DpP zPNN{$(Z0at;2wCNgibb;1|}c+czNk2nH>BP$zg?T-0Z1Rt~oWjq5yd5Hf9~V)Pjm1 zO5gRan0s__@bh}C=XKn=x+&Q8Xn>O2NVq{C?|8T2huR>z_MpqA;EX$$cHo9d+g;LV zG9GNzRlm#sW>?_BaB3>raUt5^`!4AoLDLF@z?T-dWyTZlKO#;~My$WpLW!SR{UjzKXZ&;9Z`=P-`oBB2PjodwpCK-Vh zGK|f_%8#he2P@MDw_g@+*Y|~|5x5i^Zg6?4|2U zIl$1!=a~nyK|w25Ew3cFKgp9X?;^AmGOnmEQ`X(dB(&SIaA52i>AT{3Kr5Xm=xMv< z66l^yhoPctiK&`iI#cgmb}FHvu%PmL2-z=9H9 z1_AIKw@Q~--I_hKaZ1CDr7?%3RGuI=Ajlx3c1(Cumu6BBrB^K8ZBacaH0*HJ4OPAX z#|}}|@yHyU<8IGV=_;icmn5*g`>3QF9it+jo|^ij<}(G0JDH}zfNi5|R<94Qu5FYU z)hK2dR&H`kEC>%d@h27@9CDvscSH_quHHa(l_kduzC>DpeZB=WxOjCr)K~#P(y|~$ zZu5SSh#|y%(q+=nW;KNKamj0Fzj+C+JP0)}t9KjK<*Y|l*SmOUO;hbxQ+1w;BRg|E zx+YDfSM%ySAwiw+CTUR)P6x$Rhq0MsvsO=!7Q3i6r`0hMBsr&B)b5z81#;f79)8@t zojdGXcP(yOG^aCt#N_5KYz`bWanF(Ss#%Ud8rGa}4nlhd&bAzm>ipXu{py55TYc`_ zYAKxWke=o2)si9e+daW`f=b&xS1`Bi^$~TH_`7z)R4P+|pSqAc$>?m_yzY*=M9lA$S!#$VyPTNn1XoszE)9ZreYO#=!L7~wAmY@SBgcvIs=qoYz|47Vv1DV)JMMl0m*15L&3%AAI#;M->gG9>3L=c$qv8k1TQ|r;)VydIE>aw=8 z=cK8F+q903N7+){XxV>=w#$|Jvs<%yp?EC>Pog=Xguv(p*-(Qe)Q|@19ks*)eS* zC8-Dk8m4}}Mt(SXE}ZyqS!dDi(SQiCn~u7R%hQ}&W!iy*-ubv1Pgd{3-#CCeO7m{l z7X1cb*YLWj*E6%FtIhUy#_yq;!dFvXK9}{3(ms%Jq1$(J_6F`2cE&v+lgH68x2|gQ zmPCmKlaqPsth(g%thJ_~?KVQI6}n5B(1CgYx)0uWz1=_NehHRc3h8%5PG4ILRl^&C zi%;q==iiXBf>$u5Nz2j+Dsn3D&>!L5en(Us@SxD9@uD7yi1TSsI@S`;bOS4y z9FMIR-~xEn)Ev#-tjwBFseyTm#`X=|Df=}5`^bVZoK zDc5=D6zmL^#)dk4DK9Job2ojFY8M^Jj=8$6e#dkj96jX_rJfbo6;!Owc%|>bA|a{u z&CGYhtK7RLcVCFtLVJ0Sn?=_eaHi*#JpVGNY=v_R`j75YTe~ftd+@t6u1IvbIc^i0 zKK8xYU%aZa8nQrGv~G_7In&5M>G?DlUs}B9(GTgjw}4iqETm6sm3AIT8#yjRL692L z0A6jB@$33JC3T}+7dmHHsl(e=uyTw?JQBtoJ96zXe)g)|xhU{onx_R=_>L24^LIR7 zSUMH5Saayug|0bwCL`b-S8!+lo!y|E)qKYU-L)qCi11hV;VG}M-Bf7#vL_shIdpo% z6w>6v$>!x#+CcBy*V@Uzm~`>_6uAbEVYPU^av6) z^eBaJjAyK`s1nD&%>XJ4#BcS#%AsRovwn#};|ga%oU--W+vRJ$hcTywHGRj#nOEA- zc$1P66;9%k7AB8RiHm0=CsdB57RB7AQjk3Le(6IoaU~`n8HUe^O)46efDc>T>4zC_ z5iwF_`_wSZt@TC>Y-02B@hEf*MO{jbA@m)lDn3#sGR1IK0!QFhgHmHh@2gxmaUA21 zJ$t#Ly?!|rbkaGcjbFGJa;#CzI1HR*iUG_73=`kj)bLe_@Pp;C$rLTVB}LDv607ll zMB{H$`NtWMejrl>o5-IpNdy z%6(-c!w{2CdpppJfklZ+NQujCP5(^}U1uZ?gDBR79@kVC4FfMC1>>LH*>un_$X*la z4D40@Pc*R({~e}1h=zqHmXn0nJc6rAtr1>Er1LeQJPaL^K>jNpI!1;ZM%+IN^bjqs zDO(7jO2Gb1!V!)|rWhqhrHLLjO2+qH-t>QbQd$_R=Cd#KSY!5-eBXQf!osm}Y3Vfy z+y1S=937ujPEL0|I>Em9<*fa;I5PQ^FibZ4RKA>_%5kikZ2dMc6=Dg>DJ)C^E@FC> z4>@SF)=N5MiJBD{0(|_vpOn76F=5UYnT-N|wxs?O2Tp!jr&@>O7_8IE@mqY2l=?Er zs7dp=lrf(uRvuT-neht_^S5+6+um=Zayk^xqcPL_8DA6MXi(sN;t!X|{Sy|eh>_^M zXOhiBm4sW?pEjeBMHsUY$x-+j9mk)r_oqtM6svr@Jt3tSnmFq-TH-xxF{%V2Pf9+Z z5zR+}HWN2$PL~9ek2O~-=2Kj{9*00cuslgzoCZ1Oyz-6!e;8AMT&n8Ju}HBr9Q)oO z94Fh}0W=Rw&Cbv0FX$CgKaD7|5!k#IazayJqu<_(lzXP}m57$`i{hzMFl&l(BnG~N z*z0t?I3}_IGLE!y)FWd$rf#b7L9z}H5EZAumX#1^9j2!i&Nt^^BjFA!*x5u@Ra8{$ zBE_pCK@jf?!||1~W{oR#*-6OX`JdWzD3MRcQ!hWF=BMtorcw9z^FLp_7QOM3rtapJ z_D(L$TEAWLl-|ks-_45}9#Xq+7sTr&diAt%TyCH>?Y%x?weDpw^$_6F!Aie9l_I-Gfu5UWbRv}g%JXa!qgI=8u^{IB$`=0xr z{UCVfkf1bV0r>Mp^99&v+DMd6cFka67xcuEXT`b$xiUN0uuc46BhXRzV5fBV?)@3a zBP2V1C=cp4l2z43)bQNnRloxsQ)e^6a{M&&MCmTsy<<$68-a8`FU-90xO=M4JjgmJ zKdNCVWKzDa%FVp~9?8M_NL0%(pUL{=d>UW?njl0vKf9WDKW z-Nus3t{olHn~A{z#?-tUedB`*LmrAgvC(Y^$F7+Zm#tQift953fwaLvBHxYnQ@-F* zPJQlMdI#Sn zN;QZBh=x^x0iTYT30DG?s64`IJJ_j9z0b@)qC!R^?d1G9xZ!$P)bacx zz(X1(2%FM|$_7ELF4tP8GVRXW=Wj9#Wr~&r*Sfk2>bvI-TtOioHQ)jZE9K>$!&|SH zjXrhKMZ4v6ZF(95TLE?iPY7 zcM47AJk}GQygPuHtvpU;KAk>g2cVKgPjVk>Z+HR~2P;=Hc^N7{Jp+i)q9$@k>VuXy zL2(GT;n2XYeCPP%BeyR0rHy#%X%mu3{sLtBal=iCz4^mVtS(&>jffqL-NmX!oqOgy zp_Nx}?np8tRM!u=Y9YC**uGj6T;FN=?;r1cpLYAALB)b5wbWu^c#7)&A%0DKLsryr zVWOy~JF{8Zl{0BJA3*Sc)+VRaDOfkG?lxh`s{q(93#s{K?QY(J>c~QH3DPGrr9aSO zVAMT#sNZk?r2h1izlcJ4xaXFLgz3@s;@#a8;gmsLnP2W0NV z+QWW!&J9F%W4D>U4^#Gbr%t?Nqr&!lMSr3)7$ThEw_;fXIP`2wF0o(TxhU5LQz2vX zZc*^A`{|+vDd_;Dw^eFT79t68*&(}_J?$GZ9f6DI9CAN~JiTRlOi+MiG?wpCmlZXP zi-~AIB}@q4C*Qg~WOSFo3icn7B{l;t>c@iKsPhlcU!tV-@7AO|Lek5V-BJ5=9sGz4 z&PVN6T|7W@UiW5hkT>*vQRLLoYIywAukKCve(09-4V7!{_z(iVKQvYjgF6r0Q|(=i z4ZG)5IRoyw(4Rghig(wQh49I-LuzqkO&kxBZ$?a4@K$(O!@S?1J1e`h9$a?3IQHjc z!HCDpU@-vUpK4iTW`xZ8#}L3^jdV+NX0GWjfI1-fy6fSxUSIRrBxp`;> ze{u;5ITG*Y_6SOBLm?r8`@)8rT?YD^5NhGP<{FVD$nD1+Zi|M;A=69IEYVp&;TYVx_rep($bx?@2T-z3|ciNrNgXv+Do~ zY97170$80xXRAj}`~xxak>@JOhugSx-3+|z;tIa??bz<=Xm8>TZ3VgYgOLl6Zo<$@ zl&`tW!%_UTe%;NK_l+L(Zv3}Z%LPjKR|Fw{yzYrKwiIJb#(lx$aa`HS>GQI+w~@Nx?tZGb-rq>meme~pv+<%KCmJ$-)V-~a4cAsKW-Hoxv~0Uv zY1-mubW=V?#6~n;%hP0AKKqTBO}Pz!nbUsX*LKm`6;=J)QcZhLf4f|7or={Q&p0DI zYt&S?j1i3^{B_UAC{0ma+d|dR+cl%oZ(jDOoYT(PFe7F+^<|w(In7<|RIPgM8U8BN zXbpRR?ROb9 zy3B38HD$%Kl=?v{~T?izL) zF7Gbe=+B(ZH{(1ke*4wk=u%HLEBmY3uh(XU-nRX{)Rrn=U-|pBEO>c$rGsAM!MDjAIm5oeW*M#Xf0S(Qo!GpScD zdb#jNz~EsI83rmKXg(*_Lq9k_X@Jty7EmvkPY8vE4hLCraPdeC9gT>?k-@OzvxcS( z6iOp;K2r$9gAy1eFf<@g2@MG3$)DKNEVF_B|u0SCYOmbT|Sb8Nv0!%qSFa+rVYz< zWKu{T0^kRuE$vQwSu0WnbJB&qI})RU14s%D6`H|>%EpEVow3<}*oeTv00PKfG!Hb0 zu)sjYgfnqBA%h9kIQS489-`^OfkuN`V>!rH;LspM*i4u|q<1>LgBu#{Y7!EWVV4S-oX;v!Jnku-`1P>HI zDkApitPceW94R)+zyopt0)?ai(kU{W=NnkKxI_;asNj%)8dipki%T;QApzrpoX3@a zOiGhm)N+nlo-9e1wXV`SRW6mCFdAY4h_qNd6Aud-CpI`Rga#?WfrRNo1~oDq#g&`c zS$nBxlTj9yN=B2wqBJ0njhZ+@mP$rr8j#0^02+|Tri2FMu~A^DWHg3$8j!~(+p;dW z@S^=onz93broo1RM#B#_NFFCbAC_t)e7Nu+rxO-BC_r2y2A7YHj*FBwNFFR52^c1! z2}p>@^I(I*iOq%ts-Ur;!Jtv$aA6{PFr|2KLZd;03(B6aZf{;xhK7a)1k!*&8W3oz z9DAjw{K{f}>4OIA0)isLCB+A%0;ZxM9!~}j4Hp=H1%nSAKrGV6q?ur7K%h=#f(Jq< z0)zy)crdxxusG~T3KbrqLIe*@hoz&rNS+Q238XOHBZCDEpDrSVM>=6aV3#cs%36M~Hz3ga;lWbRuayh!A2SgovOVCXRyxblz(f2S`!` zC{Y5VLS!SZo2A)y0@j0_(OCPVXa zVE~dEDk02=ha-iD={1D1gv*Hz(uT(g4hec8jE7o27dmsBnZTZcJw*r*5hfa#NUEHG z@DnZ=zA}Sd?T==knG9L}=f#bx7 z2OsIgT0oW)9&scJ875p%@fsOA8yc7ooSd+LVTv?BNMNv`z@d^6aa;~V8fA;eqoKir z2OHj#iQEQd2xU}Md}LgtfN&8JaezFTO^6N`3_EFmNQe_qL;#UOLWC12EE?_MVL~NE ze{4P<8a#9;Uv1)&c>6dBDvf;zfk`TwJ(- zLK?mUhGX-=aBM!H2pX+1!NP}!&}L(qd?FADm`aD!aPi@QEEqH}Eds*k17U&+4IVru zU{G9tXy~Buf%7I>nZxpt7+iP&Lc~RfRSoYsX*DNINE#|wJ`^%g) z4eM*d1%wJ289EjINU=dX8Z@vVd9YN{!oY)n1djv{p#{1iQCJhbp&cp~ESn7wN8>`G zrJ|PyC_X;$15JgC4Gzu zgG&bx{|hbB;tmdk{rK>KVB&%TWI2&y8GKYIOcM=}W@D{nd7duZr2vru0n)((3Je;5 z9}+UAj0NI?0}&nzmp+V69W-3{W#|nKE*gOF$P}FmppIn^(8Y-iAlzE1So|gwNFgz3 zw8P3|TrzY*FklH}xulRVSS*+S^9mdqT(oK$WKc*@;h}*8q(g^^gbR%m92!&_FQ83@ zOb-(t2hp&ZE)$Z1M?yP@27kEl0h1GdGlPH0J22R&(9oG=bX?%@K{I_WXguJc5uy2= zrsd-a9T_5kWK8`RvH>Q<1reG8gN6&pfky<+1ZYRB1y|(bx^3-kO3mXI>68%x^!?h zV5rbxL#V=}{d94gAP1&cw91c z_~3{_lMEm{gh1he!y!S2nLj?y8G7u3$g>28k4XY!Fg zqz_PLGm$ov=_7G`Kpq?*jb!O)BunQ5@|b);9^HK%Jev@I2{)5{k_ygPBw^ znrYMF(1a`?5KspX-Ao*ObfyjrQUnVhLXRSDx@_J8h%*k5g*=0}BoqJlLQQIAm}z5wZEGTxi&Mr~o0-*kn+lLGyS* z!vV5MBUw6{g%eE%)A@8v6AF$Hr?dHZbT~jX8R^2wZ1yIZODFT0JRwiVP;@RBn9QW((?JoMI2Wm-!2nGfkB!a*B4s##=ecMmQpJSy;c*ZmLUJ-H9FR?i zMH8A_gosRq&H#ZT%WFE!F~OODNE{D)W|Z?A4u%lt6KZhbBGTZIp$mr&2@p0e9JIqC zX)2SB6Pb^mfHFQhcwB_gsVjK65TXGG=BRY|fSEv2Mk7rwHdQ(w&!w{o@qtN^q0q4| z8!m8va73Vx0iqK=bnr;mf%#aABMKs*%;qzBB6Rpn92A|%XHt6#2pN zVQm0$f#QP#MTSa;OQr$GYjk92oCZn6;v^1G0_6!LRW1;m1_TiWkqt*E^XY78q{s>d zkq~Iw$Xp_l$R*U-Oe~?v5}Gy~AW+CN`Is($l90&9bdf~1-EtE5cIEF9!Oy+ah)DLEGOu$c%+Deh$ON;7;9`9Q4onp zA|a0sh@_c7QUxQTATn(vPDB!aIZP!dOrIoQXz>+M5V>R`D@G`YfFdjKmX&*GZ6qFXfPHIh-9KEeV#4}6M%tQ>Uk2xC`c)PWsD&N00000 z0000002l!S01hX^B0=Hz{=BT=o-)Oel9!^djzx=dFvo+XrTpvJw9&}uI8~JnBO31g z$L+$8n^y~U(upu@SdQ|3$Q{4@;`c7ir}c8($|s@FDq#2e?|Df7WHe`wd(q!Lb@);& z$u`^IamS$jpApcIcYMQtQ{#JQc6zQ7<>~AN<#CK|`y1vw`9IX>t+GgOl;6%ey}K-srdE6#g+Os z#C5ORLz{myKS((ErGPyrQ3ay*f?CbG|68WPoy-D1D&qowNeB!+scl3NrF62o_e`8V zx6GYf&D|nGCoFMuLBw5Ioo%CRl&Xj|9|V-O^a1A9ae>~r;c(L)2PPdaQ+!A^HA{9b z{FAb5KUZ|6M%UNfE$wktx7rq=*`g^!bVV=aHsd9F)pNlHxZKCD%M+LEqy4JOpHENh z_i;Ky{7)r+cRj_*O;7)s50EH0?YuR7)~Z`gmFPWZf1ez`xLfTueqz86*0md%bWv7y z4dcs74X+{6hd=!{qWvpfGUKonxSDCvchupk(bDV-_r()b3;5<5rc|ZsprJr}h+E)i z){m6l$OHm_YpZHY#tg9paAWA{#d|0%=$FmXRjfO@>Swi~dJfstO(1ZE&!x z%PXyB>UT+2-EBqhrdxI075&nyHRtLgdEp(nm)Yd*P?m7?DOL+-4Yl1gIzV+V)Sabx zz^sLTRn~>Op$=U|s}RL!NVZI;0p5PC zfkyV84iqz;BEz`iFx#?(e?a#-xXbN?;7;mNS!RrVfe|}HxoM( zT{oU%ONv7zZ=spFLEETjsuF>6CM{%0KWng5DbHstz$_)#%GY5mfAvU z{L|xdUCY_UGa_Y2U1aMt269ZSken&E1+oG>03DmqdHYahWCN$PfrVMA3lhNPK7J{G zESEzAZ&Xi2Fj0K|!{?H_R?i7PS+1y$rGDq&RZ=lX*N5|@10iD#vm(Cag@A~kIH7ea z3}L{_7nMVNcF#hkP?B{wZk@<4AVT_oFbV#jE_gT?B%&87ZifSjiHkoz>>z%fvu_74 zRitzgv_EB1mU0Hx4(E=tkaIB`XI;F13J?(YEkONwIrNJjv3@^5{|})%$dqA}D7hn} z1MV0+Al^w$skn)l^}LapG3+0`UoBOPj(;pkX`uJxE+u4}bs`*g@Zh?#HH-2`A+O(u ze1f6>X3~u{O_oKKt}+)U!Uz=q1(o%Ou+j?sACOM6wFc;0LL;Nzx4fZ<0KMRUYDet? zwTf`VVu*}I(z=5?)fki$+sKPb6b{3!VQ7e85@_6Gpxp&`NUu`iIiYn$5o7be87|Wq zQYl*R+P;{HaKl>y7P3HYLRk-tq93O3%UA(z2&8K?rK~;(qn?B_C5Q|Tw;PzJ$spJX z+4{B@be0N~_9_&_N)O2EM*W1fC@ujsCS=V3L@xF z)iKLO&%LieuEMhBhDp>X!_T+0lbJ-~ph}^m7(7OCA7cwf=ALX3;1=(Hxw_*~jE~;M zPln*k+%z**O&`3ul#sqLw7p4-%a9QYaLtHC|D$Ct`WOu(16WrRSe63Pq$*GXgyWj(16S6;UVHhICth<%%|T_}XD98^QvM zsLZ3=_(5IYqN2kF>?57%}@7M;xZoXrBgkl~fo-3k&tX{)LQp`ZzUHOOC- z3*s5}dMCfwHe)B^;@Fg(NEgRe>_odbHn3Cb#faWL?%g(jx-IeOf*-J7lnccfcA9lb zqoY|H7L>R!Ct=q)7u8hk7wv+eXFyDsjt)l{#^OpBE;={4x=i(St}%7ZuFHw#0u7^? zx^ozKO7MvFu>HkmT80sNlndm~1-+r&lN{q@XH)Rw!%{n4N1tMh91&9=$%N5=7P^s?Q6eU~7B?ypgP5v|4^gUPV7cK2C&fm1*cdx& z0!1>sxG=Pgr@7iZ3>r&tlhO}kxYQgfU#WdT&YS3eF^Jfr-O=PC0S#7t`6c-7C3v4KT0UlQ`UWV(y!*t57G*+DRIs;+Vk#4t#- zE05xnA6;LZBd5%t-adEGd7e2%?m2pV#h)pEbUMH{$qi?KB2yM00Ts3eCG*Sypw+&Y zob>0pU*=8%OZ_gRD$ziEWgTqA#%@!(m-%7k$}aKT#7^YRE6agefC92UBWC| z11N%qf0f)Xp5^^T&kJ>RAA!0^My2O}jTbdVJnT$o&Q%X#E!?u$5lHLgussK64fC_%dp9 zY;^(;gXya>ZT}wC{Bc4b--?xr6lv3{ZxcB^C^SLkFu+J;@Ae zv;7W5Thxwvy01vIK7NI-oTO^>s&6F_frpbO+NLa`V>&X^(AgxhC6kUriw7;vUs$vw zNoKGRJg%_0o6&rw?sQT?M@>*AxuK*RLn0<_BvCECtRDksO;Bo0=4x%BO<+eI1a>$< z)8rd?-Sgy55xQCLk@MVtn&ja)g_X5QA9n>>hibT0Ni|@#)c894sIg3iZ#$a#+df&0 zH>yFC^(=^hmJZ{;R4Uc@dZ1-|KjhMB+0wi#SgD?ZsRngRUW~@2dIRR2ENH014+G{v z_xn>~A!TSdJfn!ApgeHYY(czm zo&OEMP@)>Ss&Ka;+K-3i2$$QwztU*GH=8L%C0Y_K$n!PY5r^2Yy~xnCTr7+SSz2?- z>j%%oCtM_>_}FlaAdJV{T%ufARM`?0bX8EpW1uM9g~9EB##xYa2O<2+6@7}Q#1XY; z*`#@g1|RJXwA;LYwmX(J20X62eK0*tRrhk9B!)}JzpnH{E~4qPt$CV3& z!pT706CtwY=LZ2~zar*Vo-q0o05n1-8!1Z=yCg)W8{W7r3 zOj0c->>_Nl z;3BD@%?b=zv!w$M0ia{G127?BWL@^y@@H?#g^fqLgYeBcSnB%AR<|?#wJq|?9Z}U9 zMMA(f;sE1+DL5GI2BlBSVVpDOrxU!larSZyh#0dwoN(A0?C192mt3Ca>q+Mnpak;N}V?MV|3_lxm zFzC3*LxvS5CXN6fdT|m&o6EqbzEQe@BXXvrwBgK60xbmi<6pSyRh!o-prv+&P;$)= zXD6>+^~2F>yXe?$vgB{6uUzPwc>_61=|0dsr5g~wJjB-v1iz@NvUi;;g#gNlw!h8# z4F~ss*+RZT_$ffT!7PnJA&*(jz!d-(r;weHdR-KxWfajBP9s`>qH8BC8eAwa0niRB7u(`dPoU^hFcYV}CE8CnfEYLOxbR}@RD}J z=*DVR#`w8iR+JrjMX9ck_C;=~NfZjQ!5@j2bWzAFXB$wdyR2=F^VjX0JRio#qL|s+ zg~O(Q;-Qv}&7YeuTz?Gq_5tp~alfqWZCyr!E8dKu-mD$JTe9@Jt^&+eNNz8>;v# z(-uL=*~}&($KUQ_^L1p%t`2yAEpOR~UVQgsT6z|n7gM)X4=ltZSh(HsNayr2v*7?& zs+GX3lZx%b<%3@XOU`(&9Uo>E|%OY`I#Di0F4Gaj_w$2Wr)<8%?b9Ptx2s~mW zNo_qLv`AE)5o&W*ULsQgm=W>j(uwP!AQ|8}V~Ig*DCNS*z#_XbRKtRQUt(n5k1HZb zp_1K2iEK#UeFDf`Qk)GNrgKkz10w`eU|G<8=J4D+g)GfZ*M0h)&WTWObdDS}FnpZ( zNN%BU@+j4PZ$v{z3n~r}3NTz#8xba(vBO%LOe#k~2;ChT^Im76)_qmGF;MlN0-0CI zqyu$k=BLI8HY@J}f$m7-+;XewG-9r(vpA4>jZ7&~rGZeyn{mnVE~%_J7+!w{VAg}m zr3^qJL37ie!ER?VEwc{$BU*H#8Xr*Q^#jY-{qFBf5Td2mjIdXgjvE_kCaaWKmLQ8`NucihgOycO`lr_vyRb`b^{b7s}hP}BAB(4Arb_}@|cWSfI zgFsw|`~_v`eEYh8Dc0I;f^;&TIUkXT0q{WaGPV)Xz&9jv2XJSc5hf|q$|!7RP@Sb& zN6ys|(YvOIb%yLE>eXGF0Yx;LZ(Qr{>Cr_m{Hl)kc?--IfT zeKn*ZpZJ+j!i_?pN!Q?7+N-5uS$zfkQ)T&Xvu`raD2Aec;UwKSGJ?$CvNOX6W9W-s z!~NmQ&BU1=LrsCg_fn_OEkdFrMRlZ-x9hxK{#Lvv3ODAOchEDGyMx?v zli|eU$&@b@l@clw+Y1hYJENg3=@WQ@7YrO+g5AhAuB)u-5Cn2w{ zymfg773JT-+g5o-ih(=#e(*f07IJ0I3n?W`4A4UPK`1K!vb3`_Ba~rB*%p$-tX9zd zMy;v*51*E}3#%UT?qQj-4|gNVQ}Cj)3_YBUZ7_8Cl@SFtY1!;mW{vV=TaNlF^E`V( zeuk!;y*KRC^)Xj=Bt%qy*@N69LSo}fv~}I%`RQ$<_}{WXX~)3*9gjAMV}y}H0aqvq z;XyJ-^)>&e+9>H(<&7|XS?!tZUdoLX%d)1To%x;Cy1J|3vLDpM%Z!7M1@=;P&I*|_ zU`_?1_8tEb`M)bV%AtcX*gm5cyCxv3wQ-vR=6VNJFVEix9RNOm>)o5YxWu30(0!tC z4805|Fsd7W82esbFabdJ0i*n*`7{5a9otmre*ps$w6;(zWnh?Ge}TY)>A?cWgOkOV zdg2K=%chYm54#oxZTW5S5iTvW<+t^~97n@e#-M?>YGIyxdTOHdBdl&-m6!*0lSzWz z(w+k=H$OJ!^pPEZZ#w6M>TIRI_$ULp!mu=oQ}k~5zT~ofC3BWjbEZix?}VcG_@o>s zc=bmrzKMyccM9mT*l>^h)q0N!s?n%LUDy$me(L5JT&2_6NA0UGG~Y}`BITsAQ58ak z{T{;UA!Z>Pc&G{X9t+IBQ9$K1uMM3CyGocKf@4aTAExqu6(_S>Hw|rfrLT$M44eZE z_8G@NH>{(>c%<)n+}PlkOHU&SKZ<V=qgD7Gn9hxIuP<14o3o#2Sh^Pm5A<^!-J ztqchi`taTyu0NOgVk#fBVfr~#E>9!jxWwV42gM3o&T4eRO90@QngbtXpr@AE-p8N| zjvaHy0DJR)TG+;k^pxfobxq>5)Qn;rSY&LdWaZ-olm!{BDKIHYH?R%|4B|1D^g810 z;#51_c4e^p_?BBZbf>-Lb)xd& zUQ#F`fxy)UbwPuT8ro=lBBfb2Jr6orF@Hl7a3$!_Ec z3fS_0{(4%5lL8PBp4P&zbLD(Ml|g(jrvNeoqDJY<6X=eP!k@JB;i;xsKy2sKBA3&~$ZTmyqBQWjeL`9K*mnfc|;&EbQz@|aHL=4Z4Nw|t=jkf&o zQ^x5==(=R!+@Z>s3~<8$syg62iWA&*uN!VZUIcs_biHw9)qyNwaU+0BbHrCaWTz;y zCzW9boo!=choWr`85Fbt)!q*Pk%~5LL42HQiyWYHwDctLiSjp{$Dbg|4JY}!KYvtz z4#ufK&rgClv&LO6TDX`Tgjb6r?b%2(8zgd1Rsd~b$+X{hle^ zsak+U81>#^%+t{cfHB%A-?BuEpD2 zXZlH*J5H{6D4sSypSK=d?(&=&>(bJ2mD8^BlzLYf*7FL=^a+=B#uPt?Cb^gpRAlv^ z1eB9d7shv9JPHW50K`nlk^$UvQO~5IrG@r!vG^RY6QBW(i1Nbaq0{~sM!D^OePM=8 zoWnS3%(OT*e!va*5)WLEX?-Bx7Ns7dk-{Si%}Be@qFr7HXX2deE?JFIdIsGp#(4Ae zP>MQ$X9;$GBS}~eNde3PPlh5b_t<{+L#Hs zE^2l$R0>&^d@BQGWV3ln`$isra7dWq*eutB7i3+kW5WR8qRSY?VL!*#b;eM6a?y`x{*JeL7qp#mF5+G&nS}No_9`=qg z@h|i5zq~YDL%-jIRUZmj*Bp2GZX=1FcZ2 z0LPax1K0rp4vj(bdJx=N^T?xHWA=z7xhsGY;Mx{QW(%C6Mag>4K4g=3?np6`jXMnW z)`>sPw?V=&M8=10U;*>Z5u^wm-2zB%i!9{SYY{gbqI{)X&YWma17WzG(2fS>k!zWO zu&y_Z(9b$1no2|ARoC)=oI1o#G+57qTD>+!ELnr!9~*(Mq&X9UE2uw;mwW7Ds+%f6 z4?<$Lr1N0(V$S?EVuz=i+@!_ZDC$XLOhT-(W*|EakVTOst=~4tMy*GQ4UW#8+`tr{ zW=p_p+W|y$**WjlQODvyGFmGdpMirC7OnbWXsC&1pel2B2kKXUM+iL3Z*S;DMk4-r ziyq=WXqFJMk?dAbq$cS#6G^e=JXYCv90?GOGsZkq>{)<&O5HRht>6HI*(JnR6rM~G z&fAn@+8+r{pDs-5hHfK3SW%cqWjU`gz|pR#<+FVfqnc)zz#pSHJmG#K)x$q{7n- zdS~GB>KAm`PO^jNqrL-kXUvc#S+A=sc-n#A__g9l{yXICNFUN+uT7!Nh|_B zPig~zk5oP%w#0qzRU=wxFtBGaOgq=Z%Thilwn!JpL`$oj7)M+KYxLA`QII?mDI-|? zTD4D`wf;wcF~LAJ;63<}JV6Hp0L%>_Cau6t$YnvUs>I5cn1+kfiV1!_cjVto!Qh~W zJ*e^16N%9*QPkpO_NX?p?0$%Vh~YX}n7|vrwpUbkdJnP$z|him+NJJH{N^ZwseG&q z{2Ur(!FjEX^OfYkWTOS5VU)j8!e%NX2j7S=PggX5tgR3n6dw_&`#Kzsqf`_qL(#Ip z&U8?)9KsDIjWTq1M(TH|oYS9sCyp9pf&&DlBK-RL=-V1Fc)WrUzLf@_hok(?mN-ch z*4QXN0a%KZLA-@IeB}WD_!E1VXY0Wv+cse@+l@<4s)=igB@W4GsG-{(L3qG zr)zS5E!MJA3L=ZgJ{(7o)Gb>)uv(gX0Nb4w4s=euYgq{0%&z2CV}{X#Egp($rJGhjP?k| zlUyL)BkCb}y^KMkSpXu!cwR;IXNfWn3#~AJ3#ysP#t%GohO{w0;CVe6*W>rXorm!m zC6_@ult9N+&?SI@+bX&m7a>#()}N>22;Y%0R|}p17@bEpN~TWJJJH|=P(9>wEaQ%v z9jTxC7bF3E0$fndVi@eBpxg3Fs(OC@ESWMPpvEQ6MU@9tOu=$&Bk$b_ULJrfQTYFV zaIidRIsL99OMxgy?*R%hYT53j_(7IjX~o4fsdy}ypcWaCR&EdoL08!K<%0KMYb_$x ztG96@^{@P^L9?LsEGUCLwrJ}TeLzt;NbMra;BNa=U&dJXU%9ks1L7bq4CrsA<30u7 z8}^i;5JptTDw#LT2gfVLaY2Tac8kG(PhPY}u^g$xE5Al-=~0P0j%k%6b|S$ur3J%* z1DO}=oRE<(>UKi&d5vm_y|jQGiXf!>-e4kKIaNr@{N9}B=R*Tt4M{zR&4jq;ZtPThtCt8Xx=a%7itBSF}j zFlx|%)8$$}RbLHWr4*HE@5SeiZX)!x$icH52l3;iq7tixjWPOK^4`tvlRD7RZ5hXZLfGjkctc zXhf)uWi7yVgY3eWmUAt;Kn1Zd#rH!Ar^!qBm4Yqllmp|K4Pv)0&9e~}IV4KUwKGbh z4W9t*W3YwFl(pD(tqnYsXEJ6-=C?2jbU@pA)QAs^LgBoi4^ybn-;&vXIqwb$?Xscv zF$2SK`mI}swwsME)318jl4Rs(`P zrA*|*x)?xEO#MvuTA9;-U?=FGtANL=>D!Y^9rBu%7BHouJm%)rGO=^~4X1zg&;jy$H*8v%^HvhXsIShO8+ih@vO(ax znd|vekFTotYE@@{1J@Hwje%a2FTCP_xT*)RS_mo;38%xt*a>6$R3tAsJU%d%H)0D6 zVapHxa@Hm1)ib{oYeTec1&e;b4z_$S53bHVGcDhI(5N2inibGI(Kzg(2H%`ko7mkzW;o0a}Nc7hz;1SwQ^}Y28-eAI|!{!#vF+q4b0JG0!Lv3itsx zA7EiwEr45pNs_Hs3{V<{Q=^4|s68-mMdB8QJ}ae8nIS}ve4m|wgPCBTM9cu6Hp z*iD@y5a(D?63R&{zV?~kW^^%4#T^#Glpk0;l%WWJoYiJ}>RAJ0{8tWb*LZjfV?U-{ z!l14qXIRU2k{H|y0QJan%%&(VLO22HQyx{Rm`^RYKVEZm3yCYbNK*zi2Kndk0hdcR zkQ;T}=HYr5pFzlYu?-lI6SGDSvxZJNl5TG(I~qyRDS}T0Dn6YE0~-g@G=uQhF#zuJ z?%BqFZDcz4H}tw3(cfuyCfJAs8c!!y0Utcz!w5wAYe#(+Pm5lyzi~IyEW8nC4e(an z@9u!!d9zwI3hYQimNbZ9hVvQDP4enbO8+7_8uukq9cnkaA}o4i#VApT{XBZ;Hg6npQU_o6V)@&e{)aN#7|Oks7sRmX8&fq7lPvt@XqaI zS8N^FRz*lsfkb8K(Hsr~QYj*eWC}060AN7oVZaE|&aP5+0|R>}9cc%pNa}WzQix9v zB$N(FgA!So_rE#eoihd?7}Va>*J7d9+>L1_vcd(Be0OjRa@dt5^u9_M%eptk&}-ot ze|9W?4a4d#%>odf9V*zjuPWnfD+)9HSqEzMSu9fA61UcMV9i*yw74B27JRRK=R{Ya z8gG=f`|+JK;6@g|J+5Iv5VNxdv!GQ|U$oZ~qeF0_lY{?s5W>GW4oeZEDC`K7$Iq`7 zsxxGxDpyF#fkUAscS0|w73cs?#KBKbf8LCUyd=R3;X{#CFD&|T?3JqkLEkIABDH<5 z=p`@0?M9pSFnQ_B3EA zx{cy*SLnce6S3|Z96D&jiF`!mRx6qP>h|)W`lk=j)tmo*JanviPE=?@M6g>qe}G{s zm%9xXH+;h2ofpYXGCH7M-xQn!=|Xd2Ws+3HKql)#+V`ePAc`8m`p^s4k$OAdk@t!1 z&PdP{gVbwB4A{2pL`FnXEcTnZMGz!GD4egTDeLl)qNjvD#7FaIv&$I;LUogi-*=4a zx7XJxJAen2+I<-i3FnilNW{v-e|LuqlBaNz6*xs31}279G5-fp+NC-`8xzvG^Mbn5 z%w-FcG`+y)j3m^yaauzO&U+*wwEhb=p6tw%(vZS~shm^WYLN&D6G9L_+K@^R){4SsGW1f2nM3Y>5*# zMcz4XbwpxVKr%oXx=>oNKkTr~^lkZbhj;5P1~Z zMAa8$+F&a^?57;)iKcPFHuQ=Xpk^Q_H&|ib{XxBfpxC^c9M5`e<>~XjVbsT!NTW$( zlQ>|iX&W%hF4$P+M35Pif3cFAFYgajT^BDcJ4W4a1c!Kk`Gv%yOc9wW5?p1FJ+X|q zXT`!Gcwtx&2nHQ%E|r#UB|>(yz@UP~J%vULglL zTH>vPJEMK1Z*Nao9PsW5tV9UKonG(^s!K4Y676*IRuICU*J#Nq}V!&cg_5^JPZv20=dtd&@!m1ky43M`0%($~K478oF zWFFt!6Tl94cyJxUlTv_FgDQ=l^BHL)enoXBSFBUBMkhUAPbV+?;%E1N#;5ux zfn!sFUfAQue>RTQ8x^>RuTjepKL01DwT<)QNj}g7O#djF3ca$)u)LI)CDDN?ltnm? z3rqLJZrk|HFIlQkW;(DMHxnl=re%x05D-z;fyj@)L88M*A;%?t#oh_@y+Jbd2OG{C z0q)Xs<;hd<%rpO%9ABMA>yF3Eu&0c94f7rINI~f}f1$T)-2+UjqGM>KMCAZ7=i{eQW=so=1k4sfbsUmNyXJZxOKDS-@E~rqKg(2s2Z||S zGKpKQfAkeWV$hy&zWf4+@~GG>uOQe6K`{7$#5x?3eDTt{CX56cVWfRoeq0e$CR*GW z;=)0`ow!zvLhhchAjNoo913;1GzQb{SYrN4XhwE^Y z#vCy9tYy+WXL_R}G_w@e+5@?ux+XC_5KIBqNjqP8RQhEwBheWhy0Pkm4tgF{|!+5aXK;*F4JS=S(ZtgaB(R+=4GR9Uh=tAPe;R7P%` z@wJqEL(7=fxem^EMbDI0y=v{Ne^CQF9Lie%i6>jylhVPV+2U7$62wKLUqzlRB^Y+k z9>U}d)F>Bsc@N2C-Na9laoBip4z3!=yIuY~Jgrpo;|T|3(V^je{Hbi7jo2% z-Y_Tlgi%K!C#Ml@UP0#wTzOjv4$`=Z`YSLM%koKhy{0D=qR08_GCxlXnTa&(Jk_Uy zJf_D;d_#%~@>4GThutoYUAwv{F3KzUUvUXj@xdE4C(iIz+*9U3Rf*8ov+vYG1xuC6 z6>FFP04UFr>aH$jD6zB=f39P)z#B`I6!a!8n`Sba10|yZTv>vd4#+STWLS(3tGfsn zRykT1018=*9$o2`;Y}cT1&;HZJpaj!Z5It}> z{J#nf`4X&$gciZdMfo{Om7$akifv8v*W?{%D2Xr?S>t;=beIXS61AzDP@`n-=l{2L zPmKF8RIG9qA~d>*e^3MbGVMmko^tg;Hj1x@iGBmfnDx-`<2|BqrBLRG8&n&{3SiD| z^&K@bHWRL!wQ%s7DKjz9@EO-ulE$@o)jYn+yaMXt4APp~iEhi+mASI64J&R|e8;e} zW6F-c&@FPFWd+2-R-cO`aMExJJ|tQAEaZ1`ua7frAZG(ce|j154n^6NW5%qr8J`8} z(5(OPvw%Zd707~Lk>3N`(S*n?7@I}J_~lL%oK@v>c-zQKySu2zAV_Tt{fnSPVg+Qu z%})$Bqdv~MT62fH18hLlN$!a7q`|AL72RY2juQ@eJ+WvMzTC!wE7i0*n4oAsvLFhb zY#ny^Z2YFze^!ACt8UH$xl!1X|EW?|8nULbBRFZSx1NK|?ig1daQ;qOx1uS*wWX@f z8@>lOzzVeo2TAPdIs0yCXp?c{PXyNzK>N&_uI${x_Af!I{b7hzv~~=*xet-f_6Jn} z*xZo=jw6Q1vHcQfDaGap+^IV8Q_@{ja1<3+d$MAaf4=zaIT9q1^%t{1FokOC3Dp>C zk-Ss0w9Y$6yMj8Ae_4Q$ZulmU705J|M07ON5X^KXAxyW;=FX@5@)2IXkF~ zb25G2f3)E)ZBetpS>-1K4%&!dxlWUqq<;ZgwLgc6d%NZtq{Z>I0IH5p$d7LY!x4%$ z0fIsmrds#ahHJdQwyvbzvrNEYS&)aFodG;0fo*tUV>^@^5bSLNj#ZZnbDx1oEfz%> zO0~;aci4~d1bS>G9=^7Vn#s;Pk<9SQKMKbJf7g4Xlb$8wDDwfw3fpFp$5F{`nXP+A z>V}l6mj(c?NKFEe<(H#raI*vN&6wcO&agpFnTGf!#)YV_X<_V>Du1o!swGh-M|GOGnhy4;C;&^ZmmZI6F7bb$;1)0%orOp^#NS-DD zfA~dWOthpwJUP?Wj#6x#xe@Z=3 z`gbzF!A8-gz)`_GqU$#I)YstU7MXZPR_Oyt3#?Gc=+`^?9tf6kiNUNjZ)-0%>|RLO(L=*z2mc8} zdb!mvLkSrlsI0Iu8K0v8nl6?T5ARd#jUD1;7NQ?>J=tdgkXBKei)?W!AQQ==_1SOO+3QyI1 z2nw%a5hKC#r18!}J84+4iA3z~CnsyMfIS)=bw=(yF)q7v~&FeIw;iVYW8b#DCvHG3#r3ly1TX2+g$BzZS8Bq>eXODkrvl- z7N{`;?vzz=$gJRub#}yrc*3ytfW>;g(mGzK=ycVZw#-&qZC6>Mf32`kP*))+tAJ2d z$Wc_C&!#Nvq?(HonUjNB^-vksJtgm)qHs-7JSK$5r6#D7l{Be}6iE`JM8UBmTR?5F^>A5Alw@MCexv?^}v}oRfig{zN6Rib8e_N4gsR(v1k(F#=qqi)C zwtd)Yo!Yi-%QCL8%Pp*eicQ$QNR{|(8ynVeaZC*WlPJU^1T2<-0~3XT+xhFWc3+-K zY958&R%k5+ovuKm&Gx}c+@ziIBSYVQt|~W&7Ha$D)50y)$e{_}mQR`zl_f#zw?;WT z=CiwUf)HdX38c^<#ObTJ5r?HIEo7M-b{UdYBVYr7Agt!-TaV#Y)ZNh}-io)u%$Bno zfqH7*6T7mTYY}jaU5P5Bx{9gEW|~qy^N4%SYa0APe`j^)z=h+pjsd4wbC^8DX-k3&%(;&W)_jG|ZkTE&g2X#+U0E)qopg*H~@U@sS;#^_y zo6?UgfBmVpi%NynL8XHNP%ot}stek5RlTpPIR;q7>ZW7_c#l02Pa%m?SO5j8e!qRH ztFG!kvkIZmP_uozK2D<^%VPeji1P%ACvOntuAdvPp~h?hBymC1SgiIb06!n?!&)}{ zaUAeTJF@`JMVfDeK?{k7YOa{?O20TQUM39qe}d$Guyl3i?%|jwnx&jLS+Jpl&46@S z90LsO*0dy99NA(a_=~iF4R4E(OO%OU?U{f?!A4oNnH1^OTtIb*L8O)xq;C&Mb^rXK zXY46&W>TYtV2shcF1HDMa8bIsR`TEg6cqSgU{a+DmuujODNngX^D5=NYegRXNhY3} zf3U%GjwwkqZIgBJtHjS(1T`2rT_$jE4v z&{;G+-j!gAH-P0wC+E-?7ZLID5ugbrf3oNT77iS9OaRQDSA;^^Z1Uq1zl5i(G|l8K zx<;r2zVwpr+XM%SgNmjYR6+7|1S+8_014tm1$wv(k1u}c25PYrMTn5NB5n^Rekhw| z@L0>Xh`}nDuWg|v!?J#FrP*bxDhoYC7{DbwP=8xdLzce>2fKu`UkhQWPJ2rCe-MNg zvN6YN;$TNCY}>7;q=3MVBz{H>|CdbSu}j4qSrsDq2D11Smw2@d%i&644*e0wSO*>hKhK zqOnA8Zd$M>rr^;6z{i0Ne`Us7HTO1k-yr^;hA>3qR=)^Jg$`pjTgMY4qRQ~u zFIXieT%%)mrRFs_Hd>9A)@s7)0W^$`E0&VpyBmqJD3h(55$cDL$MSc7ZzGoTIPv9^kc0a zEd)R)0u@sa;ov6MtB+=Sf4u8U3(;|y+bEi8=|7`CG-h};D0pH78WVm0&##e zk@zQu^u%wlNqv=`Zg{9HuvB^?>b>}P4c2Qes`}t3A!=ZvwQ$iZyI6}I)ooTd6(kKK zZ#|>^AU7qIHZl<)2X(j#*p=X|Ld(B!qZE;#q+!+VZ_rjEb>Th$6>Sr?SXO_X!>txfL}-6d zos1fI+Fn{yLrMVrAkehToh8a|>^o5kOItB7vuTG*o^b=oP2#jv4MlYkarsR}esPYW z$7slsgOAc(w2^Z+e-u;h%(AZ9hJBxwh|o-Z`Wd}+cNAGT4n=B*%A4?}Wg{KE22%2a1>9ke-Ox} z*jx=qe>r7{5ze7eEgXnN5veJH#z`ZRVTo~}$;`cIbN_vo*^K!qqvg1Lk!B$jt;Hbz zW++AH0E0MJ3nLz+N_6P8a3EY&x37Jcpd)Jf3dq;(JJ+OtSbQyj`MDUBN*e+wn$AGm zZbmot<8}bN{x6H$9YR?@)aSpI_Y~eR^TuJTfAVLsnweWK-?AOz0!ruXdC*7;bHAKx zsddc#5W)+%+DCK=ck5To8&U+!L4ga=YVlBUAzXyVXg#m9lyWAgXtY^levK$PSrrDA zop@y_Xi?(thq*oCOW1Q$;p#?mHDZpgy>HL(+q@e~#vIrB8Hwv}yhf?|2vT26ds`b; zf1=G@wCn;Kg<}G@<_=B?t;p1pE0Tq_K+s@W0bcmL5dkW}|KBQ9p^_QZjJM?`-7y3CNNCsD8j`|@e*irayPeBuy94+{zRPH6al{-Os^w+2hA6{q zhf)5DNm>?mb2fS0+v4+l94AgZnUA;`kRx&NILHz-)MT7XTOL{%Ji0bVZhMisyMP=i z9CYFVuKnjuF_5R%FE0;68R{^@Yw2!9fj*`zPczRAO6Tm|1B|mznF;-D@tyvzfAv#c ziv;}t4H`6%#Y6=&Mwdr`eUEg;R|Xh~5&$V#kDLM#QZSU(iLy;^XtaA~E3;a#wwa=mfaD5X%Iy6O(NFwn} zFVsdPASGpr!{~1CxNc~epU5FZe*}RLbeSWva)IrmaUMQo6y)s3Qj;E*dnW@b9qw-6zO)jBJPl!SS`<+ z00hE2z)c$E_l8_a==65L#!^WdT-SX3DJ)Vi3*QEpIeb771q|}wzCfV@f1;2aTB#ua z8peUP1UNKza#K2l!zXbPKX3UXbe!`)P$PS8R!z?S1DOorp>CElgO%A-6Zj&+1m^=_ zFnI(kcx|zafeu-G3oX zyZ?(mH|=2mkr61(L34vi8*R;z05MQ*<9Q+K^ z*T)o#b4MA=5>CdVVKvatfxilidvl)wQp^0X#IK=@V}KqK42QxAg=v_l>`_@@j%6J- z97OT*gA8!vD5zV2e`3@w3OYlW`A(rJ3>^-=gM4tlaISx_4xm}}sr$m*g9#9h7|fP6 zMZv3I)YjG5_x;8oaEC4wSy|i+d>eu!cTymz%NnCY%G{3AucAN)5HTH=OurJt9(QTn zTdv}mjwM@caE7O)05+=7tW(fYCo!}u*S$JO4mJ~)TED|ae}^2K0NFFbNsgnNr=Z(z zccNcmuD8OVcVvZ)KJ(?Sz(gdw+@r{A7Sp3*lZ!}yH0{8OuscW_kgZ2ClxRd5Z+uq*+w{yOt{|ZIOBkv5)_`siuuMv-4{xKiq zZ^_gB#JqO3fB^B|L)Uwucm;;f9hc%BOU)n&-Wi3-psicAIucivw3XWCLGyML^W?=6 zc1Lm$U3E?ny-{X?0NHv}%gf3mxwZX5%vTKfvhW|8bBpCF2?iNqN?3of}B2vlxv~)|4Exb12f1UQ% z$mC44-07bNI1!upOoTy3hZJ9|i?LBOfAotHPnKEyp++ST2r>t2zyRS#jA7!M3TsTf zV>Fo+U=Q6QrOteJW7%5n#%vAP>;;*StW z%3hOY#i%A}i%SL+f1`LpP$u(U_iB3jaoazZS@+~r6suW0K%!(I5cUT9Hb4D}dHEfgWRN-hLG)w+Y`EYv z3jytJl5DH~BI|BsPcBz(BK2D9nxfXlH>IE4N2;IxFEtXu%4K*h@bIkFjirZ$bXsnU zvXYp=v+7DVk_Eb2o)ZKn%tv?QHDKVgrJ^#a-OUQo`!1(XyUH(=vv>w>6 zvG#gFl>0n*WP7yhK@&*%m8JX-ww98z#Yc(=tN8QfzAJL{l_z~68UA|*vV6a$s{{#g zN*ENKa5!jC(MGxb^*10;wV8z+06ydwrff@V={CqSn3yVw3ZT7KOjKf0_|JL4u_vcAy&_T}TtrmnrVA6S!+ju3`_?0F*>nfWZ#E zt#~_5#e+&OJeI3)oE|d(7_}L|yz^pjdp~{!^L9TNWET=4;1;SN7+ijq1E2zG9;U5o z;J@v?8L4xyjR@$3|My?)gIeQK!~y1DV%qqZ1?%3h95{Z1z|e-+f2^XQXyNzEM-eS+ zx^s9vujDX32z{=(9%!XDLeNk^-@PtzOcp=&SMTqy;sZFjN1{9wxgl@Fg3F%h&`Yyo z_r+*bk|TTOEmXYF$gxCwSX5x3b%v*7k|~Ael`StzdE;5a|I}G6jL)n|&fpW#l=0n2 zL4~@=hE*vZ0WiUTf7T)#dXLsCW^h4iOV}({nxymW6czK1VX}DWSxD^G2sP6bBIu)MW|vzyTog5=rQAF+8K;umoL6+BSfGzif1V4~gRWi|!D?C9KP0<8A54aC;4Zbb*78>r)^4d4kS^GNf!L1M1Wx{<~Vr2tZ($e|rV z1`)6riCrD$f6!GiXv7@$3uK}+lrvERT;e5~7(GC44}|+pRe8zY;hebU!bV(j%hn%B z_PtgTbRJ<4I!63`csE-msEIU73IQ>41(jxCfZZTY0LoFF5~YPLwDd(+B76LV+Aojx zAG9KNF4vCMU7va3Aow^@KYb-ymE#&}NZ?}UJ;A>kf0O;K8+0OMj_q`mtmW%Ks)dFE zHMb}UDkvVn^Agpr3b{HXWKx)!Ewf*JL-VkT^M}kW8GXgqOH_e`@#v?ut1eOIal$Ow zUK`8Ztgt#15RQ|+Ci_hymSdis@1BEm$lr+McJmx5o1}uROJHW7Mx;!}%$>V>|9m}f zm(1Luf4}S+_?p{NI3}P^QaK##Q}Z%JyYi-LxZZC1X0b2h;$ddD|8o!k*a+Z(5$>Nq z*P3$2Dds8vdw+MPo)e8H{n=P-&AdyYKqyzi(Wp~xQGkSnmJYV>v|<7r4;rYNaMzAd zfi`J}je12Pc;i1m1?k_UUcdgHphzjJbljmle-FwT?M{+B5dMiuPZ*N|jNhUW_j~E# zqC=6nOfQZnY%xhhI!$C=E$>UH==@jGL@pV@M_HRUS?jfH-vraFxSrPQ@FodTGs9Fl zVrEcl4Inn2-s!rRidVsdtHntprxMm)HPEg6as_*StDwN)iW{P|76BG-VUu-e;jY|f ze+{|*_DWlX)J;gO=1lop3%Z;Wm8QU#WrI*!r*vhw0x-MPMj(u(HKawa0?Rl z0TOsw$cq7J3V(i#t$KxUjcv;)B25#TKCO&GcthQ&|&TdZ4s9Vk@~mw4BtH{BM}tCjPPSYEz+)RBNWnT zhDx+0P!4e9Ex*u>`xKOfi6zZ=tYWT_PfDWk1Ae*-We zG8af9g%aWZ5~Bxv?Kmu|PMLqUXgDoaJP-1TMpv=>&2-E}6m^1`d_tf=;+X6$3u3lA z>ukuA;d7j!$#j{J*ZDOt9~v1V+QlTtpJsXI>2UT>8AKnpVPa zVukl~Zgq!(zPnisXN#=up5P@pf3v`bmQXbb5P3j`#so)|H#fx0$Kr=-Q+3fmo{D!V z+2GiFy5F}7}hEk zpaFYICAH86f}5gEVCZ1A--RXPLLjy^4bN&u7Onw2p6K)5sDFQ=JJdT35kR)tQlMGk zX@O!M0ckniFX06g-x;)U0NSJk9xT8J$jSg1nyZkt4_+pY%r%nQlq)tBdm3-!%bs%^xvz+>3H+ z3gMJboyQ&2P(Pi~&g$OpC!=GZzm#rrxq0MOJ6r41+SWPoe%V!7<)e5$mu^2EGj{6F zs3WIX%c?PzkDY9*i!@JXqs7)j8@1Dx)(m&vbK?1`elGGoHQiX#f6SeykmG8t)EdM0 z^|gLezx}e#R?E2cTWRUuxJFB-%MjMBE1%MB3LTm=lvzWZcim3%h~NGPe>#)K{To8} zdAdp|ru)$$H{av;JUd(do6zx>o#)%ehneU7c*3|PrxEYxXyp!9>ZryP z(Dd6I|3~P^s$H&8+bX$r)KTdwr}3-Rv}PWir#w3+U)|ZU*+D6(-rH^N@{4>*NjKem z&K>Fghab)PVHm5!IBKe?%~@9M9R3pjhILN4X`b?-t1)63fA!?fj9T)ICw{+eo%vP$ za?>oSmKDM%aeUcLEV)A+{{jmE6XhZakiO}+W2~!9V4gG*j(+>2OQx?(>@$n$86uXO z-G1pss1_F3yD0u`Xq#TG%2e1hMA*%4B7%_VD~5-h(+q^?K;#za`IG_-v%I2;Z* zkj-bIbsU3&e*%L;M!^e*!$V-OpvhdW!p=0Cg0T()SvjXQyETmIUTv}-uyXQ z!hi3$q%+R5ORUt>$9vu?Wlrj$8CY2j~| zKjK;)rybT5>xnh5c}n;mQt7ILb=vwnPMqs>w%prIr|zh$e((63ILgS~`;g0LEF;gx zf!0iV&O}_Lxggdoob*lNv&rS@)$;Wwomp(se>eR)$rMEij4&-#mbR!#ks=7$Cu%cc~6c%|POGSD_#TL2zJbEQT&+c6}>A_nCNm@ zOy6iE9J+y!&^HUb+5VXZbo9-eC=iMCG!l-EKqz2ivByCDW>=#YZo+{;z576qk}3^h ze^pa~!31rBeP+SX8Vjku={F)IC_*p_N+jytEwUn3v?;a-UaQ(5D{8n;bw#AgWeKuG z5>%-q$`V0p1Hq`iu&4(;kYzDN8bXSo1cNrz^r$o{%{5VO!nYa;hiy3ct1(fKrD4La zVR-`@2}jm2X-&quZcdoNK*H7{mtWijf2`2hXBM!`ps$;482={r=ukqnFgbXJ>bfRd zbZM)K5=g~6J*32n9K?vM3Zr@hLJgEfVGFEsh^La4Eo#V56e$)36;d=Q&*Mp?YD!?F zK`_c)2DG^tL@6oK6b!tLK z%z;C;HCfgR3M?pKGCM-i{DI)$h)6busSq4442X!}z=6ZT;E-Vs1P4rJD;x+81P}n> z_FeZ;p6ZGq}FTX*ycLWJ-a+Qbg7($uQd{mPD#+3i}4*} z-OXY*a}$0|F4<+Qt4*d|X@Chca*!7$*v+ni#LXb$Ybx5MK$C+)ftg`EViYFaD`Ygp621BT_w!e-ph3TeA$kT@2he z{Wd5p$3|+9cKf4C_?hUEuPP>J6NoL#sQRW~yx5|scplr`qA9g#gLxngV?i3^iZ%}6 zv2lq=Ls(G9Sl2RP=*k4kFK&9ZoJ}yQ(!lu4-^*NUwbJ; z)^%c^#^4uBDkOR9ewXn`jDBAT!n6O8yCnKz*O+%M@GyG}f2g(m7`*%m6`|-g{PAzH z>3&h_AO5))e^wzB#}V*newiiX0Uf2~jPO!h{9H7;Zh@e8!x`jj6V`7ZYNSY~|CKvk zyqr&8{0P0jSVD>djeI<@^&S#OWwb>wn*L#@;7S2kHnea9rK7uEz{GJ?2KQc}f}&{t zi`NOU;)~debF$USDzBsa{MsYDnAg!wJ<9ZFtT-;If49~$c8=~@{y-=LKvJy7EL!x{ zfAIZM91PFFi!PpxMXA-p*t`b%6ud9%0oVVNgkPYb%uG)-B1IuJ3R>FLZZfZYr7zO1 zbZ-`=Di&fMO}Sj8SjtnKCy4IkDE&!p8A>HjtHbLl6z9#y!<$H3Mk61EJ+d#PcAj>- zveC99f4!489$6~ci=bn2)>Ih$4NvzmvXU!#9gj=*C-QU~cnRF>tZvD+RTt6ZFVsPP z$E$a}pHHtA2s>LGZLNB}a3_sSGt3}VEw)PGs7xg(C4)Oco^t1bmxbJfQI-VFgkLID zO&F$1Mi!o^khoz;kql<|Mj>8;AxARK;hQzSe}7`Yge5n^fqRxDwKO0xH8xl_pvSjN zN}{msN^+(l(o*cUnFfE?QeG16ZP#*08IYJ75H|@t%i2jx9=TgqNiz&-|*h0C5uNA)FjtVG~SII_)a z`h#tMT0;#HzW!oFSB|@1BDNN#ZeNRqKp289B zNr{q`t$9NGvY2V2UiqFrO8W>qMjE&j11SWNL(N`{@I}2b2VD6*d5F##BfuV(4u>4(Y`}sDE&8 zco#H5sr=GdxLLBz5QVO#q_)zApqdUXE1j<;2)jvA*eG29KinZb-5mkyX1$q^eR*$g*7Ef zP>+7kcb>@7h|AiQJoL1DXeHgug)j8b50X2xi}_4%SV|Ub;}Fm>TPf%+AP7Ys zM>#_5wNHu0Vm-%~iDuboe$hnzf56VW`u+oyltvKKfliG;@&nm;mvIukuzF|*jD*sQ z3)Npxp3H;uuK-+;~uQQTPe`)?!J(BL@ zsNL#U)0*g{2(#Y)0h`)-n3 z{ipNY84oM3q#yBK&9$EQf39N-(4~cC6|GJ&Rf0mw&Sf)DM<|@*L6*NC<8+iJHEA~Rg}ti^xmCG+o;}7re~9A~Cqk$6mUMDA6Gr*Kdk6v8}jOpAi89f48Y}C*+(8G@om;m&+fgyoK$-Hi^R|8GZ zBm_`*Xycth@t#a@UnXIF*35b^ym1)#^b7z)CLGaR4vfS)xEz$jLh?n&eKflnWxznM zPvB0V&x$WAldR6)yox$hX{FLeMY$r%V2)6y1J?= z-+e*LV0>B2R!~z?-~X#8Ygc0r!y3hdq~-)SMW7-LwPNXCEj@TrrdVoMOJ7Wh=|qw& zk-9AZ+Dgu;VU40SrV;#UY-{`6CGGImcmWk*_(~?ORZp{ie`!~fe?|C}n3@yq`mcr3 zoIDmsC~|Zf4(GVoKrJ#1`O!>-n!`LEY%~pd4hTJs^J3G_0Ui7x?qS#v2txPm%Cf1H z{IAA=6Mz5ZSYz$`uUd6Yh?F6|keUpsf+drh zdqw%dqbNFTe+d^MFipt-7!Vj>0gOkN=!8kMh$?)bQ63r-4M7nBf+PT81cVSJK!zBB z5yrMUZ1qPwKm;Ex7*+B-FEd7bYc+>y>qXZLem-R=M=*B-uf3LF5DD@j8G}(_)O>a}kVngC1 z&mlg+!)VKEKQ_+TuXJhjs;>x<`B^&3+5q~?XU)b2NIE)T&0XIKDTN8kGS5T;`fp9H&m|3zo0(24ln^szxC3d{*}EaPH7L8iTl;SV=vm- zs~~|6oPt+d3ZMN*`un3<$XPMLm~CYqvz!TeTh@27m3kTizuNl|!}rOxmuS}>2|KBa zm;rK8LX`Q3u=cSa_u|L)<_H(tZj9d(W}k?KGtb8PUL?C@*vu)7yA~_O3&jZ@+zBp0O0iN-oF>+v*Fmhm>mH_Fo|Ca*fz%BuD;GCAQ(&PRwg_Q%hgp~vDw1kTupAtnJ}0mill{F9$bQ zkOWWw@;_u3xQ&D58-I5=ngp_RcXxKMwnU&Mczs-Lpl;RT2oo zKb<+a@j5$Ld0Kk<^IAH)JGjCn1fc=|Az=Xk-+vhRfFN~Ce>ZOgh#$%aNw-N+Dpt z!1sbX!>ti+o*A2|1V%V$h!VgC=`;cx42-~xf^>pJod3btz@I_jjEUp!=85oX$jKxq zBgTY78&rx3hVgK0ED@Fx8B~=7M>v*NaA&U!j4FcjjLRy5wT9X61OgZs&J6@L1cw+I zH?;(YNVqFP)6E9%3AeU`Bjnw@U2Pm(?G&6H&~zR2K+v{S&;&0yLc!L-4}F1nysXee zQ1U?wcyR{0!acdT5N-%dXKnNZc*#if^YB9yl|3!(+|i%mT>R3~>Xyz32wa*E&G3?j zb2~_Tf#DD@urxmeZ5S!xg`PEA5X1`vf`EcSULXiU8X*gp0D*$}J!SY2(z5&#vS5Bm zc6Lur1jLKW)!D(-$%_->>ggsez|H9(?GO|sU@r~laez2W!@)MvCNPLK`X&jN65??H zyU99B3xeGw;4)r3oPubAy)?QZ0CwYoOY@^;kkVd~a4?w5!Il#}RCrJjTw2--eV388 zXJ>~?NjrNVGDGXYR|me}V6>1l0)kLtXP4$eo3sQ$0_{EFwh|y#5G0rjDT&sGAV6@maxj;q z&Hp-9-N7qX=c_L52Sw5db(To-_v9qsG1>rF6aWi9Lw1^xZEUmgLn=TQ{wrlfGSl-H z>MRjS{J4PsS0r94B@0JF@k~x0tTd&!-xVjJN zEtGuE^0$2kSCFV;^p0Jz8ds~%+g@37^sNqje8jQBC6tc&Qq%OPs6+4jx?@*kauq&T z8ujvr0VT%}cAe1XbwHZW3G!C|IoN9r**zt-etubAr>Z0TIhR%Kyn)^f^f^IycA{)o zt<2gsoe=B1)#8iZ zv+LT(ajIX;DW2GLz?F8z8~?DS#LkOn@I=0HlQ+}uYw1#EvG7cgeR6fn8lP{b3HFGB zO<+UwX-+47j6it;@FgjV)AxCo&hH}n?0g=rr=JHPc|*8h9Lu;lXrG~s?}Zfq0DFj- za(Dk<)Z?c%Pgb?^Q9Rbheih~DAtX+_N=K=?D3|i%*+Nw{XQTj*x`kgRI3&ryve^+q zU-AQM;)EUlN>L?@T0=kGh#b#%NO-AbO>kUHsv%RGBPi@I$5VQ79}mx`nOk^TX%3Ig zcJmA*{KOQIP&Q!YgL;&|O5OuNsWK=k|R<__Geth&d5@cw!IO`7y z>?nPE*UpE4kT0UsPg637T6j0a#zbf1b}3}lIQjFtRPpZM^7m1nu~mYvr3W5t{w)boOFrLP9^ z59zNM3$b@}cCPvZ+6t4Z|rIv(j`Ojv~%4xX`OATR* z70u?4YPI#n>UWQDbJX(k&nCvPQlq!lUi*3 zHMp?i+(`P|{#{$>0u)s-pG>hUoCGusK<h@LSF)#M-=|G3BPLMjZEJgVdE zKZgewR*lyxS*IYuhPlpB*O(miGeTdb857qXT7``~MMJyYr5-V%xqvBd!}~1TpY~GW zi?ym{9vHMobZalh`aZKFOCtdJw*Z@Lo`@oWXZH$Was9DGn*(NDGk6==<_sA^o+WNQlviLm&0r)9SBHl`5 zz%~6_syQF|^^>jAYIrc}&v>bB|8iLcOwQJE1+{WekVn9AlAe^FN`JMrw~9zLyCXw;b6E>#L@^*J*`Vq z#>@EU+fFL?64pb;7+FR;UrgleM&y_O~g&C#1`9oO)#j> zlDu^sxwLDK%l{#X1k7jB$CUAFHR?9q{eyx~2T}Rm8O`8cX|H6q1t?6fAl&a1sMML+Q2kFOnsLq>edC8fo7v$Be z>E9FJs$XYcthljg9}tf42R&6XHtpohi_uksBJ134#*En-t6uHsXiV_=(G+!JW=6Q^ z@#S1Bgp&#eEtRMp);K9O)%02y3$t5SrRwA6hqpsg6O}auMbN`Y>B46gBT4k*6RjSF(L9)mZj6+^ zhfN=)ai4vjJa|nx5V~COBdp5_#pCK_cjWql`iIfa;fpLkf7eJ|f6A z|3L{O=je?gff14Y4_4oT#}2c@HJ2S%_uLdc4mx}CnYZ0b0>n|{Kl|5*Zyt)jsY?yR z>Z2B(g!veJ%|uXChznf5ezL+@DfwV<$QBiT56H?suu?Yi)yNTZA$%xIBHR=qfhdP!*uJrNGccp7vt~9Q2IpPdILl*8FyvCw?9m3M$8KO;cuk)L+Pa# zaHLVh+jgkyHrdty9jT!L5qtTd@@9qOB3*OhcCF|~6s2<||<@gKy z=D>_OKFDYe<`=7zycq5E>)_sV#~vH$eOVW_JeH2kI2f~)Lk4YB(d=8NLbgz3wpGJz z7^;Ysf^73>S6%)uG1+X_Pr1w2a#pUS0Y&n}&T=T{{l4N0ZGw+UbpSg?$dz0_?F1=_ z7=?1Ebt$1!m&^A@=Eu}V&Or}=j0~o0>C=NQFp*J`zouEgJ+e8|UR4&kGlO$GLWZdk z+~<)51nku7o47+D949#ruqb3nnsW1##itXwoYgqtxZ)f((|=m&|4BJF=ciX>{Z1K@ zF}TWEsOv(W8@FktY$j5X?Qgbv#5rNhiiEgHe~Kv;#wYzU5MS^^tA!^2inusLPa~_? zlttrB>&C0ufA$Uh_o?(B9xGH;o^kyv*E`IAXX1!8$Tzt6+%OnIfUounId8gy6PKjA z#v6BG87CKp|A1kb`*Fm)uSaeL2XJO+MSMXu?*t1F4e}Z>xw>Yep7`i0Co#95Ikn9G zaggQwM-Y?SSo+T{nl*9aXw|?$iTvnk%ygbOujctUig8LdQ3dMtaG6JUYxQ3*N5YnT zABtD9yIsUrn>#cNg_@VmkQ}2NGSty>D=pg6CoGsnpys?!pH2phP3t(V$g;2Y@xrmd zc^{l-Y{Rbm)V@K|B@*KLf6ad}=UrkGFJaU6j9JSZz&IGWdh!c66P0LHMD-%{kCA!b zuQdY22oHj?IBL&7o))n(*hxLFJo~(gbHh*G&in|E`Ra|uX*-I0NQ3;D$*B0P{zhx4 zC?>6-+~7;)B+iJR z5q8gZp6W)Kd}VAm6$1eTPIymIyc{61e#Uan(Y^<-)WmiD*>~Z+uGHXRrhI=K;XnDY zh2QX3R=y~8N#cB((ASzd)xlspFBR$tF^eCDR;zm-1ii*-6GxAt1Iq&NDAPG4Q0?M!_3qC)O(8sa%DXX;)e-gPZ?T6(m?{MQ)6|gMB5rRcfw4NRsG0>e-d`hA|q}X)#q=npJ%omP80lO zR6kEi-3xPlz|gx80BvoW_qV+3P)^lR#^=N%w{=!Md)FBYH4&AHX4mtNcePcgOn?m}? z-61obr{N3We<|gq`lN8+Y3z3&W8O1A^879-nwh@KXDrlMqQ$+A?_pM2rtXJ$Ra0O) zHNL4;)2+>?m2%Tj2PX0QdulNKYmz#I_GIId(E`$xLYexr=A6aZ_GDFIjBv#){fd4e z(JM^t5mfpi}9hw-Q@6_<)QTZ4%ky{?oW*6X%9os)R_{rY2HQsC?(NVFBmwVMrE$h z%26Yb`GkKNChAQNR84DA1$w@Yy}2{Z5i|>7Z8;daPnlyLOUMeorO4%}NXMVdNMH7x z68(51*2(O{8Jg&jk5FAFzv&ler+xo{`saL($7`oi4BEy6qAutKrb!<=)0Z=XhKTL~jw1Rfc>4P!we(HGu$w{kf;)Tdm>7-f(EysOr0Ti)-Oj_fM0(Qa(37kES4( zjun<$xnFP$wB6zOZ_5WIF=i$}JvAnyl1NcAe&{O}+H8TP6_u=|H>JaCyp)7F>-v(G z6^{b?XR5eol}o)?xtMb60rAcIvMZ&!^m_M~!Ui!gn(zr3+?=626;*|Eux06BQP8_L z(XtHMvK2O6gIZtOWKtwq*d_icupp4px7RTWtV4KZA4+@^G`gzsg#M?RnaAmQt%w8<|6{8h}N2i$%xv>2{pbejusvhUR0(kr_29R zGDt)!O>e-zy6L+^Dt_Y{7O8)c@sZmEkenS^O5*Yb5?lN7jbR37{OKADq!DlzNfwFR-18&~;Eo6saC!BZ=re}o%sqQ^2BOWju0A5J44_39BBga(#LCZlz5%q zJjcCy10KG_0nL-FUw}f`6#S6nuiXX2rBfcc%;?O02`L_paStn1R0$2ujG4^~aZg7jRBlX6R>pw0>(XYFP3Sxf3SRvKA%L z#P&;qRFtPw}CTU?$@U_pKerknYBg;tw5123jYs@5cOo? zm3T;-LN6s?n4XTzd+CEQvIJD;_~SdlClY5k#D`wikecE|+>t-&mkY1#5|8847x5zl z*I%uMo|`hx$=-53S(vbD!ORlXAbvG>CjI3!%r3<1VmMqJJT#QbDLhv`g zm5C}eo|ETsBp<5T&w!0ZPUrSG{(ileS+0xi4gh!h-CNJ3y1^5wioBR28lJJ+y{VrP zf{AZ*T9I-3tsQ&~Zd6eFxf^s^BU-@QH9s5P@L@W|^#yVCGW4%~Td{BVjbUz>2i+bJGw=>MWX@Yxtd5@&jLx__8w0K;ijtzKy%R2x9ws>cZG6xHRV% zBdTyObYW9cP)Tv?sK|#vwqt9(5JA1#5FW6ahchJ~!xhPBs+YR>ycO%V?twFcfoXFa zvnF5DRQu=Kg(fjy(*B8}_Xr*eF*VCc@O(H$Uo+){KrT{+?NREai4#Z`{P=-SQk|Ha z7d1C0P^m)ZYDOv3?;OI%CECa_KGDF*ANz^p~_C^h1M$c=r4ea)47*U;Co<#sZMe@V@l>DBXGy_UB<1VA@F)9G+Kb}<$zsxW;`Q+D z+#)W*kWiHk;>VNK&~i~?44n8}vdBs+M@aV*7rS`4g9NaM3!L@?9yE@Ngf38{5{IJl zYyXbC**E}JKx8zDYdwGZa=MvmcC`~MmWn*yJtFc5G(gJ(K z5csdu3vs{}y6j5bNXJ-*@x9ExkP>&Ka$%#W+;Bl}T<8$GH*@GmkJs$o;xgCd-Qq*< zy$mhk+4pH<@>+%tFfWdJdz;2omIc0Us65hbYOAaawy3Yvd|B)5O?`rJ{nP6`?|p`4 z6O4_NX;XSaCiBwQ}8dbR0rvay6B4+YVUfpmRH-Nd^7*O2%oXVVQA&U zVGzyyuM{!FpX+=m6#N^sBCnuHdPl@edfQ()RAp2#?$&S=OmBByEVyKDjgSiL>DF8} zInrM~Fy1NkQd@PDZd6QxW$3bHtHndiv(&jyx{HNqMkDvbPjwf03B zU5%`tmv~hmg_f&pQd;Wse(-Ko9uct#tqe)YTBctVy?j}<`KGK^LaO%ws&2Av)QoJ` zZ`nbu8nq_QPPbf68~JVR1ZJ*$GI+0*msWX3Q~AVh`Di1+p`+}4=~5)I_M%?D<@BLi z{Z`zzif3naSf`CcZ}{JSotW0~{GK}W$LX7+o}nqY+oo#kTcgAS^TeB*l5@Kf69cCV zYUbYZx_$YUo~VrB)kyzD>r5BVb6@0E$zs`b;MMG~G{2kpvE}^3T6r8eMzb%OZ{B?r_;HekS6?LE!?Q=eBdTSh;XuopH*mrW>?FXa)$ST8X z&kS`e_BL~)Tw=YUVTP>}JSq1^ig^Z1h8UmaJu2mLb8X?N6&T(8T@FGPny$8L7* z-(Twi&pGTaC4%N^=&Sf9i;;nr91SRW^=z$uuVoI6&6}#*fBq(kk$G=q)vEuo-_e9v zIh7xFYu&ypzGJ)94_vtIuR5>G^J_}WCBJsOoM`1ao7y&M=hAAKq4Lss0N>V)Hl^jI zpA1W!m)w;dY%cZY2~5hm_?NW9l*^8$_REcD$%#|RB7+$UjcGI85u`~4l$x6ZyN#XKR#!a2sC%E5KU)!wt$^~SZ2 zv^ixh&66zw_f2uaTWv+O`)9Y)0j5>KumkPXV)+`c`7Vx;OjZ9dNdT0 z&f6yX?X)t(%WBE$%s8a}qtU+Kwa!s((5$0DQ%tp4lUZKHGVe^?_Lf~_)<;-}RGuVw zyzs!=-z0}?a(E&(vzkx$_=#J_R_(MyhVGYX7ap0VL8NJHKhpdi!QyKD{;}mqq0y3I zq65lkg6PbsN2g;?-D!E=q~yZ1eEb`1ZQcC5_`VeqRI&Yb-W$0q?q7YtTft>;d3G}$ zGT2o8lWK4Frl{Xa>&9?5W9fYVzG=9j><+!~v^zW}z0xnA3oiu(lUB5LnCdn-G)y~m zud0`i?o>AjAa(cZoji(d-Yi#6mN4&MQ%d-t*jLp=Di+^5M+U#TMET_PR5?|y)~yB) zqz@|pvWekM(c+!;sHF28&pyEOvtif%tyUDCSAOTj8vdOl{FwI#0J2A-@; zAC+Yset|7-Wzn=Xws}r&1XSvGFnj}Q(&~}$J`Rap7YEE7ZM4Hpno4JhI|5RU&D>~C ze^kY5Ng(z2UAanDAhX6=;BAhHJ>dzF*>Cet%dY+FUMh?(D3)y_GEGJY1NY-mc^A-~ zsoO2{QLeMSN$Bm6ILmRctx*ZbVcztx1W%c(IgG_|MoQ18gyXJX90owPZOn(8 zVZ&r5v}LoN&8_RLn*&CDyIobz@i<+3F~LPSh7AYx-&0^ZB2`B(SL^O37tDf7y!&UZ zw0s6#YX32#%1~01H7##PP}{yn@BNnz(l4L2S8iMfbM4)4WWcy=voiwnodQ|R79M^% zBkO&6O)GmR-M2=|e@q(IE=<3y>`=CS@LW0Ay6B$ThA%8^`R}F(U;M3Gk>I_DFT;$d zw(KhQJ;+W*bL(eJD%;d{4P%2Y>#U_Sa&1?N%-bCU$5!wrCPp6p!ME)-y!C1$_QgiF z)5f+R$*LapvRQV#GDUohB(_$^wjCu&kUceO9X$Vjy*&KqLtFjxn){du0jp@8l-p>Y z+LMe|dzch(R)ANwEL8na8!_{X^hzFqM@DVeYJX*Z2NNY}c3C^>W$_RO#6 zFM%Ns9b54#_8S?re$-A@rdCn&x;VlddCV`1oMZy`d;LmbNEE~TNv>~MuiE?_(sz2! z7v;bEFE;y9?M#O^!||a=X7^M4^mS0kmVaW+%DyXOdT^71*}Xtp|LQGu z^#`Ih8Q$l%Z7UlF#Tloqr~iI6FZ&dk-PqO6*BWa5@Q*wHb;dR82>lk|vUr=m|6B;X z6gXCA#v5!lpZhL5Ex0MS?h|7K{@z zt|m{oPbhsCrq`sG`yb6KG7MX;pw&F98LQIGu=)&vmIo-8HH*P&QBc*s8uF8|%VnXr zxB0?&`F&krS}@m>s)uaew(Dmb`}M|hXl432Op8IDZzxTfo6r~-{Mi;?BC zh}*QRspR2H@j&QeY94Gj26U4JcN1}7-Wu~*^&!R8 zv#q}<(?`-t)TKCWIU>NUVfSDrR=30YBT}Unqq~bwuxD=0 zhWoX>1Y?2FYOUJH8GpLg69}21oEsUmD77&pWOD0!U4wu8A z!>3M?ductdE=GrM4@}JZD*K$Z@}q$M=K+peYSkjjYk8_1XCZc7}y0^5Y`$)OAlI_WH_Mn19#d;EFRNu6;99yAyM2D5;nPA3*h&H zh%li~YPKK5C{*#na3Pr9pD~wWhfEFKxxGRoG1UtPZEW~xMv#%cwi|Mo^f~cc-RlJr z)y_g-Qow73$3(TMJ5-S?nyERuA!kKAqXJ#w-W>C3ACA9VQJ(67NDh}c}7DRyU`ua`u0Pzsg1j-jR5z= zyDwr;2uS-aa-$pcB@{D?jN-Xqmm+;;9In1%R+1yox=X3B2aC*d#9?`& zW;yUPUtW0|5J!wlV_{JX=;^e@;EV_x#rzqLlRZqJxf!a`7p}g!4v52rg22zng&m%3&C|Q$^5z zU`n#l>kOQn_c)nEakwC`1Svl7mt3C`n+G5{j^sUnEn1P%)Y(FjFPXY&uG7#XjMSYp zG#}adqedJJ1uGk;pc!EC17M4h5Ux?Y-l@d)A$id6ci4OD&Q5*{Ky4=`{j)e6B0hWz z((lCY(IPt4h86^O%b@}&bC_o}n@x7VH^708&Z?D;UIkzL2WK z=1q$3gPsuw0O%x)!_~3Z7yEA2OBnYx45QovXxzCT3SjvDm6RhQEII{4i5Nl-L&vmo zKSrDio3$cG*ceg?i%W=zPF)p1;vP-<$5fH_bq|RC10F@3jlBR9dZB?n;fRqCTj2De zW5VJkfLIN8yMQXj#&1qBnVKQa=8Y09%`?W>=WoMfd&8d4Phb+*Akc`3AhhXU0qMyT z^r1>W7z2TG9d;n8A3jl}l=agiOP^?Z2VnrgMIYnBMXWygIfcmh= z4Aq~h0KZInbQUO7fBrhgwt)7%GZgd;CubP%O$-o$e(2S`)&|7kQ}cHM#xQ6oI14`i zh!I0h^x^KADoU`Y5BC(DU)4s|CH*`KSe; zAPO9ec2wMS<=5Q~b>V&K`~6?-5>!s&W*#zr(_b^kVkzR7@4UzRIn?-J8J2rH`&s#d_my-K)sAS*`kQkKamy-y{7^kMfKTxXeXcMvjFp zhVO=N&poD74Q_#U61+0Ob5-cQD9=H~Dtu~3py9ke^+{EN!EMrfp6pb>vJSGYQtxo@ z{`7FCEJ3?LR5^O|ZP&Su;K?a)nX90a%qn!UUU0Iq zUZPDTxJ9C(vc<8*PK%ZPa{e4L5_DR&JT&p0?6~}t5+oB}I<4PiH!%0L+4!sBm0x6Z zk+)HN&ex`FgJx7t?5sj zu{3bnxUIC`xgC~=-`$juJ;~hTx#hKW(}LIWx{Ro0^j2iJ>4*kgku>?ew&HT)=z6-@ zL>j!=ypwu%z9f7lPSGKw>$4hA#J+f%_({dgQe(Vebv+kkO?LnUU?rf8qlT z5*&;Y9vip5mN}U2CYbFKR7_2pOMDYOauBX8ExFZc)tr)lS)~}n(>tsh^|vr0Xr_v} zZgl-pe&ffUR!98!+*L*;50UvH(`~Auop+$Y?Wcz}Fe=zf+z3{(fpSs2IX(mk@v2Zy_y5r0ZRm^gnem#j_JKA&xcz?zr3c4aaK@K(OgW2&}zlU z)yLXjDYQ@nCx(o3uxr!BmNClbytv2syj!F3{IMLx(6^o7?bsUN_ zmhnxr-rQEu)_Wz`V`Z|^Y+!J4h;djfST-oEXU5~kG)M}8+~7qY(w&2k{uQG#zruX& z{2vmw%F0`2;W>X>%yipK+d_07WMpXFnpYMU&szKGE7Z<@J$9@;=6f65o{je|Ufk^% zJ=SJddhE(R-kxXw%ypVvij%!x%nUe`T_6}OKmC#riPh_9Cc%{Ztz^^*1r4b>=NOe) zjce0w4`i=Grr)3SnJhSDF2nW%WKsUJD{ZB#U%-J3wgwNi^}!)TAd>6yvHPno$;~nA zJ855C5htx#7|Kdi^H>LYb#>D6lj`)Wp}}tUdZQ0k76j{0cr1Ew9x_=LeK3n zbTNGVL+LJhSSI>>dy77#sidP%8FDdPejfF-x`qnb(81MUiypgv`vpM=~fIt8|a1-Ea? z+mU0dH`0}3M?;F>+VvkBEiLVV|1_-y;d$x4o-IA2=kIdc|3R-a{JX&&YI*S7T;=VO z+WlrR-oxgAp%r7T0blP28^_kPToI9rH75sIw{xFYlK1I3#sNGvGkepvo{S|v$KY0Q zMMtG`yV~`5+P&#+Fg(JZ7X?P88eTdyAk+MZ?`ZdLas(F%S1&|L=hIDm*WJt?6!t6k zU&h}zkX)~hHs}Z8BPVMWRI{dGGm4xGm_X*|6MKo-Fp}^z4NI{d!~J zko20JqO8pMFEg#Z4BJsA2Xm1jDBjbvnt@Iymzu^=2cuA8~x_vSIAb^ z4!ZMT@byU?g>FM`%8l&PhsASIlRy^Phl}2vG3PSroD;pHjYOyIssOiJqr}7x$DAf> zl#%C&^h5Bre(=#Qgc<3y4>lor=)T-Y&2^cLyhF^op02JeZ|qcV?v#h5$W|d89oR<~ zkc}xJzohF=-`4MyrQMwo@w$9TM>^e{S3dOZpK>(0>RxWt(wHx7Cc>^qd$Xn_&nYs? zu20;wOpinA_q8DEIcDtS7c2UC9wb_-l+||#E}NfGtyj#JY`zq%YUw$C zXW(O=wYw&`a@td68bfecQywQMZNG@hx;pn!6F7pvk&q>hS~~HQ zrUt#%(~51#j$It>iQDA|r`!2vQ^=Ou-uAtPxSi3W$!Uc5vdR9PRED7E`i60U*+&NB zfswR(zu8Lzx7jn9k;so}*$1`FlNUvgJ7eV|t&;PP)j{gzfvrR4JU&&UJ45_idUl@q zjw~`2MYj6yxjcq{4V}C$L-tqpPxWV+);>d3OVvWD(l=(|#v`7l(Bu68_0>qjPvhTC z^h#a|a8{hyOEK(D_z6+&oY{x^u}d*9Ftld*X|2nUDaRVpwfGR2UQ#|UkEoW*0&q4u z%cv}A&ekWMY%cPN@n1#9p5s^CeaxWc~i*oW;CpiKyt0Arot&BK-KB~NN`rFa=&MM z@a9uwfcK+?ms9>c5^iA2vy$Sh|5%E;O0k+XU-z#`3j~`jJZ8a90_P9Cs#m@onh$3d zeLVX2dUSQ^AeR67xD86{C|2Vj?Znx@Ex@|})Os!Lq&5q=<*?j9o>E|G3D5TBmno|( zJ|7utg?%l(obPqnIp3VUcW&_FHwWfV92txhW&YLPmvC4`PFt;yAs+Suvv`@~cv-Ud z%&cbuyMueA?jbW%gK4=4kNMQ50A}Tjb55YbpbL5dXTIedFe7E0?QAVCUx$N z^?A2b?+p4c#rA13ZYuffr!S@BN1Yx0a;G%2myxYaqx(-Up-CS@+t6S46Mhv}lP+7Z zbJ?c8Z^m~F@n%Rot7CzNf5O@oLb@U6B`pvQ@S`1Ss`5@)2(>_TC`39;F>D@@d?vcA zTZMXH9)s#Z9t%zGOAPPEtuk#7%huB#A{I3}_lihtKXe%ZWnUAEHd2p&C-bc9!N(K_X6^5{!dD1&cb z&fk?ErF?l3(ky$xdlv(H(n2)O^r>?EJz1Bl~h-xT~#@3<^8Px7x!pcD{!~aAqQFuVexX|P={^> z%C7S4Bkp<|ZcukpPAHde3?_^mT8~@%#xv`qno_}rRbnhw!GW3V54^XPV|(g5$lds0 zqdfC0EpDj3?dhE(WF%yPk)#1ig?yB@61O!9k!Ejmg7i<>I@wNN{Wfv1;%9f+T3?n3 z3gDF<_GlRvxIfxR+nzjJ#xQ!9Ml3+A4eiPWMOfE_5n7;=8Kfjr7GD&o9LSrTWrUK6 za8*++v`HH`sYy6IDF~V@1c=L%!rtNHfJi_TcvKpYi~$@hu)dyoB9*#gb*Lf* zo{+oPgbk(=6ttgeFYwx4H<^pv~-wa0A*FKC+?jXq!#&dDHEwm znD4O(B_{fDFiYRFto@3KL(!^VM?`PDjt&x4LlS>o8$CvC|@#rq4n!dOs?kN<#O7cv6{~d z6$*hxPY5}+aoIK~JPea43$f`6u^lj?BQZ5qrji9H@rRz*hJ}eS5#c=hM5e(amlR6* znv;~W@ICtc*AVzdBq`R)A}lpoYyz9gr9ib;{zWLDEB1X4038F)pd?Ivpat+Wln(^} zh~anx@xjkj=wD&M{=6wjP5w-ZjnP#c0fe&=rlKQ+P=X6Y_6(1jb0HO-dx~alR$sSikzoUv00F1bi{1l8pB@U*H!8Nx8cmz#*lSO%qYA zVh@BD#-;M5V|xQthb&Z*pp-TeAIZ=j{Viu4hVJAUqe=<`P%iXyXdE{1)2r|)AoAB+ z1huwA>JxlIvCe|9CuoU{Pyn4Xh&mak5CcbRNF~kw$Lma@aBO0S14NT* z#aiV5H{pl^5*(m})JHN>8bZ>a?rd~e+KO}n5?S^FVIVU66wpWF68REJ7ziDZDXCak zVSlWWlQ=Vo2{`+)Re?1zoZ68udIn8%u|YJ1Q1a(qECq&QAbLis;pgZEWiji71rV7O zii?3u8~x!V+D03KL!AWhv;Zc_vFUah(%B?oVGt8(vj5)C* zj*$_`QBjUnq{60*jtmb2;Qn$4O%z$9^R6U#VI<_FxR`YKerJyBmO%0s-Dh&qrfk;F zA#d>*Lsf7&90V9iF)4Pi*cF7rgpiCP6g#XRx^@lum~~WRSm~p=bl67sA3*f9A3#;p z%!7^8T$F>K4L@Mw7p78{P`)Of^qAZiV(!qCMwgDU*BncZMP*g`N4e(kX7d||tTl)H zyyDpk+|?Y8^%;kp%beWV>uZO6W(n8R5^0){Or~bpas9@2cxAuy{2Y82spFW#+ps{p zzD;jc`o+X0FlVNDZF{<;xq00raGkrp;K^*0b&k{HOiOW9#SQIcKz&sMi-D-*#bn;f z!>8Ncqrsf2t)>=}rKJ!mnT~+WmZrz}mRkR|`o-MKN**o9_?cfO|yCf^HDjm|bpiBk+Co7A%_yxhWzO9HZJ z%)!k1v{eOGsMB+rRTkQf9P7Xi|C3C;OT9~P19JiWT770#{WCpt^tGYaV&HVcSe zXgk^p7`2`qYC&G?Yj_=d8c6lmdImqM)y~izC2})5W2pL9r=O<1LLC#@sReus^IquP^urxm1emw%!Ae`AkPq?gS{u2p`_=4Qj|NQRQ# zfx*+a&rDd6%LO+xP5Q_A`o|H2$eW!{<11&u^v3gNWhe0jZ9dG2Er{c59`!e~yfCH8 z<)~^uT4W%K=5;L%s$**Sa(6|i$9e~GcM~jCC4OiyPB`IundCqGJ%kx?uQ3)i?L;;5 z_vQ^VSg*F~P3;c2_J@Gi8?8x!+nM{t`>pQn_Mj2)=s44=P`yNpjx<70x~!IGdgm;& z4U!!=Kc+UVUOOU@ow+)+Ffsyd5>9t~2y{KhnOqm(%dg1SJ#r{$>HajUP3r z7;oF%U7W3V>ZsrqyqVpr9Yfs!bwWJHw1SUN4Of#TlC`^EjD0SP9W?T$IP2Z)5BiV%3jBK<;cmkkhjd_{eJ+lKu*8aww`~_bJGuxxm52&`0~+0^b-8M73zbPKn13sIR%8PW5x@DdC0 zt?x?S+H3hzf*a~=EX^>Stz-`$mcDVFg)jaRIQ<(ST0 z%JKClh2jy)wQgj zSLY|M-yU^sM1FQtA3JOC_Zz?S!+&1RshNL2f8ETvp0yJ{Sc< zy#LnjF1ME^zxSzoD%`tftm}kboTrFcsjPgb*{6kR|E7QFn9s(~@mt>^;=_NfepuhB z!I`NQ6MHLK@p|fKXHDsQ&E447zpcsq-Jgz`nP2-Ke!dGNK=7k)-j*XOekMlWy~KZv z$yZxbdF}REEBhyv(Nr*T}K{u-HE`2Y0P`X~KL^*Yu4uf@WLwM_3d zbnEnR3lr--Q~SR>&;H5MN3ZtukKKQm>&X-UXL??j*-PJX%l)}BeXf1{+3naWe{J>f zRrepy%GcOpT`s<^RxegARkPEF`8Cq-m5;qLQ?vfOG|SM{_?~@yRL|;WWp;g>>oq-> zU6@#$sQLVsVcxM4Sbtcp zPimR|W;%NN?K`8}Db~BMU#+8?=Vo#CTlIh1w$DAsFY~U~hr7OAJD=WC)znKZ)l92T zb2++0X)w+mW z&Ro8lzPp-SxU7HsxIXLWn6-a;Wv7^!s|^d6F|SU&%!>E+E7RByvFq=0?^w6e8Vk+3 z&b7=oeY?H#-@RPfjo<4QyKuX9b*oQmruX@9{$v7zAH61<+?u&{>8E{`%LdH z=d;Hw%Yu|YGz3yKNKlMF%6Zp09 z9n*h4{MXg~YK)nR%vQS(zj2wf*Lphc)%5dE{ojp!_gwr5k+-%Ve(bigd-CgWxe`(H z`7G7Mx>mHt{kpaGx_y7Jj4i$E)||bJ-OHR6`>whD%5AZZy-qRf+^Y48SM#x2yE}P( ztF^0L(e=K%wOF6mVs+bMRn`X+i#f}m(`PH&+ef`{cR$lt@9(2oznz7~T)bGwiG_^+ zbZ@8Q!Y#|iY{fc%mTS$EW*Il5m+~BJ4mzGp4#ISUprkN` ze=%AU1@U@K`n^hXjQ}Wg@9i^s^!S+|K1@-kqo< zTBk_1kAi;`sM4X?bO%l+goXti4?2^{$8Knhu(04mh=e`X?(B0lQbfUUAhBFj7(imV zsE}ALDo9*OEEg3K#Uv6*B~q7AltSTGAcKZMSRAO3aM_&L4+X(I#sh?+zJN-pY&s}5 zbU;W61jphg0Ih;dpWsb>h7`-cBND zs9;jON2L;NIF?fZ!Vsdd@E;#8j6s1Rqd+g2U}X~F>0~8XiIAOQ9a*bUu%gg%gu*>^ zxG=^72FU`;Mg$54&V=Jb1P&cEI1xfJ@XzfNvr_r!aMC7IfiMsGx8r?kH$5p%(~0f&;`8Er8IWIo-iLWG#4j zFhcSnBz&MS;fO?VI1I+dhz=&|L>n3t5)Xg*8wU@?0my!ANJe;gNGy1e_{3mfEE0tf z0rKeJ$3zDdCrD)Y&=Dbp1rixFEI`PFg$YL3OjzInq2j<4=l~(1f&wEnCX#1Ukl>({ z4NC=+nNThun9Rh|!9*2IX3~i^GA0tsrE-Zd(1g==d4I_H;bDLh3`#I4Q3AR!*hGJv z59snRKn4&xJYaC{5Tq%QL>5VKAqpTWa8x|}k+DsM3LGgs)PW`hgMPJaG=6NZZHiR3n=Y?!~_Nu@Ishe!6rC}>F0euJX?Pk0!!Kg%chd5XZvh!X-loiHCm$CY}gU ziU=nS8k zCYqdwP`0B&$3-K<1&sm}6lf744!VPJ3nDrmu*U=y6ijre_=F=uf+c^%V**BnknFJV zpgRzVWuw7xfWhGd2hN8IA)pE9ARG@4#R&`y9Vbqt;8-Y?@qnU(d#C{RI?!3ZJ2 zgN8&0<$;F{Hi5w-($s~+!I*R+&aq@aiX<9UDs6n;lryaSW!^>5Mm?$YQFcQG3n4%_ zbW+G5f|9U&ejEE^!K=7D=? zCLELxj7cZzcs5uQLG%1^!UTss0iDQ5AXG@8ka$qCDG&vNQksuwqv>!m9S=GJ2MG|R zK#>Ow2Md2XU_3xzpzwrTLOfVB69}UNbuycc%!P!9g$fTQEV#fJC~!WT9;JQ@xaxRL>5fzXLIACrjFu^~hR4pT=8oCO{>9Xf(? zNP$raap7YVf`PF}Tq2pAMUIsBy|Xu7oSa={?fHKtm9t4}ABqYPBoGGZL`B4;W23@G zw7~)5BwXOQ_=u1UipQiMUvt&g(y?4DosT4f0)`I>lkxD#Oi~C2@<^3TN|BLVGMP@I zL@F#EkqS!(j8259PK2or0|P9;M4KqXK_FcsjYs4mVWJHJ641c_j~fP8oOLNOk`T^^ zWD$SzoJiOw75=Dl8yYMjmUH23fSjn{GvY(#!(>fd=%ffSAu$#SCrT072@Q5^SmfaW zg?>J4hzGfR;N&?-CRldcB$f+@qXTJ5P@>Kx>SQ(=oj{PjO&&ETQ9=|?y*{l#UV+wp zvZ<7g3LiQZK=49yIu|&rB2qAg6beYFz!86OA)`YBHK2G*A{UVi>(D?dE*wsVQ<;t? zWOJ3_6oU)r!=ok=%cVi)Lcx4U7;vHvG_h1HolP`h08Jtn5k<8`!;WR6L>AU%Byiz; zctq^d5_1nX(FTNpJQ9Pni8N7UK>}SmmJI`xU{Iojmfj_k=`iTfJmn?XmDa6L(s+M0 zqyr*ifeH(|*575TP362SRoyvz!HW=D+YoUL@o`OBa2oVZkbf`R#J&kZ3#{l*7(Nd7{y5cn~4NhIeElw>cU*8WI&C z8VgcLppbYtI2wz`h!2zu8+CvXDWFh5M2ZOtoIo+@&>tWuNK!P2#|C5rh)jhHBRoJf z7zK-nO61|;L5LH!f#P7nBiVnrFo8q`vk(!L2;3Ybp2UdF0t^&RXTyJ}aCmGg93C5v z0v);og$p1cIvySqjLj1=p(6Qk8y0LZoJocbl_nvC{$1^*w9fS1m;b& zGRI^CIlvG>1c?P7RyVxnpuL4InoHDQqwyL4yO0iPcCne4O~;V8Vq56*y87RVWcK#5b%Pg#{8UXlTet z7$gM;?RfCu0t8|r$%z9H6EqV*bc}-ms<0+{LqA9^OguI?m<|{cClaMZKmihhBU~&j z*bot71Zqs6kPQciKzM%&iv7?B4TTK}78Trq`LHbLumQQ4=y<@8i2#A}LBzk|1TyZx zNLY{%8wn;TC^(Z7Db@jqq(X$T;kj(sLX+nR!(9py77-yIK%mIb0c3(kq+ud3Kp>&H zKz!CD{1IB~}9Zq<7AZesn9z9029JnB zAuDJmw1;%y5Ew#KGGcb{5BUcN9x66uFf=+acnEQcHW)fY@Ngk<`HiCGV+tJ_6bR9X z`Z45#$_NZ3G(~@g4HOQ94+St7Ceh^BFpOvl9~%)&tWtoW0bM4U5Drv~AQ56jgGjUz zrQ+&F2IS~a;6#cC0tFBANxusH3>_pqAQ?V11#vcI>IN~S3^*N*Xa!7kNanYgR~8CD2d2;w*un^)aribB7s6porV z_)%CgA{rBd;{zuGg$@!aFkmX3RH6A$2OSkspoG!^g9HRY0S$!lfGa#2$_Vr@k-0=1 z96j-1Bcgv$I8;cmoJaw};vmE`;^P8G5;#~q6x9I*gMMv?3&)A z2OhZr0R`kiF$^F$BoI|Z90*Z|4UGvHDJ%~{9CUw>z+^Ne3pOY?97uyP=|q_m88F;G z2I3)O!UJRisvrjg!Cc@xfbbj)#-tOWutc~)LPH0I3K2LHGMfz-jhi4s1c!->rNiUG zdH8^$gR+PU8aAE?8y6-DOwd?9nApf%Z5||MmFolW}ra%ad zijIE;WBG7_v*}1mr9($88ZZi+2noT#0|^TiR4{}GoQX#U5fuwU0MYS5(eMF;V&a4O~jgKI=6Kr(+3HlVOPod_2!n;Iw3nUhF zNJz+#*-R!M6_nB_FocXq1t@e-;Q@mVNQ_VcQ6wrTnT&>mv4KD~5Qqix*pPg1FeZN) z2xNCdIvS4%gJS|sFg6g#29@wZfy4%crov=_1q&T0Xkp?QDo9}HfYIHUj}68K0)ap{ z77q-_10&i%92?FD2j>D!G8br)*>FBEHk^;{z7HCYP6%hik#IiDIafi8?Ys3S0=$c_eWW#p5rCxZ>bcN8^#%Xi97{m&~N&QaCt| z6Os<(6cRit_y7Z z4TFjW1A`(%VNkJPbZjyxIuV8fWiAXj(dA)AHISCRL3$4N7Jd?j<7-N3|gAoE@H0)_n%zI!mbTFIF0}KnE4IkN|c<7iQVT0m9 zJ0{RYg3)op0@4^94Ui8X3r1+v7C>Ma@xTLfNIrz9L>$O+fiNf)NirJ^CF3yyq>{o? zp~EN~FmP}vP(dR^DTMf-fv%$hV#bjM5st-U6KNFqu!%4zGLa321nPfaGMmYYNQR?8 zksur)jDv^;C^jfiXpnrMSRQbEhYpPnx8WjUaS#VbfpWxwBnuMUh6IrY5f6@zWs}*s zKoJKTL^_;k!$OH%L@1q%2galmO*)YW2Zz(qV1PuFixm-&h;k9x_Q^rq+mb(u1e!n} zxlvA`G|5_o@9oDNX%K(uY%&@;G!7~mIu;L)%+s-KL@pv3C_+du6DXb`LkGu(4G$3x zIGhxTCKiyGSU7PTA`K$X^j zM#r)-!KjX9BhnxeX%LAvADv0mNnm4>sT3a=%f$eYCNsexkRVOwNtX!1KphA}q(MZ3 zCgMPYNXVvxi5N&I3_L_GA_1X-sDsAZOb~MlAv7ZZ0-yi@QxO0lXe<^ENMw>BeV;A~ z6M#Wm>TwXnAf$g3GR6=>000000000005T&C022{u1-gV_{~HGlsbkE7Z5P#q)AVF7 zEGp6Ym2$->2B10RXiw=}J@p0KBPLpMmn%Mf(Y!H(x zdv^U#!4oqEy} zi;dL%VMnK<=msFFXHgnJIO?y?LeI)whvApVnhCPSjPvVL{{c0LhNNpF{P0-|FFG*b9&-s5&CiIdJ%2O8wb;>w9&o6osC+-BH z1YaY>U1qMQmiK)HlJ)TalkGAK!NPEVOT8Vk3F*_6C1=g_UXF$nrQa{(&4xN)=6waM z@*knPgQQ)6!Ii-Hcm1!Q{R<&rIO4%$1*hjR_Zf8G+dhAv_q93d_t)J@PGaCs7|8|Q z#nXT2{?%!VNBAs0nR9yaQuEu2O}2_T+-4=5pe0=~!Up_B{mP7R9w%%2qhfRzQpoc3 ze?Tl33|thyep%whl>~ghEtfe@Dys9C0%?R(%jbUuLyMT*tRd@P!wGGha&Gc;xgG^^ ze?CSpKYH5vu8< zYpXvqA{Xa@R9v*F< z59&D*h=9_%IDPPyI7#bP#rbdO2MOoD6mTd?RKeOtrmk7{f8lCy2v{J2FkHQcK+k_C z4d5rD>>~Gjr-{>impMtOzum0bcK(YOqVDq5nP1vmshwC}LqJ)^K7ijkE?QVO9G=+Y zXeR7sYEqI-&DhR`bFi3={)(f}OYP z`-z-iR!4v2+D4fSWsR@sX?P81AO8Q(i1tVJ$!xW zhVN)az>7-{***0{Xm_!~(mLjj@<*w88x|*}RNY_lOIc+wrOR#nu4Vu+X zc;(t|;|l1=3$?QpG%-83%D{i!d)uK)muiKf(+N@JnO_&qFkg~Dc;4}RpauRTw<2J2 zC0S8CUDlRjHsH~(HJHV2(}57vYGD|64zul&`-gjX1Vr)EuaJI`!mQbKfjD9n9vJY$ z3(Z8;L8=y{rm|@+!kk{*#IvzPdJqY80f`qE{Zv3o?;_BG&LFrTEdPJm?Bz3l@fuZN zMm<~R!2QYdrOD3OMfb+rT#9j)x7wHyPMPB~`zZqDggtb~K5LANA3Qg98MVVgfTI_J zt&>Hc(KE=EmXZi+EYjohF2E7)Gc3xEYM0kx1@2m`fEg2R1){<|0392+c>54!WZ9;) zm4#WYC=wuwpMELqxI=&A-KczuU_kU%gfx@8WzShavS3liQufZltFL02u21br2NKB| zR!Dpe3_%e;aX#9qFoAh1UpgIPHT75_h4L@=D(d75b0tz2fywuuy0?SkNJP*f-b)mc zDi(u0+9CZqzibETRTM4}o`1^Zi;g2lHx!$?l*oE|D7c7KFhGA?6a)PK^6VEyM2h|c zdJ%-~AhXS&MA@B<4(4wVhj=HAU2!L3*7TEp#&DeN8C$AA7yfZ3WjOC=x|EP|*0FHd zse=1TMTe-t~(1j5!!jYhV; z_4b<*0jA?crx$+(hKzs%A>5qRvvn6L)wn7r>xhX87S7CDAH@*C1uSZJ-Nc7ZAop|3(jg!F*s4(exh)%1U}x}V`*OS8Bi<$!c^E+y;- zBD{QRpI`^W`>`7o5T1}1h>@Gas2y`-ePt26H5kGo=KN*EHBitBEHT&`AQY!n#(DsteEhEO3z%@hGc8r$!>SG;@4A5Rp zkXWb$Kv6Z*HCdt~pf4xR1=iD+vtHz{c=!P)zJz6(!-$NfE_TRv_Vxh@Q5PDnO|=_b zOLEySc@pCA7~G2eu@#yJ&f-5MUB4G8q|-7j?~s2-XA>~!@b2JdF;W{e(*vD1&}+O^~!ld_ZRY*9(AS%yJBQdfT&7dmt%X@VLX(H}eAh`zHVcYwtx4_fnR z=e-sFFj53|as#@-CAo_me{AQ+b%F1p2YSel`q!(o`H?zdK3B59&)IYEY!9#eu2#sx zq`9pk2!mGj$$U;T(c9CPdMBgXHe85HcWiedg6`P*LOk8E&4se)7FYN9bemna#I1h| zesH^n6zaM7led8)49v*6BE0++^&UYF)a< z*EKtv6AT4fhh}M%ZD3M@TepY#51Y&B%eGnc@`tYD(usNWF6iZMx{gmLY3AOi*l*EQ zh~AB&kOkjIjxyrscDJpeMHcCAWC?!_Cc(@USs}YXe0x#6>f-jAV1QV;GcHa7#=dfN%*pRFqH~mz*cAV_4X@x}$%eLjs!E zqW)l=a=L}lf*o?#mR|f$MSSD4P+60+T%E{w=UW-ypqPIAY03V|Kk+WgyE(BJAg^3* zvGPG@)R3dY^5PhBq;?mZ;eRmtP_r)^a~<1TAT8JB+g$|Ka5>N2<<|6rye!i40(1!S zS_Xqpso!Ncfp#Fq<%PHmoNs?p8-J_dp@Yzjve9EMiu)p)(1Q|yoInjSIpykxrN8sP~ zLSlmA4Ai0Xl9)~o)3-?&T-SuTn6hVRNzSD8Gf$HMw!nhJan+5-W+cP)*LawUP+=)` zC*ek-AY%IY>9TZ-0)&2oaHBy{-+4@;__!i|5;6iGLE!Q4-&01LBkEpkI6W;N0(MW* z6!omC@Ak2En@c;ZhE^kV$EUB0~ z0ZZ)`jd`8;S$ehAL#|89xc1j7%#JI@a2;awccgv*zatFKN;x3Rd61~ZV4}du_*%8| z=kB@H(^KMGp$4~T-{K{Qbkv3K=pp*u@ex32Bu@hS=ci_T!OnkZpKCJ^ih>(+9f5M4 zd|x2s>pRB@*ReiukCjvE~ z2x$yiwe>tAhtq!t6(R@fi31fT1_NDlwj?p7V6I2H8v$%bXC&8Ce@=$tbkZ)FUznCt zT`K&gQ$c!)Ctep?s&cN#!({O=T?SPfD`8;E$4)dDwwc^Bc><;4vk!De;ZLz$ye4-- zpXJb?p9baAF-Y^XOjnT&?(#pkT>l-#zNT_Q%VW&q7x#aFa|aoa)(9t7b{z@rUAyvi z`nPpxFkcbyWpu)^%mj=I|DT6&JzRitBi*7WM9Wf$bVGEA(ukBATJ<67>eNTt#XzH4 zCwtwOE?5g`F$>Lw6KB28oQvbOU>d*9cm1OCCbO`3YV2X4?NJ9Nsx~78cd)}Cj}aX6 z3&Ait_zHhjJu)*VE3`v;8MV_|_vMO~hM(ChdwvLz+Q=e5P6teYXe>(X z%BSP_;341IlLd{FRHq7pA__WZ8KQrw^CB%-mj|`NH_e3BKF3 zxmIA>RCHoU;EEGooqVS$4n@K@tN7rVTRA*5$RdBTw!g=z3(d+BPK6Izw3=Le0e2KG zroy%zs{E~wEasbFugQ8Qh(Ifj;ZZ7C)Cf4R3A_)V(Mgw5xT}j)t6=&EYJ|KJ;!+nq zW;ics+==f7=E?ijOhhJSLBW85oy%NceAcefl4H`rGXs6YVqicHf|?advbj>0c#xp5 zm}7t0Y(%hy_H7L*48S;Awb!3Q;voJXZzU1JoOX1z)qcn_GbVM@OJXUR@6-;=!e;J8 zcBkcG;DMf&;>a0w2OZL z)P0=&$d%oT4lK&V75xSgOvisRsgP0QW(6ED&hJHu#k1blg?adhQa8^{92AuxqR)DV zc?_!hfJ!sGLGS|MBHekL5)6j5B}Ev*YEBLTO-I7YbWzpJ?QSxTjY@Vm>5X`}Y~BNW z_s^=HTIZkBOckUQVMMm00L)iO3blV56n$EUal+UKjEXI0a`qiYA=ZNO%NPcPW<`1;#V#%V%|WyrE~&xPpJ^hMbr9)bc~+crE~mvX>FLjn{#;Th3kFhVCg5 zz+2P+_>9mXxQAl)sdJJFuTY; zg<5rvHcm`=SH7f4yQf~U`>8R0XCEud>%OAwBTD-iYN`1GrR(6%@a3bZ^U8r9P@yWz zZ)f54hE0@*?(rsO7VKi3sr6vdIHa6l$cK$KO;|)Fr-8f3T})(vuNLau5ZNA`t4@TX z&hdOFe5ggT5?Oy0F~5x1o6J|C&rf;!8#h^jHKgLuv=M$@KF`cB!y+zx>7POt3>Dep zT|JGqk-JaYXy+}_89Cmp_*%NvBymt}TbX~szu-w+e8t7 z-6t$l$4+TcFI$Z&^kuq5P!=|`LCA4y`q3eFug!nU7p8oQZs-x&)5^$f%cy11khvXsTPJ%jRiVdswIoiDfPnE3;cN zy$SSZe-KuhOG#X2NiN+nbx4%z4_Va;y4=~4dYXTc@J;RLK4@PP&(GvxOoXt9BV*om z7HXrf+8c9L|G6gfiHtN*zhi!qpI}S+E+FiVX3kAsEj7{Xij>7s&TDc?@h=So6|X{< zEO$xB*TJ~EGa_$YNiJsx012Bz{b}iTW@s7zu!GgA6Seh$7hZGdTSeO%p2I?YKunl4 z_+@_ugO>+qA|wJ3R0D}vAmB|SBBNY~>JVGGsv@mvh51QJKN(}cm}cN|p`^nv*dVoV z6qlQr``~Q3?73xIo=DhCOj}#N5D0q(2`ln6D0(%V7;zSh3O|gIWZp*Zv@n-#uMU1-xhs)Ubi{ZT?XFsqz zh0eayamE&knUjB@ zeQufYzj-@=J#^{C^V2=ocJ)PRfIDbY(nF{O`mBSy!qauc9rYu4cLg5?i-`xfo{Ldk zg=O-E4+22ZG~~{-={>mO7LR8FjHSg@ZYp#e>s2=nC^OF6kZmnnI9+9_kVYz^dGJwO zvYVb3&=Y;Ian2k|SMesE*$w5@N&|G9Yfk3$r%<2!IA%0rB2VZ&}3_bVjy@-uEIa_qNk*X-IE0$7dE+=%;8RLO7MM62pa@8}xS~icf~V=!8rbtXB=l0P)%3XXm)>2O2MfIjoWLVW^J_{2CY5Km!wBXOu0 ze9WdfWg)T6kj1O${>lk|J5B2N9~53aiRB~r0a>+!*z_LA;rslUd(Yb5<;e@Zk>%XM7w*UrZX%zF3y6&H#@_dFG0i>>Pn8ZKV>u zb1u|1WLj1`jAfI$jX!A^Or*h!Q2vY7NwbgWjYw$!g~#YYxE5FxX}o^|Ai1pae$-$f z#`LLm_P5o>5I9$BmbnnHUs$5X+})AHV|Y!G8kv1(7x+Ji(=$K?WVUVve;l) z8e9YcX(bX@CG5Ly?#oo3_R{l;2+^TW#CVI#WZ;UqW;Fg>hZ&PKeoXKc0it7YjN2?r zOn~YfN?GALy@hA=V4{B@aQJbK3#WZFMpYkOC6W(9B=PIOn96tTLC=>Wl4b9 zEVxu;hKTBQvO64){3ZBeGAJEG(A5~#6 zEaQ(P9*n(L6`I@kXHXm^Lic~2t_&1u+jYdTiy2^0kK# znDPEtfI(q1K>1pm2`8S5Oc_#9tx!SO4t5ZKK zkOw=hEkqPE0*CI9T8Z+%J}peHcRd`qR%EJoxSA-V!TXd2^>F;KA*IVTM&#b48Q2q$ zHNs(g8TCcwdA5Pv5KX*S|GP}1_t8@u!++B3&5<<%?30!_s_W}ddcx~rP9*Vc5) zjDe56@N#u*g^W318ik|w>imgJzlM8M)xk#C4rGd5;^6GH=`aUGy6pl9w=7fJ$w(?(mY=)>Ztc>DVy_;lTZP|a4tNejD zo20hsPElNZ(u@;?`ePK|lw#^>0=hId5>Etb{oVvsHELoPD2Yk)y15H3?KIj^LC_aK zZ-!)XY*NXo3TPp{hxfb?^UDTy)P#7C#p2({Q8~S9Bj>^E67X=VF~3W(seH}O>~epb zwzpg9t1+AzY^Px;Ty?&x41>6^z5GWh-I=^){UlrKBI5IY_UXo^+8KBxEi%H?_1 zs-SI3NZZcb0IZ^wh(K5$JexyVZ=EkT$_HVXCc};7i6op;ahN|S7O~~7L?>Gb5D-&; z;DZ+Qq%7M96wHIzv3CqOa$*-Y8j*iG-~6JkN}Q&dQFH@~j0~07d>n?dXrnbLle%;R zg*aeJJSLT1*S}pfwZp)!7*%iMVn7^z|8TDN{TINAMkv7pwK5SpUo`1%@ z^j?wfbX;CPDu4EpG7&QfTs)|Y3~ZG8Mw>fQob#r8(8+*7Z;4rxRkD|y{9>+cJfuw=GY6RUAvrj>c$N-Uh!&k z$}(Oj{J>Avl_vPhmN(qff_#4pz(4>Ji-OJ-;Q>{c@x7b^CK3`(rPxedKRQx>GPMuy zoMsu(nzN0P#o#fQPULe#5SVJq<3+di84wm~f%sec%~Bo?{j%6c*8n(DCcvnARCpuA z^IDy^-38_{O<`<|-7jx$3UYKZrI#ZEIh<{;3UQ4%?PrM!p_jOt9?XB^RFnb3MZK^L zj}VjOh=>Dit?*O*=|*?m%i&y<%2x?+X#%P#;D(J8e0Q%Ka6euRzS(9_M1v&Q5ZEEI&143pN>JNp1E4)3&$j3_AKIb_&}Uh2OS~}op3coD z2yMgBzP{Pdy@P=+P^y0?;hkCfE?XBa>V@#b;)pvNi_NwRxyLSmu2^!I2Ic>6GX5c$ z#)=b(9f}?lCth`8v>v6i z+m$(rN6VOY^CAj~IR+#8Gh zIbz9$Kp>D+HS|y{KwY5UdHg6a-9ivE@k$2J%f(5P&Xx-8bH(B#U?;2wn2GZG{05n@1PNn-uiHp$5<&e18X8_znn<7Oez+0Cwl!vX< z){VyDfiiQ}gX*uCL~sffxk*>d)AX-{cn^D%W>v)wa5u0HIQg>C&^Km3TuNW-V`fLn z>`p2SIi5Tnqv&7I(m!fxP<9{3gmnQF&aNTzSbL_!<#sfibI#_abYTdI|{Q9PNCivNNYN)j+l1 zKH5$jBKV7U?1WgC+mbN(TWr{Nmf@YNl2M=p<$kJw*0G=%%vyDS3av zgI;S&ESVQJSSv=EFifO9F7O5w!x6(+8renL5fNFZ(P5gG7-V6@7qRwy-_&WMOmKHB}fpe3qvFHdM8%fO4pCGDIEk4X89*dkgSGcK*7F^=d5*6pc5 zND+C2Q$};~Ymh%}#{H*ag7|9id$4~%@;o2-0FWC%4_a}Z0GCBlRppQ^aSrE9D;E4n zcf_<8u5m%PI%ebdP9&mP5UPcP#ECSrIQszr5&CuVH32t(saMoZ)0$)ng`u(GAV}Sj zcnDI~Q^{8u@2P6Q1>dwb>e#3-XlXUzOYuD=n+HtuNnQ6X3;J`jJPzUq*e zPoyYN4MlW;wdt5tIb<}Lj56?cMwZ{@;>?kIp*zSJi331QMb`Q_(l_sbmGN>*_=XMs zB#xq0wuC!op>ZTX;j zvrJets&}#hpN8aGOI1iIu!euXJs=>{(mX?;58bIKVd~F-!|ffMcnt}J1TUM(R7fH` zzvvhu#Egrh4ob*l^zbAH0GM&>pAbpaKBYmz%@DFZnxSt`MZn4;0;oKuNMv=w#tgd< z32glXMgs_%NfHn*ASyNQ{Th&HkN}ZjJoZujv_z4@Lh;N3GBPRh1Db!I!FB*L;3ZE6 zcjM#3HSXAqGRvSPlnBLCFbQCv+cK_3u^}`c^UX)%=(# z^rlW>`?#YAC+DYJ1<3-h0~dI*m_dA0>b91WVQ=RTCLZTd*|=m~l*$l?DVUFqpS|PC ziwV#?3h5ti-GjB$2RnbVa%oE8Juo|?R`*Vd0kY&P&6JrYzGHz0DkdZ1u3Ta)W4@jE>)vnD9pS4fGmjmm*J(sF%K#RnM zh5puV+$ZtgAW7M5!9jJDB$J}~@V!zD2r{_RP6B@7LTi@gU~qqUbRt^IJ1x?21gTuG z6EX%MEig}<#Jqgx#DjdX+X;YAZ&Y1-c>;FQ1R>l1*`VIz3MY`WF8VVRw?f7U1$q@K zY$ig{OyawTI2FER+t*5(f^1Jt3aS!+EFp$DrMA2WB+{fcf>wS8b=w`By1`TBq_`Y0 zZ|LknElad<0=9quiMwxF~0#N z7BlW2`P^2osDaR&=(Q%Vh!Jnk)fN0RoUR~o8^~W_LO^FBDtZOa%o%Y1?>Pq$M_a$v zBI0|x9h9?8KebTVSU@G$Ky09fj?jXn4kb~^b ziE@%lwxmqaC{df_S|IJF>_S2;hf;R=3Cx0i#xo*}CQJB*I<_(?2fmmc$ZnaKYojl6 zNGdJH&UQs#o&W}HaKy7AMcCC{8`vShWLylH-)s_)ppE)bM;;h$!uf9>#>|MkMcFy% z9g^g-i4cD<3u>WPiYa6-Tc8RJBLc8`ozcqp|7$oR(-HwaVcx|X6Qi#E(E|`i5uso* z0hc;x#T6`mKbb(s78I8qP{ggWgXZvg=)I_~DZ6W+f8uEe8xcm!7uXaN4Ot=u$_BxuT280OV~679*L4nIxHDwsknd3GXt zM-_rzNe-ydhzS@cG(!;1eMF#({R25>M>EGhbP8$d{%NJ;N8{t2=#uDMX)gu{NK#U- z3x0>-(eZmrf)|PL@F)Qk6|qq4?ef}B2jFF!T83PL1l{D?faxYX<&8W=z8euX9EkG} zkBa#)ohc-LwV{t6Y!@IH$~6o}A&MMuXc!$J3blAp^3QQJ(Nl`@nVAcW2aVYD4WiM? zFJ#K}-_n4X>l?;sT_PWwj7R0GlTm#F&MRf$F)6o}iMiu%IEB^o4v^lvS!rSLx6*z_ zeFYac`UrrPeZhC&)U%2D4^@lODjFNGA7JY1^kQFsxH<>Ky&j$eAz&>MMh}T%C#%wj zLSBM!d~hq?$W35?D}ThxX_e2jXMRzv4Po2#7J-0W-SPn+9D{8$P2YR~T0L@`mEkTXkx99F> zs9$#=Qxjayj+imqkvLTQm|hA8eh<&t#t!S_Hwex1IewdpO-oyH+$SpbG`G=bTi)m62>J8TBD~~gQOhDxA*-WcaP{7xu@ca&nCjq z#sMVFp!anQfGcxywsjks&m9cC1`qImcUqkZ7AL^hC zeGw1iIg89SCpTSBNIFGC&n4S`&S^Dz6ht3nU1IfpoM|beg>e5v8~^M%y47ul3Y1VgVMq7qy*GE93na*_*7wdNo$eOmuka`iMF2IHYXW8WK;sEt8 zjYxWgemcbbcm1+rjPQ6-hkE{h1B9S35`JU?s+6D%b*w;UP2m<7oQ zBV{cVCEZGuCu13)Cr z-GL(8>E)7i;Or^_PX#BHO@QV=0VKyrRgx)>=>^9C`NMz_q{UvPhz$(uPP*d`iaDwL zCdI}l)+7{^NP`1eBlhnmVW(vbco^ipsS(A3__;e~CbYs0A^BRsF?feCNqB!1C6Wqy2Y$UF`WjldCo2lpc%aS&a6YAbE~3?#~KzQSPvYG8{b6e zAe+Wmie`)W^A$Q+-$XXM8$t)v5Z*@78apM&U){1Flz%#z=4$X?Jp~=_eMyBjNkrsU zGQcp2&Hb$e^dDt^@ZCjHO-9#He>MerAYBC~51DL;7*NZ)t@Z`25>!!x(ob;VVpnf8 z9XUU-5sd`uVi3J{gvz!Zp2(iaLy7(KwKx_@Y71uxHE+9oRrFuz!~N*IY!;t+AQVL9 z?R_t({`xv>WCzXxfxFKe;&wg|70I=k_^G)3dD;@P4oV(>FuXBoiphwuK)cm0+8Dbo zk{60Q%|KhYOVbvcPbA@;P1G8;bNnI+jq2Ok_>g6u@`l70yyhHJNQ)$17!iW!XhS=L zU<9QYKO*{?QtyuTTLpRHTOv{?-1gE4xHrau{$y2U)WCBtXB40STw1?q%+m5yM3rr6 z2o_=c<8|JDtv)170ioC`+-?ZQFCC^+ictqLBWAkV_n{2*>G8(5!~W^oeO!GGJYhY2)xPw zdSWr+))fm(@Zzu_Pz*YXTq?J2DMH49h)a(TIxO%Z55GZ}y~R3mW{PFQGY$@?-9aldu?TQWNZ8{)_{ z(_xy-jKB!Yjs_|rCd90>FljPE>$B2}gvwHXF|}X7D(}*M$Ez!!nr9|`oL~ckfk#IF z#MCT^F+yb&e0=$uq1zj0fhj*XA3)|FvLQg|0@W2emP%Ym;nRy}Fs9}9DJVZ5biiG& zj#qy@Ip#x9aw%bC&)O+yG=5lstM;uc0?^6KZesNYtfdV;zb%I_L8BL*UC7-?snn ze5#)W0-6fNK|Mb@aI7Cufd#%6EQdmW{$HMEX`I%RmVlNv{WZ}T?p19D;ib1MWd(v! z)>`<#FxeCK+NNuM-J}Xu(}CK!c{~B0mNfPXftX;OB|icP5^0YVl$ZJ|_K`r}4bqlB zSYzHxI5|D{l&7#}p5t2_zWN(&JRXB#C1pHo*gIx}MXYPW6l>Xo!a98T`dGz(c{q@M zBUZ=LJoOK2x3KXjf_jvL4{)ZU3(<;Ti2*W4&QCXHEEE_Hn5}^71}2dX=lcES=>`G* zZiq*_L_TQFO@sDKeNq;7tdyI!2QDi}hoLGR$=QuDIT@g^;G!T)XH#^KAa1n3)l|Wm z@|Q6E2O6!E6)^;8KWw`H0_1alq1ZfC5b%c}9QlB=oc|;rerdBL90JuaTD~lJTv032 zFm6QSX5r9FT%o2&G*6h2Vw^h;C_Ca#XZCquZ}};x_#vlVPN?ZtZlX;ETY*A|oalLI z#8jf7Q|&Cxjwfv3nVxLGlrf%*nyGyT;#`!#co`N_mI+*#_XcN16exdxYcRN#{+aJ! zfh!Z>6{gHu=27Q-b#%~}WmT5EsnkfPeZrhhW35wVwM* z0aM|a7w^z$af*Z{3Eieb+kC>fOVAJW`^hz=XQ_ts3340%zJtvG{+8SICl<9++FI|g zU(K@b_bjV33#7bKrg*@A#~-^g*xjhh57$q%gvIzIL8I~D2`8IFFn54gSnKk=RE3%) zIK>+({PAjMt76JX%u>)v$q9wrq(65SYe zD+Vr;v_0rAd)Z!@)b48A!!b&P08D}0&vXcIOb>`k?K8phaJYb~@_3$q0VcZ%kXvLwMM~G zBe_@&Sp@*nvg*65REGSKxP*(CtbAj+k|Ms1%SKOsMki1*0)Q*xIn$jC1A`1J?XcvF z5Mb3->&_$-ZRF8)hm86J;ubjGzgeMJ6_5SWSyVJ6O#(%$>&T=A#V?Z_o0sgW5R;K7 zvP@E9)}3u-VeL>xAatq&_}Tf;ugb=e57ydN<8tWA3)nvodnlwU5HhsP7oi zVN5~L7dJ&tU0Jceu#It%TPMw0;X?r`o%MDn&i!zv4bE(Arq?Xq0Z=ybn7cZg>{&*C z9U3T=c-A*ai&xn_5@QyGRzEnHZ!8StsGX+s` zvInt4uz{LhTMksZyEzKvhRc@x0F{z|-;kunj?hVCyY)e|jb4JN?GGMSk=ZfO_I=1Ywlz2b zz?P2mbsRZF&h$&4rNo=l;7;MhXGwQU!O>Y<>d8u)G~s#Ak()%;xR|wqDNL<@$Eq>p zLlQAHBQoCUT`Rmqr+nWj z6!pbWm52yD5d8K5K;#OEV1P*3BO#VH)eMyDA)?P&tlsoSJ7sn(LV!VOOUAnyg7>Z* za84EFEdx%|uxl(hi$k*Ipc#>WCf6SlQ}gGb)yngkxL0fXBTXFN(_rfOLVkQI7*48a z2_R^xFx6_THhbg+7I!7h5Gy|p)>3*{)EPi338UhLGTNcRfQX(6h}*g>oZkkb;IXLQ zP-3Vib;n>liPb49vG%oX$4r>G>0yQo{89A@+?E-Q^n4IUWezxnZJQW>K90F*%j(-Z zULS;2y>d5kMRgKjKfgRjgV7)OcONvqqyVc%3@a*<^rS=FQ&;#(VnPVtxlZy=rX^fa zT{w@hxnVl^7|lFljQ5ErF^L{=K;ZtVtU_FK;x`;cSIB?EvH6DyD#%8&O*-RATK3>r-9h^lG)<9CMBjum1!5x6(fp z&Hzz-o^!{EA6Nih(4eb$C4G)+Oa7PmZ;I7mi-<%3ikv_I(fl`mF0K4x8rf2F8PS-Z zbGAIp(qAu^!`YkVpQ%ivgI~&Z4V*J|od}6gZdz#vE75EvRs$Em`qwoYDsmE%3J>qtXAFcF-#0jmEBIwZr*RoEOm? zXY359sohU_=8y?_UO{wQ=mP(kT^u zz1;7YMnd)sRLrc5k`BnHYn!uM;O>4<$zD=qWbgfO;oOgZtoiX9BSu|HUiGF5ugq}` zF9_MWoRI`GBnKOV3bZVACi-mT>~|C?VeeEMOu9v`{+>l3(sWEGRmRL;?&IW+FE#Bi zs`3a0EL^x4l>K$KWf%f1H|$Cje^qx7k8NP-ReMmW;HR)=ecU{RNW;BN#1Za3S!68^_E_wwBc<_)DY%&<{}7?WEvYomY|>SKUmnOO zAPM&Bq>rLi?-AK!wBgt;goaHRKlWgtw;=F4@bVjf&}aM4#O>G3-N(e6FZ1uc$hTe+ zcV37&9=84NXWh<(UgtBNu0;AAw{cDGapI@HUFvXGcQ=RjHp@GkPkpUsUX6+<((-GR}NKH9#U1E zQ&en!$)=LsN#!moc&&p{*F#0wJq5}+h0rzO{FsiDOMaqCCZI_@Q6!q59_3tvVOrEp zCGu@MWX=^T2pmKr7%1D|pA^|An|uO_K9H)O$1NVW&UW0PI<+V2{`b%7`QS&3#FYo zvx%COpf}HHO@humUt=owrBH5}JCTT!5&T#p7*hzuh#+hWfVGBmRk$moT`BAevt}{s zxk;ZjXkv4;a=MU=od$nJKm<5>sMXvfp~f zh-}9!cGphu1Sv9s)Eflrd@bDA9%;A&84C{J42ii>r2!}r)-?LU*8mmuUNy&PUqT8x zH#q_Tf%F)ozi2|m&1jq=quBKpXf&7xfjIIe7uW(B-^pT8S3nBP7!3dV3%X}ri%v!y z5(bJa{VeEj**>jQdk!ip6cB%ZDFLD;qK&I6!a6_eg5`{F$_0V9qj~fcA4*jUC@S## z<)*rIRq-oZ4TUl_v$Jbj8#!1OJLPL*1WCl_4S}5CxxKeFjuSwtIz&;?YSIEgLxmky zf8!79fQQ+cwL9m}eES=;6o913omv#gIx(skW`qq2AnaaqL5gxQuDh4$b)>7 zRjUc{J?E5?&`jHQU4%$~{LZVWFoStW2LKRod=3ppL^eRuwkYTdVv&vl=MB)2qHD)Y z2DzdzOv~|lAYo(lsg@&2?p2Lz<`&&EAiDka2R%ucIdY9Y6Bs9?t(EHKJn)CsS2zPuW3PN$HE)i(R#6V`WHNV;oY zXek@BUK3Y#K>K9pI*2^%)kBrx+Cl_naDgi?1{#lALKhlfu%%u&FC#wgZViT5$-I!0y^#v zrpWOcOM-3qX^i2fse8f`zb$}Ejw(Y5(JHgIqwX8&@2e1hh6ijN7C~9XVX$QDa3vyQ z8Q%N_#l(adot!Jl(xbicX|$86i6$P9Zge&z z6&!<`oPNg8EzK9OB zYAvAEJy$P(xPnGh(hbg2#Iu%WBIf`_;i6?UL^EhdT7;)S1|mzK1Tr9EOw*IA(VLI;xqg?3l9@Of8cT+PhD;b*j0Gi1f@Cb^NY449ZlzflG&o?MJz>eRvg`P6CBOuR z_Mk?wmffda(uy;ry5N5T{mUFRk)dc4k zlo%RDL)CNObKGS&qT+@=%ED|&P!46uPdhe$)L@@DrI!qiBFm41hT0?YrbB3%i_ERT zvO*Moc5Kp6JCnolBkR?Wk7Au}AcWdtd0{n;Agj3{@+1gsxlOYa8-jANyBn0Vi7F0l zV6uh!hCox0DPq#IhmkZ$#NmHVw0R8=j9dfQ-5Yta1LbY5$(ctC8!W6c^8gBnqUoc5 z&2e-X&t?tYnB#mU@hcX3`QyjU)Xp^1Xr&dt1d^F;8HTj7d#KkFJ1bNDFi&y`9~W-3 zi*NIKkVSCmKVV+N_B$F7eJ0kkw1rvx@a)~KpX~!e50m4{%NnP8%1^{aX{2Z$y88bI1o|HJ%-Mst-ZsB3hr1~)MpNHW4 zmd4qFsT?!hOiMIgk|IH#`UnXsmPbHXBs@9i10X^S3%y0dNnr!*QQ2{k6PhM};7GO; z-&y*rGU~p>Q*3D?2!51u;EWHEC~blp(=T?hC+e-%xy;?<#}Gk;a7!fX?wZ@xG7uU& zG<4t)Ir7zmxs~~Cx!S=+q3^r*$VSQwOl8WzwPC`2$-qFrbr){8s$9}hK~(mn+`_qQ)z%m_ub z81!!jQ*=JTAQH9Uz=KqY4gmxlc2`B^wQe3XMTK4gfZa1YmLZC#` zGSFt95l;QM9RMNv%j&yBOxO>K6yF3#ZZ$Ouk@$rE_jQXq1S# zP3J1c9hg4^=moF%gBHTY#IMP%xXoFhsD&tKc{na0m4(MQKLMx|SddfnZPuuMjRrbM z6&5aghGki3QSR>tj5s2(jdCMcb$f6%C`VVpw-NZwup72y?wWtr^7UECqXioTIZ144 zTR|zY$t}u20}H}2FSmw&RHsx@kWw2KrL9^pYW5l0TR2RtVkZHe-v_B^2cf!Lxm!Of zzWB=kXD{K?<4@Zeq82z1;Ymh*Fu6M{Ss{U_@gV_z2^29}*_t}hBXp5uwuLWFnLLFF zQ>1H^T)^8xrQmAzDdj%gfgSQ;h3h%b2ayriGR3|B<;k!{ zp2O^((f*40aTca@HWl343VD(rrw4N)A2BQ-*yG|j=p~5F$pB4TGPLMnqG@i;mM7K! zf#&|Me;WuIR>jWah8=WuopfwMqmw*27medJx! zQxl7H1njy!s+r|~qV_UYDvtoZ$Ii!*2B?UZg~;W@P^D=IusnGwl2lh!9eCCI^{7t) zHV1_ZFM(bqNZ3#ZwjCoyibUqoon`W6FL6w}LMT8(^9hF?@KMYIk;O%DKNEx;8!Bf} zfa3WryjQSCkZumckZ$5QW`Lg`w=7Cm$$J+JimC>2c%M9 z8dBJ^HFW{;^di6zfU8R3p+GH^0vm2jg?>8`i-&JxMjhzo(N(howHd)oZY-`s5-J_> zopTbRKpUhI16}?-kpPmosa+Y4R`P`&8TpMwCcx!)y+@hGA5=>LLmnIoDBOSuH3xXn zXMZMfz$o_xX$0W)_dncxER_6*G5`5u|KUK^?KKl?c_HJ~Ivib#NS^P&Pb%uq#mNtzaV%fQzasvC2vPC+fnl-PiC8 zG{mou0W{75!yuM$zs1065O!4kDzw~leE^WU<|hw+4LH;~*daktD4bH5=6T8vyaJfLnbGzbN6s8YOH& zW+pVn4pqM$)-`kYedZuF5M73#GXEGN1_g2Mq;R4xNhBFAbN`%{dIdUQp6SRl{WK4I zOhn^CbQMSKSh8V*4?jH`U{{59y#yUK5<|Fhy{lv6U;|XC8Fy%O$gv5KuS7UJF?3^p zBgu8$S5#K3bRZq zSfqjj%+gCxfOG;IC{WDrbbiQ|fCb>KFuP8OkO%#05x{R;G~7@VNR^4_L08-MTw(zb z!)WlmAj&g{S4vnZF`((bowC1?63=#jfpRgm1uxc8gOxI9%Xs2F8Jf5xI6d)?5 zz%R&Y{x?wlCJBsMFi)-k{BX%b<50D~kgm*KGyr6aKnCnWphRU^h~fY{ukG=g3E&YEbK5XKhRSVaq*(keYkEgW(J^ef~EKQTYMT0lVY@1ZZgo%{mtCuyb7FIRJ-1o@0cGH85&S{?a9mDG{iX5jN4 z^O@&ksYeHXI;DZu??|bLTH#QCyKgAS%=!eJ<*QhE{ba0x-`ZnW;nDfoGQO{ibZ$L0tqA|M~hoL~l!JSI6U)qyr5g9gC|Og5a`(a&I0 z#03U?l=j$mfRA|4w#bx6Bx93Mf0@|OA5|8Fc*8qSPMzYkhKbL~+Cn*hr?d9HJI;hZ zJG^L1Sn=u3ah}2mV1SVQ?MfG^@|vR}r6g*IG{?(d6}AX5KYKLt_#Ly2#xn!7Yb|Pl z)gOQik=Rvmb5Rn^WR`B*cmS__dFhtLgbV{*ASZ*A3Lw&}-F$*9DGXWBLh=8XH-U6! zkZ#DhY$4T4Sldz5r~OTTqAxuhHB6uH^hz$zNuJqbb}kvYnhY7Z$SL=x$bnF3FViFvtJFGOiyAjCzkgNZ{q`q?2vGFKAS z-#`0}u`1X$sna=k;-Ue1iOokQvLGWniq2RUm{G{@7fYQi6a1lnQ6*k!?Slhg0N}Nc zw$7CbvrN1+8qmv*VI4t<%u9HOs-78|pU}!O>xkij3mqX#nzj5W*3kjT?9#l#dKap( zVvIG*kB~{qUQ2Vum`&2|O9l^uFeJLu|5)aSp?Jj31oWAcFs)iecKo|NfnT{047z4t4I-rnVw{p zMyQExl|YVv{!0W02LB62Q~})}m=`kbRx}XCSj#$Br?db}bO!nT?z%F$>K|OiO*gP{KVRj}tQdSaR z)R1+pcSkiZam7`L9yS$Ga}gq#_)(aYSF|8=mL-sZnms4b!D3dhS;4Nk8*0OYlqW8Md`fMZ_^gIU}Uq;yw^5CR2MCm5V> zo(%wp>N-pxZ(xu6y+x@eu*DZt-v4K`*y&nBt1tqXgT~w5U)H+bWCh`{gut*J;!{O| zM!@BNZ$1QC+|cUb1-nvy_ZXJLdY02=MXs1O#v4Digb$e1+oLc?auFVVb_=i!%>`60%E zSkvIoi44d1mXLG`_2R>-9ghHN;J<|@9DvGy8Ka7L9lhjIt3_Q)BR35uPRR9ZJiHlD;Qj1TaNxXnJ%BP_r zh%m-aV+jq^6WUQy_;)hy6VnLRM~&KcdA-90dyBWq)hCmAD#`Hks$Tm+nicYA*4pKz3S3V%vwdstBPgqT{X|fEgueN@KW!H2qZU zMxY!@QKYy|ha(9Y-(W!pbJf_4u4f>B9Ok@RI3vmfIsOu;5icr+=mK)hg0Rn2|DWt^ z7sM4VH6k~6;Qq+H+qIIR^XP{||K%4APuLoxni!`<5OCdBZE4yM*wN#J+oZ3b1Pfo(`aXeH;iZNL5_q!nUV~qq$#TVC# z^IWl(TU~aUr-fNyd-;>Q{>SQ2ffKQ~R%jq1!~&kPACKolg$y^5JU7oBb(2)E5edxH zrwA#NF>}tZUbC-f?UFen^oL7-178YP3d96Blk|tJTu2r<@;f^jnJ;4sd$LpHa)gH{y99C?=yz@@2IgtY(n=Ft~t!UICH;paD=n z?YyKj&Zl>!(0S8RNhzJqPXFGFUO$A+{86$VyiC#wQYLt~qzANW6!wB7+n>+Mv?t6U>&+m2TIH&uxPWNx-XRFUS%UrXh zZ_X^GkIv359jzVdQu+Elge!$b^U40v!&8mH{E_y${nG!PyUc0kGjm_}l<;XtrK=9sX{+vW=3S@LW$$h}wMSn0)6Tz{qm14?{d%t5X5ev3gMKRI?p@EA=h+9JF9ztx<45mtG$-eO)tBT zzH(=4eVp4mXYOyiDyw`nPwl1a&&Qpes%PZU)68Y%nM$3VZL5oPPiLde)K2y2N&-XK+Z5&{M8g{w2wwLJLv8N%dCDgT8V z_p{%jv94*e2wlNYWA^V&5*t)X`QzBY6mVMDz=nn=e8D{k5k(^MG0X9%i&jM7q_GyA zfh>5Wku0_WmIEHSmu)>Jd;zlHQ3XyF$N@LNKr}3TpexjW<@i#{7D$X>urxWy2x1a1if(fIc}enirhdFhNo(hCsF#qPiKB2Ws7OFJC(WoVsVjml7$UclGIE&{`c zq$`Z?_>pTrNSrLlBxCTkD-5k03=D~VHWH|*Ry+V0M+Lt)jNJ3jra z-qX7C_K$YGbKhQ9U1zU7(pu$oWVgNh=WrRB)FADDe#e(kXYgfPRGerMm@B)We)exx zY&a$!$96Y7rG_)i18JBF(jFGh9D*Zr2&^3{=wqsDkt}#ca_tv8z1qek*HqaobVhP{ zXsqRN(HXnglX1W`lD{($M`8>`+Y_ zro!(=69!){3Q02?1yE)Jn zLz*DVM#_(2(FQOO4QwNEO{ThTN_oM+q-&6iR@_NW@JnYDuD!smi)9P_=H>X%gi?@y z9OwngvLqX}ctynsoZ^)nGE!j&EpSC$(`P_vGgVUw2ta@Uhv@JCAeoLco$1Jl00IFV zIA9n6gH;6zUc(A{0;aMrx!}U=0tp?{XiY`oQwn4`!4-&CuWZafaKPXb@|J*sApvv1 zfOQRq{el4$5-^z#p=h*$z|eq1`h}@~5Ew2C2TX9_fWcs3z%T{^118fG3>9PSPT7sG1cAd zbulOLmgKTsrn;I$>Xi+gOvu4jkX#qL1`s!Mh+0$8E(MYr6bjr6{ac0BF?YF?intnU zaW_f@S&YZwZUt>37qvN5)U;I7#i*w25m6QeoMJ-4azE7D6|{L&5KKhaqN2$iDyRZ^ z9F^jMHp)XqOEt;Jh94%PFzcd!D31ihfC0p<9^ztfY<$PJTqX~ZD5sDp?Ms_O@~XH2?zu03ZOEGLQrUvI+tOz-S8MFr=kx%K;MTP$&?hAP7Ma1b~o#24Db+ftUdR z0AL6Z0D&=1!Gk0S8oBQKlV?5vy(C6y7w*<^KlH4R|G(WN#wFn=Gyu*znJnF(Jq9Fp zjuLQ35(u^c{`&3Sb)AfCmN)_evwtvxPRt+<{i9m|26^ki)H@dsJ*a?pg4~30pyoilhV+CQE}_pT|{f2i#FG7 zlX*AXSZl2f{AQBIiWK_)+Ueq%e0tu;uKR_QWLYxu@rtcy-8d@aV1kj_hgFFy1;p6U zDmRplZe4*7hldQ#;#dWxYW^)=QB_n$!W7iW)?v21j&AmA4@Wt#qw9XO56@UvRk`Zu zmNa&bZe{*}vw^UGP_ADsS@P9?_kAgjGv}ak!elClQtLK0w*h_1j1%jDeg8>5-I|&saFi)-;>pr-GU1ortBF&p7RtiEd>1#)6fISmO_d9;!8 zOcQoa=su%{SflIIfiMtgel_p|s!U2e2A74>I|UejjfLiD&5sFW4S6gEQERmA#4s#f ztYkE*aH-Q?1ZKerR;}q1_5nWebp|*wl@vO{eiZ@CO3&w@ot@XRSlE84;_I@V&TEPG zq=FQ_5?r5|6GKm-78NOtWkr=I)U6vcAn)iZlt|cTq-8rexFaYyfce6xseaJH>y;hW z5LJSIFZ9x-D7$s4|CLY8lJd*#?}n2rVClr6n5yYCS?Pb6AiO7uSEH2vemH7+ z5_Sa0yLuBeM^y86TTrr8!@6(r!*+#=9g`J*axXjPuXbyy6m})H*Mw4%TCS7U*oI0C zOX-PhH4JW47%53vJ$mWBb99kLBE2hlMABktLu#3eX4uj%QHUM=DN$Ig=Urr?@*7PcO*E$ZyxXgPKxJu!VV&ctp)^JzlI}8p zBzG?WKI8+kq!D!%s$Ov^nE^JSbL#rg1`idxqSR!nlrapb$cjCRHj1b-m;ttJ_0 zpkW}ZA@StpcE=emA)2T<*gPNYyG9U6ZR;>k2y<7UlBYGqP9kVb|5vlag^npbdv%B+3XJI9$e5lwEJZIYpp#x zumh>bJMBz;&lYzW<6ff- zLQbtGuo;zV7Ar3E_T7|&>QD2z84oKf($9C?<_b6Tu6G6W(zMcwHcjc4u(m*dQC|*~ z7#H8iN2fU`78f8Ehhv8TtkGaGLBx8IKf)2<$ zvVmgLi=$!Fkh0;H*v!*3;CsZ`^wKzv@!J* z5Ey6yj60WVq)E64D{3H71O@>{fDADLAPjyr#9IOKXxjm>2ZLq7%@zwR67-LwrkkQs z1p8$w19q<*j48cB9wp*`mHxu&k4)&sA1PjCo8dz{s~FWx+b6{`Im9O{jJCY@W6R;= zkL~IQK#b>jI`pb9gUDQ2AG1_FfYECsSBuF5!VFjo861FZbh6T|z`aF&Q3zmzC-U}P zpV%lzkI-Na-vRuUZ@@HtgrOh;tXIClb|2&ZoZkRS+JGlo9Muqi&?Wx?g!>zKRLZAd z8>jqG@V-D*9tTb9-vHN(pyKry8NUIQs}d}zAMPAv0GNI|FYTWX6&pGNrnCpZ#Jy?5 z<44-rTY&{LgaZYyv><%;B1(U63PR3`1&o=N62JGhh f6ohr(r@+bUPYAZ}CC~xp1#Au7_qhZFoP=k<>jjjn diff --git a/src/internal/packager2/testdata/zarf.yaml b/src/internal/packager2/testdata/zarf.yaml index c388a95be4..648cf6e778 100644 --- a/src/internal/packager2/testdata/zarf.yaml +++ b/src/internal/packager2/testdata/zarf.yaml @@ -5,5 +5,10 @@ metadata: components: - name: test required: true + manifests: + - name: deployment + namespace: nginx + files: + - deployment.yaml images: - docker.io/library/alpine:3.20 From 197a53f5eb7226fa47c576119cbc979778a14f02 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 2 Oct 2024 07:22:11 +0000 Subject: [PATCH 18/74] chore(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/azure from 1.8.8 to 1.8.9 (#3057) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 4 ++-- go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index 1bf7ce1574..8c3819ac71 100644 --- a/go.mod +++ b/go.mod @@ -43,7 +43,7 @@ require ( github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 github.com/sigstore/cosign/v2 v2.4.0 github.com/sigstore/sigstore/pkg/signature/kms/aws v1.8.8 - github.com/sigstore/sigstore/pkg/signature/kms/azure v1.8.8 + github.com/sigstore/sigstore/pkg/signature/kms/azure v1.8.9 github.com/sigstore/sigstore/pkg/signature/kms/gcp v1.8.8 github.com/sigstore/sigstore/pkg/signature/kms/hashivault v1.8.9 github.com/spf13/cobra v1.8.1 @@ -139,7 +139,7 @@ require ( github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20230306123547-8075edf89bb0 // indirect github.com/AliyunContainerService/ack-ram-tool/pkg/credentials/alibabacloudsdkgo/helper v0.2.0 // indirect github.com/Azure/azure-sdk-for-go v68.0.0+incompatible // indirect - github.com/Azure/azure-sdk-for-go/sdk/azcore v1.13.0 // indirect + github.com/Azure/azure-sdk-for-go/sdk/azcore v1.14.0 // indirect github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0 // indirect github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 // indirect github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.1.0 // indirect diff --git a/go.sum b/go.sum index c4d6470348..b36c5e5e4e 100644 --- a/go.sum +++ b/go.sum @@ -221,8 +221,8 @@ github.com/AliyunContainerService/ack-ram-tool/pkg/credentials/alibabacloudsdkgo github.com/AliyunContainerService/ack-ram-tool/pkg/credentials/alibabacloudsdkgo/helper v0.2.0/go.mod h1:GgeIE+1be8Ivm7Sh4RgwI42aTtC9qrcj+Y9Y6CjJhJs= github.com/Azure/azure-sdk-for-go v68.0.0+incompatible h1:fcYLmCpyNYRnvJbPerq7U0hS+6+I79yEDJBqVNcqUzU= github.com/Azure/azure-sdk-for-go v68.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= -github.com/Azure/azure-sdk-for-go/sdk/azcore v1.13.0 h1:GJHeeA2N7xrG3q30L2UXDyuWRzDM900/65j70wcM4Ww= -github.com/Azure/azure-sdk-for-go/sdk/azcore v1.13.0/go.mod h1:l38EPgmsp71HHLq9j7De57JcKOWPyhrsW1Awm1JS6K0= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.14.0 h1:nyQWyZvwGTvunIMxi1Y9uXkcyr+I7TeNrr/foo4Kpk8= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.14.0/go.mod h1:l38EPgmsp71HHLq9j7De57JcKOWPyhrsW1Awm1JS6K0= github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0 h1:tfLQ34V6F7tVSwoTf/4lH5sE0o6eCJuNDTmH09nDpbc= github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0/go.mod h1:9kIvujWAA58nmPmWB1m23fyWic1kYZMxD9CxaWn4Qpg= github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 h1:ywEEhmNahHBihViHepv3xPBn1663uRv2t2q/ESv9seY= @@ -1565,8 +1565,8 @@ github.com/sigstore/sigstore-go v0.6.1 h1:tGkkv1oDIER+QYU5MrjqlttQOVDWfSkmYwMqkJ github.com/sigstore/sigstore-go v0.6.1/go.mod h1:Xe5GHmUeACRFbomUWzVkf/xYCn8xVifb9DgqJrV2dIw= github.com/sigstore/sigstore/pkg/signature/kms/aws v1.8.8 h1:2zHmUvaYCwV6LVeTo+OAkTm8ykOGzA9uFlAjwDPAUWM= github.com/sigstore/sigstore/pkg/signature/kms/aws v1.8.8/go.mod h1:OEhheBplZinUsm7W9BupafztVZV3ldkAxEHbpAeC0Pk= -github.com/sigstore/sigstore/pkg/signature/kms/azure v1.8.8 h1:RKk4Z+qMaLORUdT7zntwMqKiYAej1VQlCswg0S7xNSY= -github.com/sigstore/sigstore/pkg/signature/kms/azure v1.8.8/go.mod h1:dMJdlBWKHMu2xf0wIKpbo7+QfG+RzVkBB3nHP8EMM5o= +github.com/sigstore/sigstore/pkg/signature/kms/azure v1.8.9 h1:eXFm3cte0hvxxYsvGpCMd7aBusEgKJdlUw1Fb5AZQpw= +github.com/sigstore/sigstore/pkg/signature/kms/azure v1.8.9/go.mod h1:RYy9GKnFKKwqbg3Uc6rUyhQdichSVkFlfxnY6f7cAWc= github.com/sigstore/sigstore/pkg/signature/kms/gcp v1.8.8 h1:89Xtxj8oqZt3UlSpCP4wApFvnQ2Z/dgowW5QOVhQigI= github.com/sigstore/sigstore/pkg/signature/kms/gcp v1.8.8/go.mod h1:Wa4xn/H3pU/yW/6tHiMXTpObBtBSGC5q29KYFEPKN6o= github.com/sigstore/sigstore/pkg/signature/kms/hashivault v1.8.9 h1:E+bvFTS6uM//iSAeneNj5pubzntQmio/yAKFzmRzzD0= From 7f537eca71bbf3ea9b65d2d1e9531b36794dd5a0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 2 Oct 2024 10:03:19 +0200 Subject: [PATCH 19/74] chore(deps): bump codecov/codecov-action from 4.5.0 to 4.6.0 (#3058) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/test-unit.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test-unit.yml b/.github/workflows/test-unit.yml index 18637cda2c..a58b9cf464 100644 --- a/.github/workflows/test-unit.yml +++ b/.github/workflows/test-unit.yml @@ -47,6 +47,6 @@ jobs: run: make test-unit - name: Upload coverage reports to Codecov - uses: codecov/codecov-action@e28ff129e5465c2c0dcc6f003fc735cb6ae0c673 # v4.5.0 + uses: codecov/codecov-action@b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238 # v4.6.0 with: token: ${{ secrets.CODECOV_TOKEN }} From 4a117b2736e69abddaa4974d28f40fea6df0323e Mon Sep 17 00:00:00 2001 From: Austin Abro <37223396+AustinAbro321@users.noreply.github.com> Date: Wed, 2 Oct 2024 12:35:39 -0400 Subject: [PATCH 20/74] feat!: remove big bang extension (#3059) Signed-off-by: Austin Abro --- .github/workflows/test-bigbang.yml | 119 ---- .github/workflows/test-shim.yml | 7 - Makefile | 2 +- examples/big-bang/config/disable-all.yaml | 58 -- examples/big-bang/config/ingress.yaml | 128 ---- examples/big-bang/config/kyverno.yaml | 27 - examples/big-bang/config/loki.yaml | 15 - examples/big-bang/config/neuvector.yaml | 5 - examples/big-bang/virtualservices/gitea.yaml | 16 - examples/big-bang/yolo/credentials.yaml | 5 - examples/big-bang/yolo/private-registry.yaml | 18 - examples/big-bang/yolo/zarf.yaml | 41 -- examples/big-bang/zarf.yaml | 99 ---- go.mod | 2 - go.sum | 4 - .../content/docs/contribute/style-guide.mdx | 4 +- site/src/content/docs/ref/components.mdx | 10 +- .../src/content/docs/tutorials/5-big-bang.mdx | 211 ------- src/api/v1alpha1/component.go | 4 - src/api/v1alpha1/extensions/bigbang.go | 19 - src/api/v1alpha1/extensions/common.go | 11 - src/extensions/bigbang/banner.go | 101 ---- src/extensions/bigbang/bigbang.go | 553 ------------------ src/extensions/bigbang/bigbang_test.go | 37 -- src/extensions/bigbang/flux.go | 180 ------ src/extensions/bigbang/manifests.go | 195 ------ src/extensions/bigbang/test/bigbang_test.go | 200 ------- .../bigbang/test/package/disable-all-bb1.yaml | 58 -- .../bigbang/test/package/disable-all-bb2.yaml | 61 -- .../test/package/enable-twistlock.yaml | 9 - .../flux-overrides-helm-controller.yaml | 17 - .../flux-overrides-kustomize-controller.yaml | 17 - ...lux-overrides-notification-controller.yaml | 17 - .../flux-overrides-source-controller.yaml | 17 - src/extensions/bigbang/test/package/zarf.yaml | 33 -- src/pkg/packager/composer/list.go | 3 - src/pkg/packager/composer/list_test.go | 26 - src/pkg/packager/creator/normal.go | 28 - src/pkg/packager/creator/skeleton.go | 27 - src/pkg/utils/sort.go | 81 --- src/pkg/utils/sort_test.go | 174 ------ src/test/e2e/14_oci_compose_test.go | 16 - .../flux-overrides-helm-controller.yaml | 17 - .../big-bang-min/zarf.yaml | 26 - .../14-import-everything/inception/zarf.yaml | 5 - .../packages/14-import-everything/zarf.yaml | 8 - zarf.schema.json | 57 -- 47 files changed, 7 insertions(+), 2761 deletions(-) delete mode 100644 .github/workflows/test-bigbang.yml delete mode 100644 examples/big-bang/config/disable-all.yaml delete mode 100644 examples/big-bang/config/ingress.yaml delete mode 100644 examples/big-bang/config/kyverno.yaml delete mode 100644 examples/big-bang/config/loki.yaml delete mode 100644 examples/big-bang/config/neuvector.yaml delete mode 100644 examples/big-bang/virtualservices/gitea.yaml delete mode 100644 examples/big-bang/yolo/credentials.yaml delete mode 100644 examples/big-bang/yolo/private-registry.yaml delete mode 100644 examples/big-bang/yolo/zarf.yaml delete mode 100644 examples/big-bang/zarf.yaml delete mode 100644 site/src/content/docs/tutorials/5-big-bang.mdx delete mode 100644 src/api/v1alpha1/extensions/bigbang.go delete mode 100644 src/api/v1alpha1/extensions/common.go delete mode 100644 src/extensions/bigbang/banner.go delete mode 100644 src/extensions/bigbang/bigbang.go delete mode 100644 src/extensions/bigbang/bigbang_test.go delete mode 100644 src/extensions/bigbang/flux.go delete mode 100644 src/extensions/bigbang/manifests.go delete mode 100644 src/extensions/bigbang/test/bigbang_test.go delete mode 100644 src/extensions/bigbang/test/package/disable-all-bb1.yaml delete mode 100644 src/extensions/bigbang/test/package/disable-all-bb2.yaml delete mode 100644 src/extensions/bigbang/test/package/enable-twistlock.yaml delete mode 100644 src/extensions/bigbang/test/package/flux-overrides-helm-controller.yaml delete mode 100644 src/extensions/bigbang/test/package/flux-overrides-kustomize-controller.yaml delete mode 100644 src/extensions/bigbang/test/package/flux-overrides-notification-controller.yaml delete mode 100644 src/extensions/bigbang/test/package/flux-overrides-source-controller.yaml delete mode 100644 src/extensions/bigbang/test/package/zarf.yaml delete mode 100644 src/pkg/utils/sort.go delete mode 100644 src/pkg/utils/sort_test.go delete mode 100644 src/test/packages/14-import-everything/big-bang-min/flux-overrides-helm-controller.yaml delete mode 100644 src/test/packages/14-import-everything/big-bang-min/zarf.yaml diff --git a/.github/workflows/test-bigbang.yml b/.github/workflows/test-bigbang.yml deleted file mode 100644 index fb83764515..0000000000 --- a/.github/workflows/test-bigbang.yml +++ /dev/null @@ -1,119 +0,0 @@ -name: Test Big Bang extension -on: - pull_request: - paths-ignore: - - "**.md" - - "**.jpg" - - "**.png" - - "**.gif" - - "**.svg" - - "adr/**" - - "docs/**" - - "CODEOWNERS" - merge_group: - paths-ignore: - - "**.md" - - "**.jpg" - - "**.png" - - "**.gif" - - "**.svg" - - "adr/**" - - "docs/**" - - "CODEOWNERS" - -permissions: - contents: read - -# Abort prior jobs in the same workflow / PR -concurrency: - group: e2e-bb-${{ github.ref }} - cancel-in-progress: true - -jobs: - build-bigbang: - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - - - name: Setup golang - uses: ./.github/actions/golang - - - name: Build Zarf binary - uses: ./.github/actions/packages - with: - init-package: "false" - build-examples: "false" - - - name: Login to Iron Bank - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 - if: ${{ env.IRON_BANK_ROBOT_USERNAME != '' }} - env: - IRON_BANK_ROBOT_USERNAME: ${{ secrets.IRON_BANK_ROBOT_USERNAME }} - with: - registry: registry1.dso.mil - username: ${{ secrets.IRON_BANK_ROBOT_USERNAME }} - password: ${{ secrets.IRON_BANK_ROBOT_PASSWORD }} - - - name: Build a registry1.dso.mil Zarf 'init' package - if: ${{ env.IRON_BANK_ROBOT_USERNAME != '' }} - env: - IRON_BANK_ROBOT_USERNAME: ${{ secrets.IRON_BANK_ROBOT_USERNAME }} - run: make ib-init-package - - # Upload the contents of the build directory for later stages to use - - name: Upload build artifacts - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 - with: - name: build-artifacts - path: build/ - retention-days: 1 - - validate-bigbang: - runs-on: ubuntu-latest - needs: build-bigbang - steps: - - name: Checkout - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - - - name: Download build artifacts - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 - with: - name: build-artifacts - path: build/ - - - name: Setup golang - uses: ./.github/actions/golang - - - name: Make Zarf executable - run: | - chmod +x build/zarf - - # Before we run the tests we need to aggressively cleanup files to reduce disk pressure - - name: Cleanup files - uses: ./.github/actions/cleanup-files - - - name: Setup K3d - uses: ./.github/actions/k3d - - - name: Login to Iron Bank - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 - if: ${{ env.IRON_BANK_ROBOT_USERNAME != '' }} - env: - IRON_BANK_ROBOT_USERNAME: ${{ secrets.IRON_BANK_ROBOT_USERNAME }} - with: - registry: registry1.dso.mil - username: ${{ secrets.IRON_BANK_ROBOT_USERNAME }} - password: ${{ secrets.IRON_BANK_ROBOT_PASSWORD }} - - - name: Run tests - if: ${{ env.IRON_BANK_ROBOT_USERNAME != '' }} - env: - IRON_BANK_ROBOT_USERNAME: ${{ secrets.IRON_BANK_ROBOT_USERNAME }} - run: | - sudo mkdir /mnt/zarf-tmp - sudo chown -R runner:runner /mnt/zarf-tmp - CI=true go test ./src/extensions/bigbang/test -failfast -v -timeout 30m - - - name: Save logs - uses: ./.github/actions/save-logs diff --git a/.github/workflows/test-shim.yml b/.github/workflows/test-shim.yml index 0b9616930b..b4df3bf4b5 100644 --- a/.github/workflows/test-shim.yml +++ b/.github/workflows/test-shim.yml @@ -103,13 +103,6 @@ jobs: run: | echo skipped - validate-bigbang: - runs-on: ubuntu-latest - steps: - - name: Skipped - run: | - echo skipped - validate-external: runs-on: ubuntu-latest steps: diff --git a/Makefile b/Makefile index bdce6970d3..9f39e23ac7 100644 --- a/Makefile +++ b/Makefile @@ -210,7 +210,7 @@ test-upgrade: ## Run the Zarf CLI E2E tests for an external registry and cluster .PHONY: test-unit test-unit: ## Run unit tests - go test -failfast -v -coverprofile=coverage.out -covermode=atomic $$(go list ./... | grep -v '^github.com/zarf-dev/zarf/src/test' | grep -v 'github.com/zarf-dev/zarf/src/extensions/bigbang/test') + go test -failfast -v -coverprofile=coverage.out -covermode=atomic $$(go list ./... | grep -v '^github.com/zarf-dev/zarf/src/test') # INTERNAL: used to test that a dev has ran `make docs-and-schema` in their PR test-docs-and-schema: diff --git a/examples/big-bang/config/disable-all.yaml b/examples/big-bang/config/disable-all.yaml deleted file mode 100644 index 153ce37c80..0000000000 --- a/examples/big-bang/config/disable-all.yaml +++ /dev/null @@ -1,58 +0,0 @@ -# Disable everything -istio: - enabled: false - -istioOperator: - enabled: false - -jaeger: - enabled: false - -kiali: - enabled: false - -clusterAuditor: - enabled: false - -gatekeeper: - enabled: false - -kyverno: - enabled: false - -kyvernoPolicies: - enabled: false - -kyvernoReporter: - enabled: false - -elasticsearchKibana: - enabled: false - -eckOperator: - enabled: false - -fluentbit: - enabled: false - -promtail: - enabled: false - -loki: - enabled: false - -neuvector: - enabled: false - -tempo: - enabled: false - -monitoring: - enabled: false - -twistlock: - enabled: false - -addons: - metricsServer: - enabled: false diff --git a/examples/big-bang/config/ingress.yaml b/examples/big-bang/config/ingress.yaml deleted file mode 100644 index 0ceaa53056..0000000000 --- a/examples/big-bang/config/ingress.yaml +++ /dev/null @@ -1,128 +0,0 @@ -# Configure Istio -domain: "###ZARF_VAR_DOMAIN###" - -istio: - gateways: - public: - tls: # certs for *.bigbang.dev - key: | - -----BEGIN PRIVATE KEY----- - MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDDvKUzWiZucm6/ - 8D2Nx4KVe8t6uHtARpw112f4yGv7xKcOJkbxLbVtor8pj/HS5tRSZq2ziIQl9y98 - 8TVAOBezgzPPMDxOqDeyHl5gAtqzpK/eSPmueZIhR88BH2+SMYqa5kxmjn752Rf0 - jVeCrVdQ5MD9rqA00oQi/zO+gQQoz6QSuiEQ2pSKYB3gv9oIoJorIU1n4qLYAezn - TvFwjmKWPPhRdyslpcAi1rVO+mVX3Y2DKU/CfpWNFVVT+H788Srn4yP6iWUymfQU - vHOXII1erMnES2H9BDffumrRf3m3IpgueQ3vPhB8ftjFZozURj2t/WSeaKsyQSoZ - Wr99DWxpAgMBAAECggEAAW8ARsACSAzOgtlfmgo8Cpw9gUiYnn/l5P8O4+OT5uQp - 1RCytFGBYqwuej9zpffK1k+qNgZp8V0+G8wod6/xfH8Zggr4ZhsVTVirmEhtEaPD - Jf2i1oRNbbD48yknyApU2Y2WQaoJhArzAfeHDI34db83KqR8x+ZC0X7NAjgvr5zS - b0OfY2tht4oxEWh2m67FzlFgF+cWyszRYyfvHfOFBqLesuCnSfMoOzmbT3SlnxHo - 6GSa1e/kCJVzFJNb74BZTIH0w6Ar/a0QG829VXivqj8lRENU/1xUI2JhNz4RdH7F - 6MeiwQbq4pWjHfh4djuzQFIwOgCnSNRnNuNywOVuAQKBgQDjleEI1XFQawXmHtHu - 6GMhbgptRoSUyutDDdo2MHGvDbxDOIsczIBjxCuYAM47nmGMuWbDJUN+2VQAX32J - WZagRxWikxnEqv3B7No7tLSQ42rRo/tDBrZPCCuS9u/ZJM4o7MCa/VzTtbicGOCh - bTIoTeEtT2piIdkrjHFGGlYOLQKBgQDcLNFHrSJCkHfCoz75+zytfYan+2dIxuV/ - MlnrT8XHt33cst4ZwoIQbsE6mv7J4CJqOgUYDvoJpioLV3InUACDxXd+bVY7RwxP - j25pXzYL++RctVO3IEOCmFkwlq0fNFdrOn8Y/cnRTwd2e60n08rCKgJS8KhEAaO0 - QvVmAHw4rQKBgQDL7hCAnunzuoLFqpZI8tlpKjaTpp3EynO3WSFQb2ZfCvrIbVFS - U/kz7KN3iDlEeO5GcBeiA7EQaGN6FhbiTXHIWwoK7K8paGMMM1V2LL2kGvQruDm8 - 3LXd6Z9KCJXxSKanS0ZnW2KjnnE3Bp+6ZqOMNATzWfckydnUyPrza0PzXQKBgEYS - 1YCUb8Tzqcn+nrp85XDp9INeFh8pfj0fT1L/DpljouEs5Fcaer60ITd/wPuLJCje - 0mQ30AhmJBd7+07bvW4y2LcaIUm4cQiZQ7CxpsfloWaIJ16vHA1iY3B9ZBf8Vp4/ - /dd8XlEJb/ybnB6C35MwP5EaGtOaGfnzHZsbKG35AoGAWm9tpqhuldQ3MCvoAr5Q - b42JLSKqwpvVjQDiFZPI/0wZTo3WkWm9Rd7CAACheb8S70K1r/JIzsmIcnj0v4xs - sfd+R35UE+m8MExbDP4lKFParmvi2/UZfb3VFNMmMPTV6AEIBl6N4PmhHMZOsIRs - H4RxbE+FpmsMAUCpdrzvFkc= - -----END PRIVATE KEY----- - cert: | - -----BEGIN CERTIFICATE----- - MIIFHzCCBAegAwIBAgISA5mpYS+M8wSuhJbgCNVoGbYiMA0GCSqGSIb3DQEBCwUA - MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD - EwJSMzAeFw0yMzAyMjQxMzU1MzBaFw0yMzA1MjUxMzU1MjlaMBgxFjAUBgNVBAMM - DSouYmlnYmFuZy5kZXYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDD - vKUzWiZucm6/8D2Nx4KVe8t6uHtARpw112f4yGv7xKcOJkbxLbVtor8pj/HS5tRS - Zq2ziIQl9y988TVAOBezgzPPMDxOqDeyHl5gAtqzpK/eSPmueZIhR88BH2+SMYqa - 5kxmjn752Rf0jVeCrVdQ5MD9rqA00oQi/zO+gQQoz6QSuiEQ2pSKYB3gv9oIoJor - IU1n4qLYAeznTvFwjmKWPPhRdyslpcAi1rVO+mVX3Y2DKU/CfpWNFVVT+H788Srn - 4yP6iWUymfQUvHOXII1erMnES2H9BDffumrRf3m3IpgueQ3vPhB8ftjFZozURj2t - /WSeaKsyQSoZWr99DWxpAgMBAAGjggJHMIICQzAOBgNVHQ8BAf8EBAMCBaAwHQYD - VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0O - BBYEFFWw8Antpeyt5+/J//sIHTWkf8MtMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJ - QOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3Iz - Lm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcv - MBgGA1UdEQQRMA+CDSouYmlnYmFuZy5kZXYwTAYDVR0gBEUwQzAIBgZngQwBAgEw - NwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5j - cnlwdC5vcmcwggEDBgorBgEEAdZ5AgQCBIH0BIHxAO8AdQB6MoxU2LcttiDqOOBS - HumEFnAyE4VNO9IrwTpXo1LrUgAAAYaD7AyTAAAEAwBGMEQCIG1jzmcfMv+DNdJh - 8gYpo44sgsASNEF8CjWCyHFhvITiAiASh+KhZXLaFXKsKF99fd6CTnKX30nOz2UR - NfSnXwW5JwB2AOg+0No+9QY1MudXKLyJa8kD08vREWvs62nhd31tBr1uAAABhoPs - DHAAAAQDAEcwRQIhALnaITI/ItM9FxxA0hc2VAVJ5xk36/FZtjMJyDAx2dmHAiAT - hnn8YDRB/fPRnv8PUOcubqK2mNwMRCk5wQBjQGYanTANBgkqhkiG9w0BAQsFAAOC - AQEAeviZDlTw9bzxF9vIZ1F+ijIQmnma6CD32eIEQmD/tIpOeayxuRiNFzIt/ixo - uC0/hKcC+JbVb7ZJOT9woPDce+g3gbA2i390yf3av3EP7sptV90rTM8gLPAdtHxo - RW14cSGmGFmaBRhr7ZbaSumztWcqgOF5orBq26wkhPT5bmqn7YX1W/H7/OMjP1Z+ - fQTfgFnfkBtzg1Ib4z3SHIPTqo2kAN3cF+b8AxrUKlk0STwesX2mR9h9jUKTapGg - Y36zDlKTOI3edM22AZDSmrIiR2LV1qGBDoxrsJmnK/Ci3t0KjwzJz45tyzenk8kO - imbt/HYVhe8WfukQ/kQdlhsHCw== - -----END CERTIFICATE----- - -----BEGIN CERTIFICATE----- - MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw - TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh - cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw - WhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg - RW5jcnlwdDELMAkGA1UEAxMCUjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK - AoIBAQC7AhUozPaglNMPEuyNVZLD+ILxmaZ6QoinXSaqtSu5xUyxr45r+XXIo9cP - R5QUVTVXjJ6oojkZ9YI8QqlObvU7wy7bjcCwXPNZOOftz2nwWgsbvsCUJCWH+jdx - sxPnHKzhm+/b5DtFUkWWqcFTzjTIUu61ru2P3mBw4qVUq7ZtDpelQDRrK9O8Zutm - NHz6a4uPVymZ+DAXXbpyb/uBxa3Shlg9F8fnCbvxK/eG3MHacV3URuPMrSXBiLxg - Z3Vms/EY96Jc5lP/Ooi2R6X/ExjqmAl3P51T+c8B5fWmcBcUr2Ok/5mzk53cU6cG - /kiFHaFpriV1uxPMUgP17VGhi9sVAgMBAAGjggEIMIIBBDAOBgNVHQ8BAf8EBAMC - AYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYB - Af8CAQAwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB8GA1UdIwQYMBaA - FHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw - AoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzAnBgNVHR8EIDAeMBygGqAYhhZodHRw - Oi8veDEuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQB - gt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCFyk5HPqP3hUSFvNVneLKYY611TR6W - PTNlclQtgaDqw+34IL9fzLdwALduO/ZelN7kIJ+m74uyA+eitRY8kc607TkC53wl - ikfmZW4/RvTZ8M6UK+5UzhK8jCdLuMGYL6KvzXGRSgi3yLgjewQtCPkIVz6D2QQz - CkcheAmCJ8MqyJu5zlzyZMjAvnnAT45tRAxekrsu94sQ4egdRCnbWSDtY7kh+BIm - lJNXoB1lBMEKIq4QDUOXoRgffuDghje1WrG9ML+Hbisq/yFOGwXD9RiX8F6sw6W4 - avAuvDszue5L3sz85K+EC4Y/wFVDNvZo4TYXao6Z0f+lQKc0t8DQYzk1OXVu8rp2 - yJMC6alLbBfODALZvYH7n7do1AZls4I9d1P4jnkDrQoxB3UqQ9hVl3LEKQ73xF1O - yK5GhDDX8oVfGKF5u+decIsH4YaTw7mP3GFxJSqv3+0lUFJoi5Lc5da149p90Ids - hCExroL1+7mryIkXPeFM5TgO9r0rvZaBFOvV2z0gp35Z0+L4WPlbuEjN/lxPFin+ - HlUjr8gRsI3qfJOQFy/9rKIJR0Y/8Omwt/8oTWgy1mdeHmmjk7j1nYsvC9JSQ6Zv - MldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqX - nLRbwHOoq7hHwg== - -----END CERTIFICATE----- - -----BEGIN CERTIFICATE----- - MIIFYDCCBEigAwIBAgIQQAF3ITfU6UK47naqPGQKtzANBgkqhkiG9w0BAQsFADA/ - MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT - DkRTVCBSb290IENBIFgzMB4XDTIxMDEyMDE5MTQwM1oXDTI0MDkzMDE4MTQwM1ow - TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh - cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwggIiMA0GCSqGSIb3DQEB - AQUAA4ICDwAwggIKAoICAQCt6CRz9BQ385ueK1coHIe+3LffOJCMbjzmV6B493XC - ov71am72AE8o295ohmxEk7axY/0UEmu/H9LqMZshftEzPLpI9d1537O4/xLxIZpL - wYqGcWlKZmZsj348cL+tKSIG8+TA5oCu4kuPt5l+lAOf00eXfJlII1PoOK5PCm+D - LtFJV4yAdLbaL9A4jXsDcCEbdfIwPPqPrt3aY6vrFk/CjhFLfs8L6P+1dy70sntK - 4EwSJQxwjQMpoOFTJOwT2e4ZvxCzSow/iaNhUd6shweU9GNx7C7ib1uYgeGJXDR5 - bHbvO5BieebbpJovJsXQEOEO3tkQjhb7t/eo98flAgeYjzYIlefiN5YNNnWe+w5y - sR2bvAP5SQXYgd0FtCrWQemsAXaVCg/Y39W9Eh81LygXbNKYwagJZHduRze6zqxZ - Xmidf3LWicUGQSk+WT7dJvUkyRGnWqNMQB9GoZm1pzpRboY7nn1ypxIFeFntPlF4 - FQsDj43QLwWyPntKHEtzBRL8xurgUBN8Q5N0s8p0544fAQjQMNRbcTa0B7rBMDBc - SLeCO5imfWCKoqMpgsy6vYMEG6KDA0Gh1gXxG8K28Kh8hjtGqEgqiNx2mna/H2ql - PRmP6zjzZN7IKw0KKP/32+IVQtQi0Cdd4Xn+GOdwiK1O5tmLOsbdJ1Fu/7xk9TND - TwIDAQABo4IBRjCCAUIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw - SwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1 - c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx - +tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEEAYLfEwEB - ATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQu - b3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9E - U1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFHm0WeZ7tuXkAXOACIjIGlj26Ztu - MA0GCSqGSIb3DQEBCwUAA4IBAQAKcwBslm7/DlLQrt2M51oGrS+o44+/yQoDFVDC - 5WxCu2+b9LRPwkSICHXM6webFGJueN7sJ7o5XPWioW5WlHAQU7G75K/QosMrAdSW - 9MUgNTP52GE24HGNtLi1qoJFlcDyqSMo59ahy2cI2qBDLKobkx/J3vWraV0T9VuG - WCLKTVXkcGdtwlfFRjlBz4pYg1htmf5X6DYO8A4jqv2Il9DjXA6USbW1FzXSLr9O - he8Y4IWS6wY7bCkjCWDcRQJMEhg76fsO3txE+FiYruq9RUWhiF1myv4Q6W+CyBFC - Dfvp7OOGAN6dEOM4+qR9sdjoSYKEBpsr6GtPAQw4dy753ec5 - -----END CERTIFICATE----- diff --git a/examples/big-bang/config/kyverno.yaml b/examples/big-bang/config/kyverno.yaml deleted file mode 100644 index 0270d2975f..0000000000 --- a/examples/big-bang/config/kyverno.yaml +++ /dev/null @@ -1,27 +0,0 @@ -# Use Kyverno instead of Gatekeeper -gatekeeper: - enabled: false -clusterAuditor: - enabled: false -kyverno: - enabled: true -kyvernoPolicies: - enabled: true - values: - policies: - disallow-shared-subpath-volume-writes: - validationFailureAction: audit - restrict-host-ports: - validationFailureAction: audit - restrict-capabilities: - validationFailureAction: audit - restrict-image-registries: - validationFailureAction: audit - disallow-host-namespaces: - validationFailureAction: audit - disallow-privileged-containers: - validationFailureAction: audit - require-non-root-user: - validationFailureAction: audit - restrict-host-path-mount-pv: - validationFailureAction: audit diff --git a/examples/big-bang/config/loki.yaml b/examples/big-bang/config/loki.yaml deleted file mode 100644 index 8a85cfd658..0000000000 --- a/examples/big-bang/config/loki.yaml +++ /dev/null @@ -1,15 +0,0 @@ -# Use Loki instead of EFK -elasticsearchKibana: - enabled: false - -eckOperator: - enabled: false - -fluentbit: - enabled: false - -loki: - enabled: true - -promtail: - enabled: true diff --git a/examples/big-bang/config/neuvector.yaml b/examples/big-bang/config/neuvector.yaml deleted file mode 100644 index d804274901..0000000000 --- a/examples/big-bang/config/neuvector.yaml +++ /dev/null @@ -1,5 +0,0 @@ -# If running in k3s, this is needed for Neuvector to start properly -neuvector: - values: - k3s: - enabled: true diff --git a/examples/big-bang/virtualservices/gitea.yaml b/examples/big-bang/virtualservices/gitea.yaml deleted file mode 100644 index 713d683055..0000000000 --- a/examples/big-bang/virtualservices/gitea.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: networking.istio.io/v1alpha3 -kind: VirtualService -metadata: - name: gitea - namespace: zarf -spec: - gateways: - - istio-system/public - hosts: - - gitea.###ZARF_VAR_DOMAIN### - http: - - route: - - destination: - host: zarf-gitea-http.zarf.svc.cluster.local - port: - number: 3000 diff --git a/examples/big-bang/yolo/credentials.yaml b/examples/big-bang/yolo/credentials.yaml deleted file mode 100644 index 40b651da01..0000000000 --- a/examples/big-bang/yolo/credentials.yaml +++ /dev/null @@ -1,5 +0,0 @@ -registryCredentials: - registry: registry1.dso.mil - username: "###ZARF_VAR_REGISTRY1_USERNAME###" - password: "###ZARF_VAR_REGISTRY1_CLI_SECRET###" - email: "" diff --git a/examples/big-bang/yolo/private-registry.yaml b/examples/big-bang/yolo/private-registry.yaml deleted file mode 100644 index 11f1449e1c..0000000000 --- a/examples/big-bang/yolo/private-registry.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: private-registry - namespace: flux-system -type: kubernetes.io/dockerconfigjson -stringData: - .dockerconfigjson: |- - { - "auths": { - "registry1.dso.mil": { - "username": "###ZARF_VAR_REGISTRY1_USERNAME###", - "password": "###ZARF_VAR_REGISTRY1_CLI_SECRET###", - "email": "", - "auth": "###ZARF_VAR_REGISTRY1_AUTH###" - } - } - } diff --git a/examples/big-bang/yolo/zarf.yaml b/examples/big-bang/yolo/zarf.yaml deleted file mode 100644 index 80caf3bfd1..0000000000 --- a/examples/big-bang/yolo/zarf.yaml +++ /dev/null @@ -1,41 +0,0 @@ -kind: ZarfPackageConfig - -metadata: - name: yolo-big-bang - description: Deploy Big Bang Core in YOLO mode - # renovate: datasource=gitlab-releases depName=big-bang/bigbang versioning=semver registryUrl=https://repo1.dso.mil/ - version: 2.19.2 - url: https://p1.dso.mil/products/big-bang - architecture: amd64 - yolo: true - -variables: - - name: REGISTRY1_USERNAME - description: The username for pulling images from registry1.dso.mil - prompt: true - - name: REGISTRY1_CLI_SECRET - description: The CLI secret for pulling images from registry1.dso.mil - prompt: true - - name: REGISTRY1_AUTH - description: A base64 encoded concatenation of 'REGISTRY1_USERNAME:REGISTRY1_CLI_SECRET' - prompt: true - -components: - - name: flux-private-registry - required: true - manifests: - - name: private-registry - namespace: flux-system - files: - - private-registry.yaml - - name: bigbang - required: true - extensions: - bigbang: - # renovate: datasource=gitlab-releases depName=big-bang/bigbang versioning=semver registryUrl=https://repo1.dso.mil/ - version: 2.19.2 - valuesFiles: - - credentials.yaml - - ../config/ingress.yaml - - ../config/kyverno.yaml - - ../config/loki.yaml diff --git a/examples/big-bang/zarf.yaml b/examples/big-bang/zarf.yaml deleted file mode 100644 index 672ec4f8d1..0000000000 --- a/examples/big-bang/zarf.yaml +++ /dev/null @@ -1,99 +0,0 @@ -kind: ZarfPackageConfig -metadata: - name: big-bang-example - description: Deploy Big Bang Core - # renovate: datasource=gitlab-releases depName=big-bang/bigbang versioning=semver registryUrl=https://repo1.dso.mil/ - version: 2.19.2 - url: https://p1.dso.mil/products/big-bang - # Big Bang / Iron Bank are only amd64 - architecture: amd64 - -variables: - - name: DOMAIN - default: bigbang.dev - prompt: false - -components: - - name: bigbang - required: true - actions: - onRemove: - before: - - cmd: | - ./zarf tools kubectl patch helmrelease -n bigbang bigbang --type=merge -p '{"spec":{"suspend":true}}' - ./zarf tools kubectl delete helmrelease -n bigbang istio --ignore-not-found - ./zarf tools kubectl delete helmrelease -n bigbang istio-operator --ignore-not-found - ./zarf tools kubectl delete helmrelease -n bigbang monitoring --ignore-not-found - ./zarf tools kubectl delete providers grafana -n monitoring --ignore-not-found - ./zarf tools kubectl delete alerts grafana -n monitoring --ignore-not-found - ./zarf tools kubectl delete helmrelease -n bigbang promtail --ignore-not-found - ./zarf tools kubectl delete helmrelease -n bigbang loki --ignore-not-found - ./zarf tools kubectl delete kiali -n kiali kiali --ignore-not-found - ./zarf tools kubectl delete helmrelease -n bigbang tempo --ignore-not-found - ./zarf tools kubectl delete helmrelease -n bigbang neuvector --ignore-not-found - ./zarf tools kubectl delete validatingwebhookconfigurations.admissionregistration.k8s.io neuvector-validating-crd-webhook --ignore-not-found - ./zarf tools kubectl delete helmrelease -n bigbang kyverno-reporter --ignore-not-found - ./zarf tools kubectl delete helmrelease -n bigbang kyverno-policies --ignore-not-found - ./zarf tools kubectl delete helmrelease -n bigbang kyverno --ignore-not-found - ./zarf tools kubectl delete validatingwebhookconfigurations.admissionregistration.k8s.io kyverno-policy-validating-webhook-cfg kyverno-resource-validating-webhook-cfg --ignore-not-found - ./zarf tools kubectl delete helmrelease -n bigbang kiali --ignore-not-found - ./zarf tools kubectl delete helmrelease -n bigbang metrics-server --ignore-not-found - ./zarf tools kubectl delete apiservices.apiregistration.k8s.io -l helm.toolkit.fluxcd.io/namespace=bigbang,helm.toolkit.fluxcd.io/name=metrics-server --ignore-not-found - ./zarf tools kubectl delete gitrepositories -n bigbang -l app.kubernetes.io/part-of=bigbang - description: "Cleaning up Big Bang resources" - extensions: - bigbang: - # renovate: datasource=gitlab-releases depName=big-bang/bigbang versioning=semver registryUrl=https://repo1.dso.mil/ - version: 2.19.2 - valuesFiles: - # Istio configs - - config/ingress.yaml - # Use Kyverno instead of Gatekeeper - - config/kyverno.yaml - # Use PLG instead of EFK - - config/loki.yaml - # Needed when running in k3s. Otherwise Neuvector fails to start with an error saying it can't detect its runtime - - config/neuvector.yaml - # Values are merged in order, so this would override the above and disable everything if uncommented - # - config/disable-all.yaml - - name: gitea-virtual-service - description: > - Expose the internal Zarf Gitea server through the Big Bang Istio deployment via a virtual service. - (only applies if you are using the Zarf-provided Gitea deployment - not an externally configured git host) - manifests: - - name: gitea - namespace: zarf - files: - - virtualservices/gitea.yaml - -# YAML keys starting with `x-` are custom keys that are ignored by the Zarf CLI -# The `x-mdx` key is used to render the markdown content for https://docs.zarf.dev/ref/examples -x-mdx: | - import Properties from "@components/SchemaItemProperties.astro"; - - This package deploys [Big Bang](https://repo1.dso.mil/platform-one/big-bang/bigbang) using the Zarf `bigbang` extension. - - The `bigbang` noun sits within the `extensions` specification of Zarf and provides the following configuration: - - - - To see a tutorial for the creation and deployment of this package see the [Big Bang Tutorial](/tutorials/5-big-bang/). - - :::caution - - `valuesFiles` are processed in the order provided with Zarf adding an initial values file to populate registry - and git server credentials as the first file. Including credential `values` (even empty ones) will override - these values. This can be used to our advantage however for things like YOLO mode as described below. - - ::: - - ## Big Bang YOLO Mode Support - - The Big Bang extension also supports YOLO mode, provided that you add your own credentials for the image registry. - This is accomplished below with the `provision-flux-credentials` component and the `credentials.yaml` values file - which allows images to be pulled from [registry1.dso.mil](https://registry1.dso.mil). We demonstrate providing account - credentials via Zarf Variables, but there are other ways to populate the data in `private-registry.yaml`. - - You can learn about YOLO mode in the [FAQ](/faq#what-is-yolo-mode-and-why-would-i-use-it) or the [YOLO mode example](/ref/examples/yolo/). - - [Big Bang YOLO Mode Example](https://github.com/zarf-dev/zarf/tree/main/examples/big-bang/yolo). diff --git a/go.mod b/go.mod index 8c3819ac71..4a6222ab78 100644 --- a/go.mod +++ b/go.mod @@ -25,7 +25,6 @@ require ( github.com/fairwindsops/pluto/v5 v5.18.4 github.com/fatih/color v1.17.0 github.com/fluxcd/gitkit v0.6.0 - github.com/fluxcd/helm-controller/api v1.1.0 github.com/fluxcd/pkg/apis/meta v1.6.1 github.com/fluxcd/source-controller/api v1.4.1 github.com/go-git/go-git/v5 v5.12.0 @@ -285,7 +284,6 @@ require ( github.com/felixge/fgprof v0.9.3 // indirect github.com/felixge/httpsnoop v1.0.4 // indirect github.com/fluxcd/pkg/apis/acl v0.3.0 // indirect - github.com/fluxcd/pkg/apis/kustomize v1.6.1 // indirect github.com/fsnotify/fsnotify v1.7.0 // indirect github.com/fvbommel/sortorder v1.1.0 // indirect github.com/gabriel-vasile/mimetype v1.4.4 // indirect diff --git a/go.sum b/go.sum index b36c5e5e4e..14e8c6f9e0 100644 --- a/go.sum +++ b/go.sum @@ -735,12 +735,8 @@ github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2 github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/fluxcd/gitkit v0.6.0 h1:iNg5LTx6ePo+Pl0ZwqHTAkhbUHxGVSY3YCxCdw7VIFg= github.com/fluxcd/gitkit v0.6.0/go.mod h1:svOHuKi0fO9HoawdK4HfHAJJseZDHHjk7I3ihnCIqNo= -github.com/fluxcd/helm-controller/api v1.1.0 h1:NS5Wm3U6Kv4w7Cw2sDOV++vf2ecGfFV00x1+2Y3QcOY= -github.com/fluxcd/helm-controller/api v1.1.0/go.mod h1:BgHMgMY6CWynzl4KIbHpd6Wpn3FN9BqgkwmvoKCp6iE= github.com/fluxcd/pkg/apis/acl v0.3.0 h1:UOrKkBTOJK+OlZX7n8rWt2rdBmDCoTK+f5TY2LcZi8A= github.com/fluxcd/pkg/apis/acl v0.3.0/go.mod h1:WVF9XjSMVBZuU+HTTiSebGAWMgM7IYexFLyVWbK9bNY= -github.com/fluxcd/pkg/apis/kustomize v1.6.1 h1:22FJc69Mq4i8aCxnKPlddHhSMyI4UPkQkqiAdWFcqe0= -github.com/fluxcd/pkg/apis/kustomize v1.6.1/go.mod h1:5dvQ4IZwz0hMGmuj8tTWGtarsuxW0rWsxJOwC6i+0V8= github.com/fluxcd/pkg/apis/meta v1.6.1 h1:maLhcRJ3P/70ArLCY/LF/YovkxXbX+6sTWZwZQBeNq0= github.com/fluxcd/pkg/apis/meta v1.6.1/go.mod h1:YndB/gxgGZmKfqpAfFxyCDNFJFP0ikpeJzs66jwq280= github.com/fluxcd/source-controller/api v1.4.1 h1:zV01D7xzHOXWbYXr36lXHWWYS7POARsjLt61Nbh3kVY= diff --git a/site/src/content/docs/contribute/style-guide.mdx b/site/src/content/docs/contribute/style-guide.mdx index 48ece3aad9..8fd8c82c43 100644 --- a/site/src/content/docs/contribute/style-guide.mdx +++ b/site/src/content/docs/contribute/style-guide.mdx @@ -36,8 +36,8 @@ Follow these guidelines for creating Defense Unicorns content: - Use sentence-style capitalization for all body text. - Capitalize the first word of a sentence, heading, title, or label. - - Capitalize proper nouns and Defense Unicorn products. - - Zarf/Big Bang/K8s/K9s + - Capitalize proper nouns + - Zarf/K8s/K9s - When words are joined by a slash, capitalize the word after the slash if the word before it is capitalized. #### Title/Heading Style Capitalization diff --git a/site/src/content/docs/ref/components.mdx b/site/src/content/docs/ref/components.mdx index 419d43bc6d..debb24517c 100644 --- a/site/src/content/docs/ref/components.mdx +++ b/site/src/content/docs/ref/components.mdx @@ -261,12 +261,6 @@ When merging components together Zarf will adopt the following strategies depend | Un'name'd Primitive Arrays | `actions`, `dataInjections`, `files`, `images`, `repos` | These keys will append the overriding component's version of the array to the end of the base component's array | | 'name'd Primitive Arrays | `charts`, `manifests` | For any given element in the overriding component, if the element matches based on `name` then its values will be merged with the base element of the same `name`. If not then the element will be appended to the end of the array | -### Extensions - - - - - ### Health Checks @@ -321,3 +315,7 @@ $ zarf package deploy ./path/to/package.tar.zst --components=optional-component- ``` ::: + +## Extensions (Removed) + +Extensions were removed from Zarf in v0.41.0. To create packages similar to those previously built with extensions, check out https://github.com/defenseunicorns-partnerships/generate-big-bang-zarf-package diff --git a/site/src/content/docs/tutorials/5-big-bang.mdx b/site/src/content/docs/tutorials/5-big-bang.mdx deleted file mode 100644 index bf073df59a..0000000000 --- a/site/src/content/docs/tutorials/5-big-bang.mdx +++ /dev/null @@ -1,211 +0,0 @@ ---- -title: Using Big Bang with Zarf -sidebar: - order: 6 ---- - -## Introduction - -This tutorial describes how to use Big Bang with Zarf for Air Gap deployments through the use of the Big Bang Zarf extension. If you are not familiar with Big Bang you can learn more about it here: https://p1.dso.mil/products/big-bang, but in short it is a DevSecOps platform that contains many useful tools for building, managing, and running software projects while adhering to the [United States Department of Defense DevSecOps Reference Design](https://public.cyber.mil/devsecops/). - -Zarf integrates with Big Bang through the use of an extension that simplifies the selection of Big Bang packages and the pulling of the required artifacts to deploy those packages in an Air Gap. - -### Limitations - -The current version of this extension requires Big Bang version `1.54.0` or later, and is not fully integrated into the `zarf package remove` lifecycle (see the [Big Bang example](/ref/examples/big-bang/) for how to introduce those lifecycle hooks manually). Zarf also relies on [helm.sh/images annotations](https://github.com/helm/community/blob/main/hips/hip-0015.md) to discover images within charts (e.g. [GitLab](https://repo1.dso.mil/big-bang/product/packages/gitlab/-/blob/main/chart/Chart.yaml#L61)) - this is a relatively new feature for Big Bang so if you see an `ImagePullBackOff` error, check that these annotations are set correctly for the sub charts you are using. To work around this issue if you come across it, simply add the missing image to the images list on the same component that contains the Big Bang extension like the following: - -```yaml -components: - - name: bigbang - required: true - images: - - registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-exporter:15.9.2 - extensions: - bigbang: - version: 1.54.0 -``` - -## System Requirements - -Big Bang requires a reasonably powerful `amd64` system that scales up with the number of components deployed. We recommend at least `32 GB` of RAM and a high-speed internet connection to complete this tutorial. - -To learn more about Big Bang's requirements in general, see their documentation: https://docs-bigbang.dso.mil/latest/docs/prerequisites/minimum-hardware-requirements/ - -## Prerequisites - -Before beginning this tutorial you will need the following: - -- A local copy of the Zarf repository - - `git clone https://github.com/zarf-dev/zarf.git` -- A kubernetes cluster onto which you can deploy Zarf and Big Bang -- The latest version of the Zarf `cli` - - Follow instructions on https://docs.zarf.dev/getting-started/install/ -- An account on `https://registry1.dso.mil` to retrieve Big Bang images - - You can register for an account [here](https://login.dso.mil/auth/realms/baby-yoda/protocol/openid-connect/registrations?client_id=account&response_type=code) - -:::note - -If you followed the [Setting Up a Local Kubernetes Cluster](/tutorials/#setting-up-a-local-kubernetes-cluster) instructions for other Zarf tutorials, you will need to pass additional command flags to `k3d` for it to work with Big Bang. See the below to create a working cluster: - -```bash -k3d cluster create - # Required by the PLG stack - --volume /etc/machine-id:/etc/machine-id - - # Required for Istio ingress - --k3s-arg "--disable=traefik@server:0" - --port 80:80@loadbalancer - --port 443:443@loadbalancer - - # Required for TLS to work correctly with kubectl - --k3s-arg "--tls-san=$SERVER_IP@server:0" - --api-port 6443 -``` - -If you tweak the packages that are deployed there may be other configuration options you need to specify, please refer to the [Big Bang documentation](https://docs-bigbang.dso.mil/latest/) for more details. - -::: - -## Package Creation - -The below section covers creating and tuning the Big Bang package: - -### Setup - -By default, Big Bang uses images from [Iron Bank](https://p1.dso.mil/products/iron-bank) which will require you to set your login credentials for [Registry One](https://registry1.dso.mil) (see [pre-requisites](#prerequisites) for information on account setup). - -```bash -# Authenticate to https://registry1.dso.mil/, then retrieve your CLI secret from your User Profile and run the following: -set +o history -export REGISTRY1_USERNAME= -export REGISTRY1_CLI_SECRET= -echo $REGISTRY1_CLI_SECRET | zarf tools registry login registry1.dso.mil --username $REGISTRY1_USERNAME --password-stdin -set -o history -``` - -Now navigate to the `examples/big-bang` folder within the Zarf repository you cloned in the [pre-requisites](#prerequisites) section. - -### Configure Big Bang - -Within the `examples/big-bang` folder you will see a `zarf.yaml` that has the following [component](/ref/components/) defined: - -```yaml -components: - - name: bigbang - required: true - extensions: - bigbang: - version: 1.54.0 - skipFlux: false - valuesFiles: - - config/minimal.yaml #turns on just istio - - config/ingress.yaml # adds istio certs for *.bigbang.dev - - config/kyverno.yaml # turns on kyverno - - config/loki.yaml # turns on loki and monitoring -``` - -This component uses the `bigbang` extension to define the version of Big Bang to use and the values files to apply. Feel free to inspect and configure the values.yaml files as you wish and to learn more about Big Bang's configuration see their values guide: https://docs-bigbang.dso.mil/latest/docs/guides/using-bigbang/values-guide/ - -:::note - -The `valuesFiles` are applied from top to bottom and will apply the last value that was provided for any given key. - -::: - -:::note - -This extension requires Big Bang version `1.54.0` or later. - -::: - - -### Package Big Bang - -When you're ready to continue you can create a Big Bang package by running the following command in `examples/big-bang`: - -```bash -zarf package create -``` - -Now wait for the package creation to complete and you should see a `zarf-package-big-bang-example-amd64-x.x.x.tar.zst` file in the directory. - - -## Package Deployment - -The below section covers deploying the Big Bang package from the previous section: - -### Initialize Zarf - -Before you can deploy the Big Bang package you must first initialize Zarf on the cluster you created in the [pre-requisites](#prerequisites) section. To do so you can run the following: - -```bash -# Initialize Zarf (interactively) -zarf init -# Make these choices at the prompts -# ? Do you want to download this init package? Yes -# ? Deploy this Zarf package? Yes -# ? Deploy the k3s component? No -# ? Deploy the git-server component? Yes - -# (Optional) Inspect the results -zarf tools k9s -``` - -:::note - -The `git-server` component is required by Big Bang as it uses it as a source for Flux deployments. - -::: - - -### Deploy Big Bang - -Now you are ready to deploy Big Bang, and can do so with the following in the `examples/big-bang` directory: - -```bash -# Deploy Big Bang (interactively) -zarf package deploy -# Make these choices at the prompts -# ? Choose or type the package file [tab for suggestions] zarf-package-big-bang-example-amd64-x.x.x.tar.zst -# ? Deploy this Zarf package? Yes -``` - -### See The Results - -Once the install completes you can inspect the results and watch the Big Bang components deploy using the following: - -```bash -zarf tools k9s - -# To view different k8s objects you can use the following: - -# Helm Releases: -# :hr [Enter] -# Pods: -# :pods [Enter] -# Services: -# :svc [Enter] -# Secrets: -# :secret [Enter] -# ConfigMaps: -# :configmap [Enter] - -# When you are done use the following to quit -# :q [Enter] -``` - -## Package Removal - -The Big Bang extension is not fully integrated into the Zarf package remove lifecycle. To get around this limitation, an [`onRemove.before` action](/ref/actions/) has been added to the bigbang component in the zarf.yaml file that ensures all the Big Bang resources are torn down in the correct order when Zarf is used to remove the package: - -```bash -zarf package remove big-bang-example --confirm -``` - -## Troubleshooting - -See the Troubleshooting section of the Big Bang Quick Start for help troubleshooting the Big Bang deployment: https://repo1.dso.mil/big-bang/bigbang/-/blob/master/docs/guides/deployment-scenarios/quickstart.md#troubleshooting - -Also, ensure that you have followed all of the steps required in the [pre-requisites](#prerequisites) section. - -If you feel that the error you are encountering is one with Zarf feel free to [open an issue](https://github.com/zarf-dev/zarf/issues/new/choose) or reach out via [slack](https://kubernetes.slack.com/archives/C03B6BJAUJ3). diff --git a/src/api/v1alpha1/component.go b/src/api/v1alpha1/component.go index 9827410b43..74ac45251c 100644 --- a/src/api/v1alpha1/component.go +++ b/src/api/v1alpha1/component.go @@ -6,7 +6,6 @@ package v1alpha1 import ( "github.com/invopop/jsonschema" - "github.com/zarf-dev/zarf/src/api/v1alpha1/extensions" ) // ZarfComponent is the primary functional grouping of assets to deploy by Zarf. @@ -53,9 +52,6 @@ type ZarfComponent struct { // List of git repos to include in the package. Repos []string `json:"repos,omitempty"` - // Extend component functionality with additional features. - Extensions extensions.ZarfComponentExtensions `json:"extensions,omitempty"` - // [Deprecated] (replaced by actions) Custom commands to run before or after package deployment. This will be removed in Zarf v1.0.0. DeprecatedScripts DeprecatedZarfComponentScripts `json:"scripts,omitempty" jsonschema:"deprecated=true"` diff --git a/src/api/v1alpha1/extensions/bigbang.go b/src/api/v1alpha1/extensions/bigbang.go deleted file mode 100644 index af357d5990..0000000000 --- a/src/api/v1alpha1/extensions/bigbang.go +++ /dev/null @@ -1,19 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 -// SPDX-FileCopyrightText: 2021-Present The Zarf Authors - -// Package extensions contains the types for all official extensions. -package extensions - -// BigBang holds the configuration for the Big Bang extension. -type BigBang struct { - // The version of Big Bang to use. - Version string `json:"version"` - // Override repo to pull Big Bang from instead of Repo One. - Repo string `json:"repo,omitempty"` - // The list of values files to pass to Big Bang; these will be merged together. - ValuesFiles []string `json:"valuesFiles,omitempty"` - // Whether to skip deploying flux; Defaults to false. - SkipFlux bool `json:"skipFlux,omitempty"` - // Optional paths to Flux kustomize strategic merge patch files. - FluxPatchFiles []string `json:"fluxPatchFiles,omitempty"` -} diff --git a/src/api/v1alpha1/extensions/common.go b/src/api/v1alpha1/extensions/common.go deleted file mode 100644 index 1df82730ab..0000000000 --- a/src/api/v1alpha1/extensions/common.go +++ /dev/null @@ -1,11 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 -// SPDX-FileCopyrightText: 2021-Present The Zarf Authors - -// Package extensions contains the types for all official extensions. -package extensions - -// ZarfComponentExtensions is a struct that contains all the official extensions. -type ZarfComponentExtensions struct { - // Configurations for installing Big Bang and Flux in the cluster. - BigBang *BigBang `json:"bigbang,omitempty"` -} diff --git a/src/extensions/bigbang/banner.go b/src/extensions/bigbang/banner.go deleted file mode 100644 index e6791eec58..0000000000 --- a/src/extensions/bigbang/banner.go +++ /dev/null @@ -1,101 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 -// SPDX-FileCopyrightText: 2021-Present The Zarf Authors - -// Package bigbang contains the logic for installing Big Bang and Flux -package bigbang - -import ( - "github.com/pterm/pterm" - "github.com/zarf-dev/zarf/src/pkg/message" -) - -func printBanner() { - // Only print the banner if the terminal is wide enough and no-progress isn't set. - if message.NoProgress || pterm.GetTerminalWidth() < 125 { - message.Note("Loading Big Bang extension (this may take a few minutes)") - return - } - - smokey := `                                                                                                                             -                                                       ((/(((((((((//(.                                                      -                                                    (//*/.((((((((((,/,///                                                   -                                                .///,,,  (((((((((((.  .*,///                                                -                                            ,///,.     *((((((((((((((      ,,///                                            -                                       /////,      ,/((((((((((((((((((((/       /////,                                      -                                    (&&&&&&&#/,  .,*//////////////////////*,  .*#&&&&&&&%,                                   -                                   ((((((((((#&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&%(((((((((((                                  -                                   ///       (    (((*   /(,    /(.  (*  /      *  *(  *///                                  -                                   ///   */*,/     (/    /  .(/  ..  *  /(  .(((((     ///*                                  -                                   ,,*//,    /  *  *  *  /  ,((  ..    ,((       //   //,,,                                  -                                   ,,,       *  /,   /,  /  ,//  .,  /  ./   //**//*  /,,,,                                  -                      .,,,,,,,,,,, ,,,,*///*,*. //  //   /*      /,  //   .     ,*,***,,,,, ,,,,,,,,,,,                      - .//*//((((((((/,  .  ,,**//////////,  .,,,,,,,,,,*////////////////////////,,,,,,,,,,.  .*//////////*,,.  , .*(((((((((//*/( -   ////**  ./////((/.     .,,,.   .*/////(((((((((//////////////////////////(((((((((/////,.   .,,,.     ,/((////*. ,**///,  -      ///////*******. ,//(((((((*       .,,,,.      .*//////////////////*.     .,,,,.       ,(((((((///  ,*******///////     -         ///////////******. .//((((((((((((((((((//,,.                  .,*/((((((((((((((((((//*  .*****///////////,        -           /////////////////*** .//((((((((((//////((((((((((((((((((((((((//////((((((((((// ,***/////////////////          -            */////////////////*** //(((((./((((((((//,(((((((((((((((((/.//(((((((/./(((((/.***//////////////////            -             ./////////////////*** /(((((       #@@(.(( ((((((((((((((/((     (@@@  .(((((*.**//////////////////             -               ////////////////*** /(((         @@@@   /((((((((((((((/       ,@@&    /(((/ ***///////////////,              -                 /////////////**** /(((/                //////////////               *(((// ****////////////*                -                    /////***** *** /(((((/            //,(((/(((//(((./.           */((((// **, ****/////* .                 -                         .*//////////(((((((//////////(((((((((((((((((//////////(((((((///////////*                         -                                    ///((((((((((((((((((( ,/(((// .(((((((((((((((((((//* ..                                -                                   .  ///((((((((((((((((((((((((((((((((((////**,.                                          -                                   ,/(/.      .  ..,,,...            ...,,,.  *(((((/////                                    -                                   ,*/(((((((// ,,,,,,.               .,,,,,,, (((///*,                                      -                                    ,*/((((((**(( ,,,,,,,,,,,,@,,,,,,,,,,,,.,(( /*,. .(((((                                  -                                 .&(  .,*/((( /,*, ,,,,,,#&@&,@*@@&#,,,,,,, *,/   ,,,,,,,.&&                                 -                                %&.,,,,,,    ,((,  ,,,,,,*&,@@@@&,@*,,,,,,,  ((/(  ,,,,,,,, &.                               -                              #&,////,,, /(((/*(*.. ,,,,@%@,,@@@,,@%@,,,, .. /( (.((. ,,*//// &                              -                              & /(((/*,.((( ((/* . ,,,,,,,,%@@&@@(,,,,,,,,  , /(((/((( ,/((((/%,                             -                              & /(((//,,///((//*   .,,,,,,,,,,,,,,,,,,,,,,    *//(//// ,/((((/#                              -                              # /((((/, ///****  ,,, (((((((/ ,,./(((((((.,,,  ***//// //((((/#                              -                                /(/((// ****    ,,*,,(&&&&&&& ///&&&&&&&( /,,,   ,***.,//((/(/.                              -                                ////(///      ,*// (%&&&&&&&& ///&&&&&&&&(*,//..      //((/(/,                               -                                 ///////*   , //**(&&&&&&&&&& //*&&&&&&&&&%( ///,.   ///////.                                -                                    ,////////// (#&&&&&&&&&&& //.&&&&&&&&&&&(( //////////                                    -                                          *.  (((&&&&&&&&&&&#./,.&&&&&&&&/ &&((/. /                                          -                                       /&% //,  // .&&&&&&&&.///// &&&&&&,//... (// &(/                                      -                                     & ,,  //// ./* &&&&&&&&& ./////& *////*//,*//   * #*                                    -                                     &&  /// //*/.///////,&&%/*///*& ////////,/ ///// %&                                     -                                      &&& ***./ ///,*/////&&// /// ///////////*// *  &&#                                     -                                       &&&% */*////././/// &,/////.////(////////// &&&.                                      -                                         ////////(/,/ ////.///((///**/((//////(//././                                        -                                            .////(///./// ///((((//////((/(///(// /.                                         -                                             //((,//(//./,////(((((((// ((((/((///*                                          -                                         , ./(((((*/((///////((((((((// (((((((/////                                         -                                          *//((((( //((((((((((((((((/ (((((((((/////                                        -                                            .((((((* /((((((((((((((//,((((((((((( .*.                                       -                                .  .,,,,,*,,,,,,,,,, (((((((((.,,,,,.////.((((((( ,,,(((/.                                   -                               , &&&&&%# ,,,,,/ ,,, ((((((( (.,,,,,,,,,,, .(((((,,(**#&&&&&*(                                -                              ,%&*&&&&&/,,,,,,,,,,,,,(((./(..(/*/(/(((/,,((((,.,,,,/.&&&&&(&(.                               -                               (&(&&&&#(* .  ,,,,,,,,  *(&&&&&&&&&&%(((&#( ,,,,, ..(&*&&&&(%/                                -                              ,.*& (#%(( ,,,. ,,,,    .(%(&&&&&&&&&&&&((*  ,,,..,, ,(#(((,(/(,                               -                                , /./*./,,,.         ,,/*#&&&&&&&&&&&&%#/(.     .,, (.*/.*.,.                                -                                                       ,(/#(&&&&&&&&&%##(..                                                  -                                                       .( *((((((((((/*(/,                                                   -                                                          ,,,,,.  .,,,                                                       - - - - ###### # # ####### ####### ####### ###### # # ####### # # ####### - # # # # # # # # # # # ## ## # # ## # # - # # # # # # # # # # # # # # # # # # # # # - ###### # # # # ##### # # ###### # # # # # # # # ##### - # # ####### # # # # # # # # # # # # # # - # # # # # # # # # # # # # # # ## # - # ####### # # # # ####### # # # # ####### # # ####### - - ###### ### ##### ###### # # # ##### - # # # # # # # # # ## # # # - # # # # # # # # # # # # - ###### # # #### ###### # # # # # # #### - # # # # # # # ####### # # # # # - # # # # # # # # # # ## # # - ###### ### ##### ###### # # # # ##### - -` - - pterm.Print(smokey) -} diff --git a/src/extensions/bigbang/bigbang.go b/src/extensions/bigbang/bigbang.go deleted file mode 100644 index 6b59d2a829..0000000000 --- a/src/extensions/bigbang/bigbang.go +++ /dev/null @@ -1,553 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 -// SPDX-FileCopyrightText: 2021-Present The Zarf Authors - -// Package bigbang contains the logic for installing Big Bang and Flux -package bigbang - -import ( - "context" - "fmt" - "os" - "path" - "path/filepath" - "strings" - "time" - - "github.com/Masterminds/semver/v3" - "github.com/defenseunicorns/pkg/helpers/v2" - fluxHelmCtrl "github.com/fluxcd/helm-controller/api/v2beta1" - fluxSrcCtrl "github.com/fluxcd/source-controller/api/v1beta2" - "github.com/zarf-dev/zarf/src/api/v1alpha1" - "github.com/zarf-dev/zarf/src/api/v1alpha1/extensions" - "github.com/zarf-dev/zarf/src/internal/packager/helm" - "github.com/zarf-dev/zarf/src/pkg/layout" - "github.com/zarf-dev/zarf/src/pkg/message" - "github.com/zarf-dev/zarf/src/pkg/utils" - "github.com/zarf-dev/zarf/src/pkg/variables" - "helm.sh/helm/v3/pkg/chartutil" - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "sigs.k8s.io/yaml" -) - -// Default location for pulling Big Bang. -const ( - bb = "bigbang" - bbRepo = "https://repo1.dso.mil/big-bang/bigbang.git" - bbMinRequiredVersion = "1.54.0" -) - -var tenMins = metav1.Duration{ - Duration: 10 * time.Minute, -} - -// Run mutates a component that should deploy Big Bang to a set of manifests -// that contain the flux deployment of Big Bang -func Run(ctx context.Context, YOLO bool, tmpPaths *layout.ComponentPaths, c v1alpha1.ZarfComponent) (v1alpha1.ZarfComponent, error) { - cfg := c.Extensions.BigBang - manifests := []v1alpha1.ZarfManifest{} - - validVersionResponse, err := isValidVersion(cfg.Version) - - if err != nil { - return c, fmt.Errorf("could not parse the Big Bang version %s: %w", cfg.Version, err) - } - - // Make sure the version is valid. - if !validVersionResponse { - return c, fmt.Errorf("Big Bang version %s must be at least %s", cfg.Version, bbMinRequiredVersion) - } - - // Print the banner for Big Bang. - printBanner() - - // If no repo is provided, use the default. - if cfg.Repo == "" { - cfg.Repo = bbRepo - } - - // By default, we want to deploy flux. - if !cfg.SkipFlux { - fluxManifest, images, err := getFlux(tmpPaths.Temp, cfg) - if err != nil { - return c, err - } - - // Add the flux manifests to the list of manifests to be pulled down by Zarf. - manifests = append(manifests, fluxManifest) - - if !YOLO { - // Add the images to the list of images to be pulled down by Zarf. - c.Images = append(c.Images, images...) - } - } - - bbRepo := fmt.Sprintf("%s@%s", cfg.Repo, cfg.Version) - - // Configure helm to pull down the Big Bang chart. - helmCfg := helm.New( - v1alpha1.ZarfChart{ - Name: bb, - Namespace: bb, - URL: bbRepo, - Version: cfg.Version, - ValuesFiles: cfg.ValuesFiles, - GitPath: "./chart", - }, - path.Join(tmpPaths.Temp, bb), - path.Join(tmpPaths.Temp, bb, "values"), - helm.WithVariableConfig(&variables.VariableConfig{}), - ) - - // Download the chart from Git and save it to a temporary directory. - err = helmCfg.PackageChartFromGit(ctx, c.DeprecatedCosignKeyPath) - if err != nil { - return c, fmt.Errorf("unable to download Big Bang Chart: %w", err) - } - - // Template the chart so we can see what GitRepositories are being referenced in the - // manifests created with the provided Helm. - template, _, err := helmCfg.TemplateChart(ctx) - if err != nil { - return c, fmt.Errorf("unable to template Big Bang Chart: %w", err) - } - - // Add the Big Bang repo to the list of repos to be pulled down by Zarf. - if !YOLO { - bbRepo := fmt.Sprintf("%s@%s", cfg.Repo, cfg.Version) - c.Repos = append(c.Repos, bbRepo) - } - // Parse the template for GitRepository objects and add them to the list of repos to be pulled down by Zarf. - gitRepos, hrDependencies, hrValues, err := findBBResources(template) - if err != nil { - return c, fmt.Errorf("unable to find Big Bang resources: %w", err) - } - if !YOLO { - for _, gitRepo := range gitRepos { - c.Repos = append(c.Repos, gitRepo) - } - } - - // Generate a list of HelmReleases that need to be deployed in order. - dependencies := []utils.Dependency{} - for _, hrDep := range hrDependencies { - dependencies = append(dependencies, hrDep) - } - namespacedHelmReleaseNames, err := utils.SortDependencies(dependencies) - if err != nil { - return c, fmt.Errorf("unable to sort Big Bang HelmReleases: %w", err) - } - - // ten minutes in seconds - maxTotalSeconds := 10 * 60 - - defaultMaxTotalSeconds := c.Actions.OnDeploy.Defaults.MaxTotalSeconds - if defaultMaxTotalSeconds > maxTotalSeconds { - maxTotalSeconds = defaultMaxTotalSeconds - } - - // Add wait actions for each of the helm releases in generally the order they should be deployed. - for _, hrNamespacedName := range namespacedHelmReleaseNames { - hr := hrDependencies[hrNamespacedName] - action := v1alpha1.ZarfComponentAction{ - Description: fmt.Sprintf("Big Bang Helm Release `%s` to be ready", hrNamespacedName), - MaxTotalSeconds: &maxTotalSeconds, - Wait: &v1alpha1.ZarfComponentActionWait{ - Cluster: &v1alpha1.ZarfComponentActionWaitCluster{ - Kind: "HelmRelease", - Name: hr.Metadata.Name, - Namespace: hr.Metadata.Namespace, - Condition: "ready", - }, - }, - } - - // In Big Bang the metrics-server is a special case that only deploy if needed. - // The check it, we need to look for the existence of APIService instead of the HelmRelease, which - // may not ever be created. See links below for more details. - // https://repo1.dso.mil/big-bang/bigbang/-/blob/1.54.0/chart/templates/metrics-server/helmrelease.yaml - if hr.Metadata.Name == "metrics-server" { - action.Description = "K8s metric server to exist or be deployed by Big Bang" - action.Wait.Cluster = &v1alpha1.ZarfComponentActionWaitCluster{ - Kind: "APIService", - // https://github.com/kubernetes-sigs/metrics-server#compatibility-matrix - Name: "v1beta1.metrics.k8s.io", - } - } - - c.Actions.OnDeploy.OnSuccess = append(c.Actions.OnDeploy.OnSuccess, action) - } - - t := true - failureGeneral := []string{ - "get nodes -o wide", - "get hr -n bigbang", - "get gitrepo -n bigbang", - "get pods -A", - } - failureDebug := []string{ - "describe hr -n bigbang", - "describe gitrepo -n bigbang", - "describe pods -A", - "describe nodes", - "get events -A", - } - - // Add onFailure actions with additional troubleshooting information. - for _, cmd := range failureGeneral { - c.Actions.OnDeploy.OnFailure = append(c.Actions.OnDeploy.OnFailure, v1alpha1.ZarfComponentAction{ - Cmd: fmt.Sprintf("./zarf tools kubectl %s", cmd), - }) - } - - for _, cmd := range failureDebug { - c.Actions.OnDeploy.OnFailure = append(c.Actions.OnDeploy.OnFailure, v1alpha1.ZarfComponentAction{ - Mute: &t, - Description: "Storing debug information to the log for troubleshooting.", - Cmd: fmt.Sprintf("./zarf tools kubectl %s", cmd), - }) - } - - // Add a pre-remove action to suspend the Big Bang HelmReleases to prevent reconciliation during removal. - c.Actions.OnRemove.Before = append(c.Actions.OnRemove.Before, v1alpha1.ZarfComponentAction{ - Description: "Suspend Big Bang HelmReleases to prevent reconciliation during removal.", - Cmd: `./zarf tools kubectl patch helmrelease -n bigbang bigbang --type=merge -p '{"spec":{"suspend":true}}'`, - }) - - // Select the images needed to support the repos for this configuration of Big Bang. - if !YOLO { - for _, hr := range hrDependencies { - namespacedName := getNamespacedNameFromMeta(hr.Metadata) - gitRepo := gitRepos[hr.NamespacedSource] - values := hrValues[namespacedName] - - images, err := findImagesforBBChartRepo(ctx, gitRepo, values) - if err != nil { - return c, fmt.Errorf("unable to find images for chart repo: %w", err) - } - - c.Images = append(c.Images, images...) - } - - // Make sure the list of images is unique. - c.Images = helpers.Unique(c.Images) - } - - // Create the flux wrapper around Big Bang for deployment. - manifest, err := addBigBangManifests(YOLO, tmpPaths.Temp, cfg) - if err != nil { - return c, err - } - - // Add the Big Bang manifests to the list of manifests to be pulled down by Zarf. - manifests = append(manifests, manifest) - - // Prepend the Big Bang manifests to the list of manifests to be pulled down by Zarf. - // This is done so that the Big Bang manifests are deployed first. - c.Manifests = append(manifests, c.Manifests...) - - return c, nil -} - -// Skeletonize mutates a component so that the valuesFiles can be contained inside a skeleton package -func Skeletonize(tmpPaths *layout.ComponentPaths, c v1alpha1.ZarfComponent) (v1alpha1.ZarfComponent, error) { - for valuesIdx, valuesFile := range c.Extensions.BigBang.ValuesFiles { - // Get the base file name for this file. - baseName := filepath.Base(valuesFile) - - // Define the name as the file name without the extension. - baseName = strings.TrimSuffix(baseName, filepath.Ext(baseName)) - - // Add the skeleton name prefix. - skelName := fmt.Sprintf("bb-skel-vals-%d-%s.yaml", valuesIdx, baseName) - - rel := filepath.Join(layout.TempDir, skelName) - dst := filepath.Join(tmpPaths.Base, rel) - - if err := helpers.CreatePathAndCopy(valuesFile, dst); err != nil { - return c, err - } - - c.Extensions.BigBang.ValuesFiles[valuesIdx] = rel - } - - for fluxPatchFileIdx, fluxPatchFile := range c.Extensions.BigBang.FluxPatchFiles { - // Get the base file name for this file. - baseName := filepath.Base(fluxPatchFile) - - // Define the name as the file name without the extension. - baseName = strings.TrimSuffix(baseName, filepath.Ext(baseName)) - - // Add the skeleton name prefix. - skelName := fmt.Sprintf("bb-skel-flux-patch-%d-%s.yaml", fluxPatchFileIdx, baseName) - - rel := filepath.Join(layout.TempDir, skelName) - dst := filepath.Join(tmpPaths.Base, rel) - - if err := helpers.CreatePathAndCopy(fluxPatchFile, dst); err != nil { - return c, err - } - - c.Extensions.BigBang.FluxPatchFiles[fluxPatchFileIdx] = rel - } - - return c, nil -} - -// Compose mutates a component so that its local paths are relative to the provided path -// -// additionally, it will merge any overrides -func Compose(c *v1alpha1.ZarfComponent, override v1alpha1.ZarfComponent, relativeTo string) { - // perform any overrides - if override.Extensions.BigBang != nil { - for valuesIdx, valuesFile := range override.Extensions.BigBang.ValuesFiles { - if helpers.IsURL(valuesFile) { - continue - } - - fixed := filepath.Join(relativeTo, valuesFile) - override.Extensions.BigBang.ValuesFiles[valuesIdx] = fixed - } - - for fluxPatchFileIdx, fluxPatchFile := range override.Extensions.BigBang.FluxPatchFiles { - if helpers.IsURL(fluxPatchFile) { - continue - } - - fixed := filepath.Join(relativeTo, fluxPatchFile) - override.Extensions.BigBang.FluxPatchFiles[fluxPatchFileIdx] = fixed - } - - if c.Extensions.BigBang == nil { - c.Extensions.BigBang = override.Extensions.BigBang - } else { - c.Extensions.BigBang.ValuesFiles = append(c.Extensions.BigBang.ValuesFiles, override.Extensions.BigBang.ValuesFiles...) - c.Extensions.BigBang.FluxPatchFiles = append(c.Extensions.BigBang.FluxPatchFiles, override.Extensions.BigBang.FluxPatchFiles...) - } - } -} - -// isValidVersion check if the version is 1.54.0 or greater. -func isValidVersion(version string) (bool, error) { - specifiedVersion, err := semver.NewVersion(version) - - if err != nil { - return false, err - } - - minRequiredVersion, _ := semver.NewVersion(bbMinRequiredVersion) - - // Evaluating pre-releases too - c, _ := semver.NewConstraint(fmt.Sprintf(">= %s-0", minRequiredVersion)) - - // This extension requires BB 1.54.0 or greater. - return c.Check(specifiedVersion), nil -} - -// findBBResources takes a list of yaml objects (as a string) and -// parses it for GitRepository objects that it then parses -// to return the list of git repos and tags needed. -func findBBResources(t string) (gitRepos map[string]string, helmReleaseDeps map[string]HelmReleaseDependency, helmReleaseValues map[string]map[string]interface{}, err error) { - // Break the template into separate resources. - yamls, _ := utils.SplitYAMLToString([]byte(t)) - - gitRepos = map[string]string{} - helmReleaseDeps = map[string]HelmReleaseDependency{} - helmReleaseValues = map[string]map[string]interface{}{} - secrets := map[string]corev1.Secret{} - configMaps := map[string]corev1.ConfigMap{} - - for _, y := range yamls { - var ( - h fluxHelmCtrl.HelmRelease - g fluxSrcCtrl.GitRepository - s corev1.Secret - c corev1.ConfigMap - ) - - if err := yaml.Unmarshal([]byte(y), &h); err != nil { - continue - } - - // If the resource is a HelmRelease, parse it for the dependencies. - if h.Kind == fluxHelmCtrl.HelmReleaseKind { - var deps []string - for _, d := range h.Spec.DependsOn { - depNamespacedName := getNamespacedNameFromStr(d.Namespace, d.Name) - deps = append(deps, depNamespacedName) - } - - namespacedName := getNamespacedNameFromMeta(h.ObjectMeta) - srcNamespacedName := getNamespacedNameFromStr(h.Spec.Chart.Spec.SourceRef.Namespace, - h.Spec.Chart.Spec.SourceRef.Name) - - helmReleaseDeps[namespacedName] = HelmReleaseDependency{ - Metadata: h.ObjectMeta, - NamespacedDependencies: deps, - NamespacedSource: srcNamespacedName, - ValuesFrom: h.Spec.ValuesFrom, - } - - // Skip the rest as this is not a GitRepository. - continue - } - - if err := yaml.Unmarshal([]byte(y), &g); err != nil { - continue - } - - // If the resource is a GitRepository, parse it for the URL and tag. - if g.Kind == fluxSrcCtrl.GitRepositoryKind && g.Spec.URL != "" { - ref := "master" - - switch { - case g.Spec.Reference.Commit != "": - ref = g.Spec.Reference.Commit - - case g.Spec.Reference.SemVer != "": - ref = g.Spec.Reference.SemVer - - case g.Spec.Reference.Tag != "": - ref = g.Spec.Reference.Tag - - case g.Spec.Reference.Branch != "": - ref = g.Spec.Reference.Branch - } - - // Set the URL and tag in the repo map - namespacedName := getNamespacedNameFromMeta(g.ObjectMeta) - gitRepos[namespacedName] = fmt.Sprintf("%s@%s", g.Spec.URL, ref) - } - - if err := yaml.Unmarshal([]byte(y), &s); err != nil { - continue - } - - // If the resource is a Secret, parse it so it can be used later for value templating. - if s.Kind == "Secret" { - namespacedName := getNamespacedNameFromMeta(s.ObjectMeta) - secrets[namespacedName] = s - } - - if err := yaml.Unmarshal([]byte(y), &c); err != nil { - continue - } - - // If the resource is a Secret, parse it so it can be used later for value templating. - if c.Kind == "ConfigMap" { - namespacedName := getNamespacedNameFromMeta(c.ObjectMeta) - configMaps[namespacedName] = c - } - } - - for _, hr := range helmReleaseDeps { - namespacedName := getNamespacedNameFromMeta(hr.Metadata) - values, err := composeValues(hr, secrets, configMaps) - if err != nil { - return nil, nil, nil, err - } - helmReleaseValues[namespacedName] = values - } - - return gitRepos, helmReleaseDeps, helmReleaseValues, nil -} - -// addBigBangManifests creates the manifests component for deploying Big Bang. -func addBigBangManifests(YOLO bool, manifestDir string, cfg *extensions.BigBang) (v1alpha1.ZarfManifest, error) { - // Create a manifest component that we add to the zarf package for bigbang. - manifest := v1alpha1.ZarfManifest{ - Name: bb, - Namespace: bb, - } - - // Helper function to marshal and write a manifest and add it to the component. - addManifest := func(name string, data any) error { - path := path.Join(manifestDir, name) - out, err := yaml.Marshal(data) - if err != nil { - return err - } - - if err := os.WriteFile(path, out, helpers.ReadWriteUser); err != nil { - return err - } - - manifest.Files = append(manifest.Files, path) - return nil - } - - // Create the GitRepository manifest. - if err := addManifest("bb-ext-gitrepository.yaml", manifestGitRepo(cfg)); err != nil { - return manifest, err - } - - var hrValues []fluxHelmCtrl.ValuesReference - - // If YOLO mode is enabled, do not include the zarf-credentials secret - if !YOLO { - // Create the zarf-credentials secret manifest. - if err := addManifest("bb-ext-zarf-credentials.yaml", manifestZarfCredentials(cfg.Version)); err != nil { - return manifest, err - } - - // Create the list of values manifests starting with zarf-credentials. - hrValues = []fluxHelmCtrl.ValuesReference{{ - Kind: "Secret", - Name: "zarf-credentials", - }} - } - - // Loop through the valuesFrom list and create a manifest for each. - for valuesIdx, valuesFile := range cfg.ValuesFiles { - data, err := manifestValuesFile(valuesIdx, valuesFile) - if err != nil { - return manifest, err - } - - path := fmt.Sprintf("%s.yaml", data.Name) - if err := addManifest(path, data); err != nil { - return manifest, err - } - - // Add it to the list of valuesFrom for the HelmRelease - hrValues = append(hrValues, fluxHelmCtrl.ValuesReference{ - Kind: "Secret", - Name: data.Name, - }) - } - - if err := addManifest("bb-ext-helmrelease.yaml", manifestHelmRelease(hrValues)); err != nil { - return manifest, err - } - - return manifest, nil -} - -// findImagesforBBChartRepo finds and returns the images for the Big Bang chart repo -func findImagesforBBChartRepo(ctx context.Context, repo string, values chartutil.Values) (images []string, err error) { - matches := strings.Split(repo, "@") - if len(matches) < 2 { - return images, fmt.Errorf("cannot convert git repo %s to helm chart without a version tag", repo) - } - - spinner := message.NewProgressSpinner("Discovering images in %s", repo) - defer spinner.Stop() - - gitPath, err := helm.DownloadChartFromGitToTemp(ctx, repo) - if err != nil { - return images, err - } - defer os.RemoveAll(gitPath) - - // Set the directory for the chart - chartPath := filepath.Join(gitPath, "chart") - - images, err = helm.FindAnnotatedImagesForChart(chartPath, values) - if err != nil { - return images, err - } - - spinner.Success() - - return images, err -} diff --git a/src/extensions/bigbang/bigbang_test.go b/src/extensions/bigbang/bigbang_test.go deleted file mode 100644 index 9d17e49831..0000000000 --- a/src/extensions/bigbang/bigbang_test.go +++ /dev/null @@ -1,37 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 -// SPDX-FileCopyrightText: 2021-Present The Zarf Authors - -package bigbang - -import ( - "testing" - - "github.com/stretchr/testify/require" -) - -func TestRequiredBigBangVersions(t *testing.T) { - // Support 1.54.0 and beyond - vv, err := isValidVersion("1.54.0") - require.NoError(t, err) - require.True(t, vv) - - // Do not support earlier than 1.54.0 - vv, err = isValidVersion("1.53.0") - require.NoError(t, err) - require.False(t, vv) - - // Support for Big Bang release candidates - vv, err = isValidVersion("1.57.0-rc.0") - require.NoError(t, err) - require.True(t, vv) - - // Support for Big Bang 2.0.0 - vv, err = isValidVersion("2.0.0") - require.NoError(t, err) - require.True(t, vv) - - // Fail on non-semantic versions - vv, err = isValidVersion("1.57b") - require.EqualError(t, err, "Invalid Semantic Version") - require.False(t, vv) -} diff --git a/src/extensions/bigbang/flux.go b/src/extensions/bigbang/flux.go deleted file mode 100644 index 2acdee4f99..0000000000 --- a/src/extensions/bigbang/flux.go +++ /dev/null @@ -1,180 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 -// SPDX-FileCopyrightText: 2021-Present The Zarf Authors - -// Package bigbang contains the logic for installing Big Bang and Flux -package bigbang - -import ( - "fmt" - "os" - "path" - "path/filepath" - - "github.com/defenseunicorns/pkg/helpers/v2" - fluxHelmCtrl "github.com/fluxcd/helm-controller/api/v2beta1" - "github.com/zarf-dev/zarf/src/api/v1alpha1" - "github.com/zarf-dev/zarf/src/api/v1alpha1/extensions" - "github.com/zarf-dev/zarf/src/internal/packager/kustomize" - "github.com/zarf-dev/zarf/src/pkg/utils" - "helm.sh/helm/v3/pkg/chartutil" - v1 "k8s.io/api/apps/v1" - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - krustytypes "sigs.k8s.io/kustomize/api/types" -) - -// HelmReleaseDependency is a struct that represents a Flux Helm Release from an HR DependsOn list. -type HelmReleaseDependency struct { - Metadata metav1.ObjectMeta - NamespacedDependencies []string - NamespacedSource string - ValuesFrom []fluxHelmCtrl.ValuesReference -} - -// Name returns a namespaced name for the HelmRelease for dependency sorting. -func (h HelmReleaseDependency) Name() string { - return getNamespacedNameFromMeta(h.Metadata) -} - -// Dependencies returns a list of namespaced dependencies for the HelmRelease for dependency sorting. -func (h HelmReleaseDependency) Dependencies() []string { - return h.NamespacedDependencies -} - -// getFlux Creates a component to deploy Flux. -func getFlux(baseDir string, cfg *extensions.BigBang) (manifest v1alpha1.ZarfManifest, images []string, err error) { - localPath := path.Join(baseDir, "bb-ext-flux.yaml") - kustomizePath := path.Join(baseDir, "kustomization.yaml") - - if cfg.Repo == "" { - cfg.Repo = bbRepo - } - - remotePath := fmt.Sprintf("%s//base/flux?ref=%s", cfg.Repo, cfg.Version) - - fluxKustomization := krustytypes.Kustomization{ - Resources: []string{remotePath}, - } - - for _, path := range cfg.FluxPatchFiles { - absFluxPatchPath, _ := filepath.Abs(path) - fluxKustomization.Patches = append(fluxKustomization.Patches, krustytypes.Patch{Path: absFluxPatchPath}) - } - - if err := utils.WriteYaml(kustomizePath, fluxKustomization, helpers.ReadWriteUser); err != nil { - return manifest, images, fmt.Errorf("unable to write kustomization: %w", err) - } - - // Perform Kustomization now to get the flux.yaml file. - if err := kustomize.Build(baseDir, localPath, true); err != nil { - return manifest, images, fmt.Errorf("unable to build kustomization: %w", err) - } - - // Add the flux.yaml file to the component manifests. - manifest = v1alpha1.ZarfManifest{ - Name: "flux-system", - Namespace: "flux-system", - Files: []string{localPath}, - } - - // Read the flux.yaml file to get the images. - if images, err = readFluxImages(localPath); err != nil { - return manifest, images, fmt.Errorf("unable to read flux images: %w", err) - } - - return manifest, images, nil -} - -// readFluxImages finds the images Flux needs to deploy -func readFluxImages(localPath string) (images []string, err error) { - contents, err := os.ReadFile(localPath) - if err != nil { - return images, fmt.Errorf("unable to read flux manifest: %w", err) - } - - // Break the manifest into separate resources. - yamls, _ := utils.SplitYAML(contents) - - // Loop through each resource and find the images. - for _, yaml := range yamls { - // Flux controllers are Deployments. - if yaml.GetKind() == "Deployment" { - deployment := v1.Deployment{} - content := yaml.UnstructuredContent() - - // Convert the unstructured content into a Deployment. - if err := runtime.DefaultUnstructuredConverter.FromUnstructured(content, &deployment); err != nil { - return nil, fmt.Errorf("could not parse deployment: %w", err) - } - - // Get the pod spec. - pod := deployment.Spec.Template.Spec - - // Flux controllers do not have init containers today, but this is future proofing. - for _, container := range pod.InitContainers { - images = append(images, container.Image) - } - - // Add the main containers. - for _, container := range pod.Containers { - images = append(images, container.Image) - } - } - } - - return images, nil -} - -// composeValues composes values from a Flux HelmRelease and Secrets Map -// (loosely based on upstream https://github.com/fluxcd/helm-controller/blob/main/controllers/helmrelease_controller.go#L551) -func composeValues(hr HelmReleaseDependency, secrets map[string]corev1.Secret, configMaps map[string]corev1.ConfigMap) (valuesMap chartutil.Values, err error) { - valuesMap = chartutil.Values{} - - for _, v := range hr.ValuesFrom { - var valuesData string - namespacedName := getNamespacedNameFromStr(hr.Metadata.Namespace, v.Name) - - switch v.Kind { - case "ConfigMap": - cm, ok := configMaps[namespacedName] - if !ok { - return nil, fmt.Errorf("could not find values %s '%s'", v.Kind, namespacedName) - } - - valuesData, ok = cm.Data[v.GetValuesKey()] - if !ok { - return nil, fmt.Errorf("missing key '%s' in %s '%s'", v.GetValuesKey(), v.Kind, namespacedName) - } - case "Secret": - sec, ok := secrets[namespacedName] - if !ok { - return nil, fmt.Errorf("could not find values %s '%s'", v.Kind, namespacedName) - } - - valuesData, ok = sec.StringData[v.GetValuesKey()] - if !ok { - return nil, fmt.Errorf("missing key '%s' in %s '%s'", v.GetValuesKey(), v.Kind, namespacedName) - } - default: - return nil, fmt.Errorf("unsupported ValuesReference kind '%s'", v.Kind) - } - - values, err := chartutil.ReadValues([]byte(valuesData)) - if err != nil { - return nil, fmt.Errorf("unable to read values from key '%s' in %s '%s': %w", v.GetValuesKey(), v.Kind, hr.Name(), err) - } - - valuesMap = helpers.MergeMapRecursive(valuesMap, values) - } - - return valuesMap, nil -} - -func getNamespacedNameFromMeta(o metav1.ObjectMeta) string { - return getNamespacedNameFromStr(o.Namespace, o.Name) -} - -func getNamespacedNameFromStr(namespace, name string) string { - return fmt.Sprintf("%s.%s", namespace, name) -} diff --git a/src/extensions/bigbang/manifests.go b/src/extensions/bigbang/manifests.go deleted file mode 100644 index c10d81390a..0000000000 --- a/src/extensions/bigbang/manifests.go +++ /dev/null @@ -1,195 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 -// SPDX-FileCopyrightText: 2021-Present The Zarf Authors - -// Package bigbang contains the logic for installing Big Bang and Flux -package bigbang - -import ( - "fmt" - "os" - "path/filepath" - "strings" - - "github.com/Masterminds/semver/v3" - fluxHelmCtrl "github.com/fluxcd/helm-controller/api/v2beta1" - fluxSrcCtrl "github.com/fluxcd/source-controller/api/v1" - "github.com/zarf-dev/zarf/src/api/v1alpha1/extensions" - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -const bbV1ZarfCredentialsValues = ` -registryCredentials: - registry: "###ZARF_REGISTRY###" - username: "zarf-pull" - password: "###ZARF_REGISTRY_AUTH_PULL###" -git: - existingSecret: "private-git-server" # -- Chart created secrets with user defined values - credentials: - # -- HTTP git credentials, both username and password must be provided - username: "###ZARF_GIT_PUSH###" - password: "###ZARF_GIT_AUTH_PUSH###" -# -- Big Bang v1 Kyverno Support -kyvernopolicies: - values: - exclude: - any: - - resources: - namespaces: - - zarf # don't have Kyverno prevent Zarf from doing zarf things - ` - -const bbV2ZarfCredentialsValues = ` -registryCredentials: - registry: "###ZARF_REGISTRY###" - username: "zarf-pull" - password: "###ZARF_REGISTRY_AUTH_PULL###" -git: - existingSecret: "private-git-server" # -- Chart created secrets with user defined values - credentials: - # -- HTTP git credentials, both username and password must be provided - username: "###ZARF_GIT_PUSH###" - password: "###ZARF_GIT_AUTH_PUSH###" -# -- Big Bang v2 Kyverno Support -kyvernoPolicies: - values: - exclude: - any: - - resources: - namespaces: - - zarf # don't have Kyverno prevent Zarf from doing zarf things - ` - -func manifestZarfCredentials(version string) corev1.Secret { - values := bbV1ZarfCredentialsValues - - semverVersion, err := semver.NewVersion(version) - if err == nil && semverVersion.Major() == 2 { - values = bbV2ZarfCredentialsValues - } - - return corev1.Secret{ - TypeMeta: metav1.TypeMeta{ - Kind: "Secret", - APIVersion: "v1", - }, - ObjectMeta: metav1.ObjectMeta{ - Namespace: bb, - Name: "zarf-credentials", - }, - StringData: map[string]string{ - "values.yaml": values, - }, - } -} - -// manifestGitRepo generates a GitRepository object for the Big Bang umbrella repo. -func manifestGitRepo(cfg *extensions.BigBang) fluxSrcCtrl.GitRepository { - apiVersion := "source.toolkit.fluxcd.io/v1beta2" - - // Set apiVersion to v1 on BB v2.7.0 or higher falling back to v1beta2 as needed - semverVersion, _ := semver.NewVersion(cfg.Version) - if semverVersion != nil { - c, _ := semver.NewConstraint(">= 2.7.0") - if c != nil { - updateFlux, _ := c.Validate(semverVersion) - if updateFlux && !cfg.SkipFlux { - apiVersion = "source.toolkit.fluxcd.io/v1" - } - } - } - - return fluxSrcCtrl.GitRepository{ - TypeMeta: metav1.TypeMeta{ - Kind: fluxSrcCtrl.GitRepositoryKind, - APIVersion: apiVersion, - }, - ObjectMeta: metav1.ObjectMeta{ - Name: bb, - Namespace: bb, - }, - Spec: fluxSrcCtrl.GitRepositorySpec{ - URL: cfg.Repo, - Interval: tenMins, - Reference: &fluxSrcCtrl.GitRepositoryRef{ - Tag: cfg.Version, - }, - }, - } -} - -// manifestValuesFile generates a Secret object for the Big Bang umbrella repo. -func manifestValuesFile(idx int, path string) (secret corev1.Secret, err error) { - // Read the file from the path. - file, err := os.ReadFile(path) - if err != nil { - return secret, err - } - - // Get the base file name for this file. - baseName := filepath.Base(path) - - // Define the name as the file name without the extension. - baseName = strings.TrimSuffix(baseName, filepath.Ext(baseName)) - - // Add the name prefix. - name := fmt.Sprintf("bb-usr-vals-%d-%s", idx, baseName) - - // Create a secret with the file contents. - secret = corev1.Secret{ - TypeMeta: metav1.TypeMeta{ - Kind: "Secret", - APIVersion: "v1", - }, - ObjectMeta: metav1.ObjectMeta{ - Namespace: bb, - Name: name, - }, - StringData: map[string]string{ - "values.yaml": string(file), - }, - } - - return secret, nil -} - -// manifestHelmRelease generates a HelmRelease object for the Big Bang umbrella repo. -func manifestHelmRelease(values []fluxHelmCtrl.ValuesReference) fluxHelmCtrl.HelmRelease { - return fluxHelmCtrl.HelmRelease{ - TypeMeta: metav1.TypeMeta{ - Kind: fluxHelmCtrl.HelmReleaseKind, - APIVersion: "helm.toolkit.fluxcd.io/v2beta1", - }, - ObjectMeta: metav1.ObjectMeta{ - Name: bb, - Namespace: bb, - }, - Spec: fluxHelmCtrl.HelmReleaseSpec{ - Timeout: &tenMins, - Chart: &fluxHelmCtrl.HelmChartTemplate{ - Spec: fluxHelmCtrl.HelmChartTemplateSpec{ - Chart: "./chart", - SourceRef: fluxHelmCtrl.CrossNamespaceObjectReference{ - Kind: fluxSrcCtrl.GitRepositoryKind, - Name: bb, - }, - }, - }, - Install: &fluxHelmCtrl.Install{ - Remediation: &fluxHelmCtrl.InstallRemediation{ - Retries: -1, - }, - }, - Upgrade: &fluxHelmCtrl.Upgrade{ - Remediation: &fluxHelmCtrl.UpgradeRemediation{ - Retries: 5, - }, - CleanupOnFail: true, - }, - Rollback: &fluxHelmCtrl.Rollback{ - CleanupOnFail: true, - }, - ValuesFrom: values, - }, - } -} diff --git a/src/extensions/bigbang/test/bigbang_test.go b/src/extensions/bigbang/test/bigbang_test.go deleted file mode 100644 index 16bf87bdbc..0000000000 --- a/src/extensions/bigbang/test/bigbang_test.go +++ /dev/null @@ -1,200 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 -// SPDX-FileCopyrightText: 2021-Present The Zarf Authors - -package main - -import ( - "context" - "encoding/json" - "fmt" - "io" - "net/http" - "os" - "regexp" - "strings" - "testing" - - "github.com/stretchr/testify/require" - "github.com/zarf-dev/zarf/src/pkg/cluster" - "github.com/zarf-dev/zarf/src/pkg/utils/exec" - test "github.com/zarf-dev/zarf/src/test" -) - -// The Big Bang project ID on Repo1 -const bbProjID = "2872" - -var ( - zarf string - previous string - latest string -) - -func TestMain(m *testing.M) { - var err error - - // Change to the build dir - if err := os.Chdir("../../../../build/"); err != nil { - panic(err) - } - - // Get the latest and previous releases - latest, previous, err = getReleases() - if err != nil { - panic(err) - } - - // Get the Zarf CLI path - zarf = fmt.Sprintf("./%s", test.GetCLIName()) - - // Run the tests - os.Exit(m.Run()) -} - -func TestReleases(t *testing.T) { - CIMount := "/mnt/zarf-tmp" - tmpdir := fmt.Sprintf("--tmpdir=%s", t.TempDir()) - zarfCache := "" - // If we are in CI set the temporary directory to /mnt/zarf-tmp to reduce disk pressure - if os.Getenv("CI") == "true" { - tmpdir = fmt.Sprintf("--tmpdir=%s", CIMount) - zarfCache = fmt.Sprintf("--zarf-cache=%s", CIMount) - } - - ctx := context.Background() - - // Initialize the cluster with the Git server and AMD64 architecture - arch := "amd64" - stdOut, stdErr, err := zarfExec(ctx, "init", "--components", "git-server", "--architecture", arch, tmpdir, "--confirm", zarfCache) - require.NoError(t, err, stdOut, stdErr) - - // Remove the init package to free up disk space on the test runner - err = os.RemoveAll(fmt.Sprintf("zarf-init-%s-%s.tar.zst", arch, getZarfVersion(ctx, t))) - require.NoError(t, err) - - // Build the previous version - bbVersion := fmt.Sprintf("--set=BB_VERSION=%s", previous) - bbMajor := fmt.Sprintf("--set=BB_MAJOR=%s", previous[0:1]) - stdOut, stdErr, err = zarfExec(ctx, "package", "create", "../src/extensions/bigbang/test/package", bbVersion, bbMajor, tmpdir, "--confirm") - require.NoError(t, err, stdOut, stdErr) - - // Clean up zarf cache to reduce disk pressure - stdOut, stdErr, err = zarfExec(ctx, "tools", "clear-cache") - require.NoError(t, err, stdOut, stdErr) - - // Deploy the previous version - pkgPath := fmt.Sprintf("zarf-package-big-bang-test-%s-%s.tar.zst", arch, previous) - stdOut, stdErr, err = zarfExec(ctx, "package", "deploy", pkgPath, tmpdir, "--confirm") - require.NoError(t, err, stdOut, stdErr) - - // HACK: scale down the flux deployments due to very-low CPU in the test runner - fluxControllers := []string{"helm-controller", "source-controller", "kustomize-controller", "notification-controller"} - for _, deployment := range fluxControllers { - stdOut, stdErr, err = zarfExec(ctx, "tools", "kubectl", "-n", "flux-system", "scale", "deployment", deployment, "--replicas=0") - require.NoError(t, err, stdOut, stdErr) - } - - // Cluster info - stdOut, stdErr, err = zarfExec(ctx, "tools", "kubectl", "describe", "nodes") - require.NoError(t, err, stdOut, stdErr) - - // Build the latest version - bbVersion = fmt.Sprintf("--set=BB_VERSION=%s", latest) - bbMajor = fmt.Sprintf("--set=BB_MAJOR=%s", latest[0:1]) - stdOut, stdErr, err = zarfExec(ctx, "package", "create", "../src/extensions/bigbang/test/package", bbVersion, bbMajor, "--differential", pkgPath, tmpdir, "--confirm") - require.NoError(t, err, stdOut, stdErr) - - // Remove the previous version package - err = os.RemoveAll(pkgPath) - require.NoError(t, err) - - // Clean up zarf cache to reduce disk pressure - stdOut, stdErr, err = zarfExec(ctx, "tools", "clear-cache") - require.NoError(t, err, stdOut, stdErr) - - // Deploy the latest version - pkgPath = fmt.Sprintf("zarf-package-big-bang-test-%s-%s-differential-%s.tar.zst", arch, previous, latest) - stdOut, stdErr, err = zarfExec(ctx, "package", "deploy", pkgPath, tmpdir, "--confirm") - require.NoError(t, err, stdOut, stdErr) - - // Cluster info - stdOut, stdErr, err = zarfExec(ctx, "tools", "kubectl", "describe", "nodes") - require.NoError(t, err, stdOut, stdErr) - - // Test connectivity to Twistlock - testConnection(ctx, t) -} - -func testConnection(ctx context.Context, t *testing.T) { - // Establish the tunnel config - c, err := cluster.NewCluster() - require.NoError(t, err) - tunnel, err := c.NewTunnel("twistlock", "svc", "twistlock-console", "", 0, 8081) - require.NoError(t, err) - - // Establish the tunnel connection - _, err = tunnel.Connect(ctx) - require.NoError(t, err) - defer tunnel.Close() - - // Test the connection - resp, err := http.Get(tunnel.HTTPEndpoint()) - require.NoError(t, err) - require.Equal(t, 200, resp.StatusCode) -} - -func zarfExec(ctx context.Context, args ...string) (string, string, error) { - return exec.CmdWithContext(ctx, exec.PrintCfg(), zarf, args...) -} - -// getZarfVersion returns the current build/zarf version -func getZarfVersion(ctx context.Context, t *testing.T) string { - // Get the version of the CLI - stdOut, stdErr, err := zarfExec(ctx, "version") - require.NoError(t, err, stdOut, stdErr) - return strings.Trim(stdOut, "\n") -} - -func getReleases() (latest, previous string, err error) { - // Create the URL for the API endpoint - url := fmt.Sprintf("https://repo1.dso.mil/api/v4/projects/%s/repository/tags", bbProjID) - - // Send an HTTP GET request to the API endpoint - resp, err := http.Get(url) - if err != nil { - return latest, previous, err - } - defer resp.Body.Close() - - // Read the response body - body, err := io.ReadAll(resp.Body) - if err != nil { - return latest, previous, err - } - - // Parse the response body as a JSON array of objects - var data []map[string]interface{} - err = json.Unmarshal(body, &data) - if err != nil { - return latest, previous, err - } - - // Compile the regular expression for filtering tags that don't contain a hyphen - re := regexp.MustCompile("^[^-]+$") - - // Create a slice to store the tag names that match the regular expression - var releases []string - - // Iterate over the tags returned by the API, and filter out tags that don't match the regular expression - for _, tag := range data { - name, ok := tag["name"].(string) - if !ok { - return "", "", fmt.Errorf("name key is not of type string") - } - if re.MatchString(name) { - releases = append(releases, name) - } - } - - // Set the latest and previous release variables to the first two releases - return releases[0], releases[1], nil -} diff --git a/src/extensions/bigbang/test/package/disable-all-bb1.yaml b/src/extensions/bigbang/test/package/disable-all-bb1.yaml deleted file mode 100644 index c51a3d1095..0000000000 --- a/src/extensions/bigbang/test/package/disable-all-bb1.yaml +++ /dev/null @@ -1,58 +0,0 @@ -# Disable everything -istio: - enabled: false - -istiooperator: - enabled: false - -jaeger: - enabled: false - -kiali: - enabled: false - -clusterAuditor: - enabled: false - -gatekeeper: - enabled: false - -kyverno: - enabled: false - -kyvernopolicies: - enabled: false - -kyvernoreporter: - enabled: false - -logging: - enabled: false - -eckoperator: - enabled: false - -fluentbit: - enabled: false - -promtail: - enabled: false - -loki: - enabled: false - -neuvector: - enabled: false - -tempo: - enabled: false - -monitoring: - enabled: false - -twistlock: - enabled: false - -addons: - metricsServer: - enabled: false diff --git a/src/extensions/bigbang/test/package/disable-all-bb2.yaml b/src/extensions/bigbang/test/package/disable-all-bb2.yaml deleted file mode 100644 index b8776699bc..0000000000 --- a/src/extensions/bigbang/test/package/disable-all-bb2.yaml +++ /dev/null @@ -1,61 +0,0 @@ -# Disable everything -istio: - enabled: false - -istioOperator: - enabled: false - -jaeger: - enabled: false - -kiali: - enabled: false - -clusterAuditor: - enabled: false - -gatekeeper: - enabled: false - -kyverno: - enabled: false - -kyvernoPolicies: - enabled: false - -kyvernoReporter: - enabled: false - -elasticsearchKibana: - enabled: false - -eckOperator: - enabled: false - -fluentbit: - enabled: false - -promtail: - enabled: false - -loki: - enabled: false - -neuvector: - enabled: false - -tempo: - enabled: false - -monitoring: - enabled: false - -twistlock: - enabled: false - -grafana: - enabled: false - -addons: - metricsServer: - enabled: false diff --git a/src/extensions/bigbang/test/package/enable-twistlock.yaml b/src/extensions/bigbang/test/package/enable-twistlock.yaml deleted file mode 100644 index da002df723..0000000000 --- a/src/extensions/bigbang/test/package/enable-twistlock.yaml +++ /dev/null @@ -1,9 +0,0 @@ -twistlock: - enabled: true - # Disable init so github runners don't suffocate without enough CPU - values: - init: - enabled: false - - console: - volumeUpgrade: false diff --git a/src/extensions/bigbang/test/package/flux-overrides-helm-controller.yaml b/src/extensions/bigbang/test/package/flux-overrides-helm-controller.yaml deleted file mode 100644 index d5e68feaee..0000000000 --- a/src/extensions/bigbang/test/package/flux-overrides-helm-controller.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: helm-controller - namespace: flux-system -spec: - template: - spec: - containers: - - name: manager - resources: - limits: - cpu: 200m - memory: 256Mi - requests: - cpu: 100m - memory: 64Mi diff --git a/src/extensions/bigbang/test/package/flux-overrides-kustomize-controller.yaml b/src/extensions/bigbang/test/package/flux-overrides-kustomize-controller.yaml deleted file mode 100644 index 22e1d7d16b..0000000000 --- a/src/extensions/bigbang/test/package/flux-overrides-kustomize-controller.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: kustomize-controller - namespace: flux-system -spec: - template: - spec: - containers: - - name: manager - resources: - limits: - cpu: 200m - memory: 256Mi - requests: - cpu: 100m - memory: 64Mi diff --git a/src/extensions/bigbang/test/package/flux-overrides-notification-controller.yaml b/src/extensions/bigbang/test/package/flux-overrides-notification-controller.yaml deleted file mode 100644 index a2476b01d2..0000000000 --- a/src/extensions/bigbang/test/package/flux-overrides-notification-controller.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: notification-controller - namespace: flux-system -spec: - template: - spec: - containers: - - name: manager - resources: - limits: - cpu: 200m - memory: 256Mi - requests: - cpu: 100m - memory: 64Mi diff --git a/src/extensions/bigbang/test/package/flux-overrides-source-controller.yaml b/src/extensions/bigbang/test/package/flux-overrides-source-controller.yaml deleted file mode 100644 index 292492775a..0000000000 --- a/src/extensions/bigbang/test/package/flux-overrides-source-controller.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: source-controller - namespace: flux-system -spec: - template: - spec: - containers: - - name: manager - resources: - limits: - cpu: 100m - memory: 256Mi - requests: - cpu: 50m - memory: 64Mi diff --git a/src/extensions/bigbang/test/package/zarf.yaml b/src/extensions/bigbang/test/package/zarf.yaml deleted file mode 100644 index 426fed8f54..0000000000 --- a/src/extensions/bigbang/test/package/zarf.yaml +++ /dev/null @@ -1,33 +0,0 @@ -kind: ZarfPackageConfig -metadata: - name: big-bang-test - description: Deploy Big Bang Core - version: "###ZARF_PKG_TMPL_BB_VERSION###" - url: https://p1.dso.mil/products/big-bang - # Big Bang / Iron Bank are only amd64 - architecture: amd64 - -variables: - - name: DOMAIN - default: bigbang.dev - prompt: false - -components: - - name: bigbang - required: true - extensions: - bigbang: - version: "###ZARF_PKG_TMPL_BB_VERSION###" - fluxPatchFiles: - - flux-overrides-helm-controller.yaml - - flux-overrides-source-controller.yaml - - flux-overrides-kustomize-controller.yaml - - flux-overrides-notification-controller.yaml - valuesFiles: - - disable-all-bb###ZARF_PKG_TMPL_BB_MAJOR###.yaml - - enable-twistlock.yaml - actions: - onDeploy: - onFailure: - - cmd: ./zarf tools kubectl describe nodes - - cmd: ./zarf tools kubectl describe pods -A diff --git a/src/pkg/packager/composer/list.go b/src/pkg/packager/composer/list.go index b021355739..65d9a3209b 100644 --- a/src/pkg/packager/composer/list.go +++ b/src/pkg/packager/composer/list.go @@ -13,7 +13,6 @@ import ( "github.com/defenseunicorns/pkg/helpers/v2" "github.com/zarf-dev/zarf/src/api/v1alpha1" - "github.com/zarf-dev/zarf/src/extensions/bigbang" "github.com/zarf-dev/zarf/src/pkg/layout" "github.com/zarf-dev/zarf/src/pkg/packager/deprecated" "github.com/zarf-dev/zarf/src/pkg/utils" @@ -339,8 +338,6 @@ func (ic *ImportChain) Compose(ctx context.Context) (composed *v1alpha1.ZarfComp overrideActions(composed, node.ZarfComponent) composed.HealthChecks = append(composed.HealthChecks, node.ZarfComponent.HealthChecks...) - bigbang.Compose(composed, node.ZarfComponent, node.relativeToHead) - node = node.prev } diff --git a/src/pkg/packager/composer/list_test.go b/src/pkg/packager/composer/list_test.go index a64de955e0..238aa77cec 100644 --- a/src/pkg/packager/composer/list_test.go +++ b/src/pkg/packager/composer/list_test.go @@ -14,7 +14,6 @@ import ( "github.com/stretchr/testify/require" "github.com/zarf-dev/zarf/src/api/v1alpha1" - "github.com/zarf-dev/zarf/src/api/v1alpha1/extensions" ) func TestNewImportChain(t *testing.T) { @@ -280,21 +279,6 @@ func TestCompose(t *testing.T) { }, }, }, - // Extensions should be appended with corrected directories - Extensions: extensions.ZarfComponentExtensions{ - BigBang: &extensions.BigBang{ - ValuesFiles: []string{ - fmt.Sprintf("%s%svalues.yaml", finalDirectory, string(os.PathSeparator)), - fmt.Sprintf("%s%svalues.yaml", firstDirectory, string(os.PathSeparator)), - "values.yaml", - }, - FluxPatchFiles: []string{ - fmt.Sprintf("%s%spatch.yaml", finalDirectory, string(os.PathSeparator)), - fmt.Sprintf("%s%spatch.yaml", firstDirectory, string(os.PathSeparator)), - "patch.yaml", - }, - }, - }, }, }, } @@ -599,16 +583,6 @@ func createDummyComponent(t *testing.T, name, importDir, subName string) v1alpha }, }, }, - Extensions: extensions.ZarfComponentExtensions{ - BigBang: &extensions.BigBang{ - ValuesFiles: []string{ - "values.yaml", - }, - FluxPatchFiles: []string{ - "patch.yaml", - }, - }, - }, } } diff --git a/src/pkg/packager/creator/normal.go b/src/pkg/packager/creator/normal.go index 4c71ec9ac7..9b2c8ab372 100644 --- a/src/pkg/packager/creator/normal.go +++ b/src/pkg/packager/creator/normal.go @@ -21,7 +21,6 @@ import ( "github.com/zarf-dev/zarf/src/api/v1alpha1" "github.com/zarf-dev/zarf/src/config" "github.com/zarf-dev/zarf/src/config/lang" - "github.com/zarf-dev/zarf/src/extensions/bigbang" "github.com/zarf-dev/zarf/src/internal/git" "github.com/zarf-dev/zarf/src/internal/packager/helm" "github.com/zarf-dev/zarf/src/internal/packager/images" @@ -85,12 +84,6 @@ func (pc *PackageCreator) LoadPackageDefinition(ctx context.Context, src *layout warnings = append(warnings, templateWarnings...) - // After templates are filled process any create extensions - pkg.Components, err = pc.processExtensions(ctx, pkg.Components, src, pkg.Metadata.YOLO) - if err != nil { - return v1alpha1.ZarfPackage{}, nil, err - } - // If we are creating a differential package, remove duplicate images and repos. if pc.createOpts.DifferentialPackagePath != "" { pkg.Build.Differential = true @@ -333,27 +326,6 @@ func (pc *PackageCreator) Output(ctx context.Context, dst *layout.PackagePaths, return nil } -func (pc *PackageCreator) processExtensions(ctx context.Context, components []v1alpha1.ZarfComponent, layout *layout.PackagePaths, isYOLO bool) (processedComponents []v1alpha1.ZarfComponent, err error) { - // Create component paths and process extensions for each component. - for _, c := range components { - componentPaths, err := layout.Components.Create(c) - if err != nil { - return nil, err - } - - // Big Bang - if c.Extensions.BigBang != nil { - if c, err = bigbang.Run(ctx, isYOLO, componentPaths, c); err != nil { - return nil, fmt.Errorf("unable to process bigbang extension: %w", err) - } - } - - processedComponents = append(processedComponents, c) - } - - return processedComponents, nil -} - func (pc *PackageCreator) addComponent(ctx context.Context, component v1alpha1.ZarfComponent, dst *layout.PackagePaths) error { message.HeaderInfof("📦 %s COMPONENT", strings.ToUpper(component.Name)) diff --git a/src/pkg/packager/creator/skeleton.go b/src/pkg/packager/creator/skeleton.go index 648fb562b3..8d1acbdf34 100644 --- a/src/pkg/packager/creator/skeleton.go +++ b/src/pkg/packager/creator/skeleton.go @@ -17,7 +17,6 @@ import ( "github.com/zarf-dev/zarf/src/api/v1alpha1" "github.com/zarf-dev/zarf/src/config" "github.com/zarf-dev/zarf/src/config/lang" - "github.com/zarf-dev/zarf/src/extensions/bigbang" "github.com/zarf-dev/zarf/src/internal/packager/helm" "github.com/zarf-dev/zarf/src/internal/packager/kustomize" "github.com/zarf-dev/zarf/src/pkg/layout" @@ -62,11 +61,6 @@ func (sc *SkeletonCreator) LoadPackageDefinition(ctx context.Context, src *layou warnings = append(warnings, composeWarnings...) - pkg.Components, err = sc.processExtensions(pkg.Components, src) - if err != nil { - return v1alpha1.ZarfPackage{}, nil, err - } - for _, warning := range warnings { message.Warn(warning) } @@ -126,27 +120,6 @@ func (sc *SkeletonCreator) Output(_ context.Context, dst *layout.PackagePaths, p return dst.SignPackage(sc.publishOpts.SigningKeyPath, sc.publishOpts.SigningKeyPassword, !config.CommonOptions.Confirm) } -func (sc *SkeletonCreator) processExtensions(components []v1alpha1.ZarfComponent, layout *layout.PackagePaths) (processedComponents []v1alpha1.ZarfComponent, err error) { - // Create component paths and process extensions for each component. - for _, c := range components { - componentPaths, err := layout.Components.Create(c) - if err != nil { - return nil, err - } - - // Big Bang - if c.Extensions.BigBang != nil { - if c, err = bigbang.Skeletonize(componentPaths, c); err != nil { - return nil, fmt.Errorf("unable to process bigbang extension: %w", err) - } - } - - processedComponents = append(processedComponents, c) - } - - return processedComponents, nil -} - func (sc *SkeletonCreator) addComponent(component v1alpha1.ZarfComponent, dst *layout.PackagePaths) (updatedComponent *v1alpha1.ZarfComponent, err error) { message.HeaderInfof("📦 %s COMPONENT", strings.ToUpper(component.Name)) diff --git a/src/pkg/utils/sort.go b/src/pkg/utils/sort.go deleted file mode 100644 index 6fd625c96d..0000000000 --- a/src/pkg/utils/sort.go +++ /dev/null @@ -1,81 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 -// SPDX-FileCopyrightText: 2021-Present The Zarf Authors - -// Package utils provides generic utility functions. -package utils - -import "fmt" - -// Dependency is an interface that represents a node in a list of dependencies. -type Dependency interface { - Name() string - Dependencies() []string -} - -// SortDependencies performs a topological sort on a dependency graph and -// returns a slice of the nodes in order of their precedence. -// The input data is a map of nodes to a slice of its dependencies. -// -// E.g: -// A depends on B & C, B depends on C and C has no dependencies: -// {"A": ["B", "C"], "B": ["C"], "C": []string{}} -// -// Note sort order is dependent on the slice order of the input data for -// nodes with the same in-degree (i.e. the same number of dependencies). -func SortDependencies(data []Dependency) ([]string, error) { - // Initialize the in-degree and out-degree maps. - inDegree := make(map[string]int) - outDegree := make(map[string][]string) - - // Populate the in-degree and out-degree maps. - for _, d := range data { - outDegree[d.Name()] = d.Dependencies() - inDegree[d.Name()] = 0 - } - for _, deps := range data { - for _, d := range deps.Dependencies() { - inDegree[d]++ - } - } - - // Initialize the queue and the result list. - queue := make([]string, 0) - result := make([]string, 0) - - // Enqueue all nodes with zero in-degree. - for _, d := range data { - if inDegree[d.Name()] == 0 { - queue = append(queue, d.Name()) - } - } - - // Process the queue. - for len(queue) > 0 { - // Dequeue a node from the queue. - node := queue[0] - queue = queue[1:] - - // Add the node to the result list. - result = append([]string{node}, result...) - - // Decrement the in-degree of all outgoing neighbors. - for _, neighbor := range outDegree[node] { - inDegree[neighbor]-- - // If the neighbor has zero in-degree, enqueue it. - if inDegree[neighbor] == 0 { - queue = append(queue, neighbor) - } - } - } - - // If there are still nodes with non-zero in-degree, there is a cycle in the graph. - // Return an empty result list to indicate this. - for _, degree := range inDegree { - if degree > 0 { - return result, fmt.Errorf("dependency cycle detected") - } - } - - // Return the result list. - return result, nil -} diff --git a/src/pkg/utils/sort_test.go b/src/pkg/utils/sort_test.go deleted file mode 100644 index beee3e160b..0000000000 --- a/src/pkg/utils/sort_test.go +++ /dev/null @@ -1,174 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 -// SPDX-FileCopyrightText: 2021-Present The Zarf Authors - -// Package utils provides generic utility functions. -package utils - -import ( - "testing" - - "github.com/stretchr/testify/require" -) - -type TestDependency struct { - name string - dependencies []string -} - -func (t TestDependency) Name() string { - return t.name -} - -func (t TestDependency) Dependencies() []string { - return t.dependencies -} - -func TestSortDependencies(t *testing.T) { - tests := []struct { - name string - data []TestDependency // input data: a map of nodes to their dependencies - expected []string // expected output: a slice of nodes in order of their precedence - success bool // whether the test should succeed or fail - }{ - { - name: "simple graph", - data: []TestDependency{ - { - name: "A", - dependencies: []string{"B", "C"}, - }, - { - name: "B", - dependencies: []string{"C"}, - }, - { - name: "C", - }, - }, - // C has no dependencies, B depends on C, and A depends on both B and C - expected: []string{"C", "B", "A"}, - success: true, - }, - { - name: "complex graph", - data: []TestDependency{ - { - name: "A", - dependencies: []string{"B", "C", "D"}, - }, - { - name: "B", - dependencies: []string{"C", "D", "E"}, - }, - { - name: "C", - dependencies: []string{"E"}, - }, - { - name: "D", - dependencies: []string{"E"}, - }, - { - name: "E", - }, - }, - expected: []string{"E", "D", "C", "B", "A"}, - success: true, - }, - { - name: "graph with multiple roots", - data: []TestDependency{ - { - name: "A", - }, - { - name: "B", - }, - { - name: "C", - dependencies: []string{"A", "B"}, - }, - { - name: "D", - dependencies: []string{"C", "E"}, - }, - { - name: "E", - dependencies: []string{"F"}, - }, - { - name: "F", - }, - }, - expected: []string{"F", "B", "A", "E", "C", "D"}, - success: true, - }, - { - name: "graph with multiple sinks", - data: []TestDependency{ - { - name: "A", - dependencies: []string{"B"}, - }, - { - name: "B", - dependencies: []string{"C"}, - }, - { - name: "C", - }, - { - name: "D", - dependencies: []string{"E"}, - }, - { - name: "E", - dependencies: []string{"F"}, - }, - { - name: "F", - }, - { - name: "G", - }, - }, - expected: []string{"F", "C", "E", "B", "G", "D", "A"}, - success: true, - }, - { - name: "graph with circular dependencies", - data: []TestDependency{ - { - name: "A", - dependencies: []string{"B"}, - }, - { - name: "B", - dependencies: []string{"C"}, - }, - { - name: "C", - dependencies: []string{"A"}, - }, - }, - expected: []string{}, - success: false, - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - deps := make([]Dependency, len(tt.data)) - for i := range tt.data { - deps[i] = tt.data[i] - } - result, err := SortDependencies(deps) - if tt.success { - require.NoError(t, err) - } else { - require.Error(t, err) - } - require.Equal(t, tt.expected, result) - }) - } -} diff --git a/src/test/e2e/14_oci_compose_test.go b/src/test/e2e/14_oci_compose_test.go index 6dfbe1f45c..e186a6e076 100644 --- a/src/test/e2e/14_oci_compose_test.go +++ b/src/test/e2e/14_oci_compose_test.go @@ -69,11 +69,6 @@ func (suite *PublishCopySkeletonSuite) Test_0_Publish_Skeletons() { suite.NoError(err) suite.Contains(stdErr, "Published "+ref) - bigBang := filepath.Join("src", "test", "packages", "14-import-everything", "big-bang-min") - _, stdErr, err = e2e.Zarf(suite.T(), "package", "publish", bigBang, "oci://"+ref, "--plain-http") - suite.NoError(err) - suite.Contains(stdErr, "Published "+ref) - composable := filepath.Join("src", "test", "packages", "09-composable-packages") _, stdErr, err = e2e.Zarf(suite.T(), "package", "publish", composable, "oci://"+ref, "--plain-http") suite.NoError(err) @@ -92,9 +87,6 @@ func (suite *PublishCopySkeletonSuite) Test_0_Publish_Skeletons() { _, _, err = e2e.Zarf(suite.T(), "package", "pull", "oci://"+ref+"/helm-charts:0.0.1", "-o", "build", "--plain-http", "-a", "skeleton") suite.NoError(err) - _, _, err = e2e.Zarf(suite.T(), "package", "pull", "oci://"+ref+"/big-bang-min:2.10.0", "-o", "build", "--plain-http", "-a", "skeleton") - suite.NoError(err) - _, _, err = e2e.Zarf(suite.T(), "package", "pull", "oci://"+ref+"/test-compose-package:0.0.1", "-o", "build", "--plain-http", "-a", "skeleton") suite.NoError(err) } @@ -114,7 +106,6 @@ func (suite *PublishCopySkeletonSuite) Test_1_Compose_Everything_Inception() { targets := []string{ "import-component-local == import-component-local", "import-component-oci == import-component-oci", - "import-big-bang == import-big-bang", "file-imports == file-imports", "local-chart-import == local-chart-import", } @@ -132,7 +123,6 @@ func (suite *PublishCopySkeletonSuite) Test_2_FilePaths() { filepath.Join("build", "zarf-package-import-everything-skeleton-0.0.1.tar.zst"), filepath.Join("build", fmt.Sprintf("zarf-package-importception-%s-0.0.1.tar.zst", e2e.Arch)), filepath.Join("build", "zarf-package-helm-charts-skeleton-0.0.1.tar.zst"), - filepath.Join("build", "zarf-package-big-bang-min-skeleton-2.10.0.tar.zst"), filepath.Join("build", "zarf-package-test-compose-package-skeleton-0.0.1.tar.zst"), } @@ -268,12 +258,6 @@ func (suite *PublishCopySkeletonSuite) verifyComponentPaths(unpackedPath string, suite.FileExists(filepath.Join(base, component.DeprecatedCosignKeyPath)) } - if isSkeleton && component.Extensions.BigBang != nil { - for _, valuesFile := range component.Extensions.BigBang.ValuesFiles { - suite.FileExists(filepath.Join(base, valuesFile)) - } - } - for chartIdx, chart := range component.Charts { if isSkeleton && chart.URL != "" { continue diff --git a/src/test/packages/14-import-everything/big-bang-min/flux-overrides-helm-controller.yaml b/src/test/packages/14-import-everything/big-bang-min/flux-overrides-helm-controller.yaml deleted file mode 100644 index d5e68feaee..0000000000 --- a/src/test/packages/14-import-everything/big-bang-min/flux-overrides-helm-controller.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: helm-controller - namespace: flux-system -spec: - template: - spec: - containers: - - name: manager - resources: - limits: - cpu: 200m - memory: 256Mi - requests: - cpu: 100m - memory: 64Mi diff --git a/src/test/packages/14-import-everything/big-bang-min/zarf.yaml b/src/test/packages/14-import-everything/big-bang-min/zarf.yaml deleted file mode 100644 index 6fd483c848..0000000000 --- a/src/test/packages/14-import-everything/big-bang-min/zarf.yaml +++ /dev/null @@ -1,26 +0,0 @@ -kind: ZarfPackageConfig -metadata: - name: big-bang-min - description: A minimal Big Bang package for use in testing - version: 2.10.0 - url: https://p1.dso.mil/products/big-bang - # Big Bang / Iron Bank are only amd64 - architecture: amd64 - -variables: - - name: DOMAIN - default: bigbang.dev - prompt: false - -components: - - name: bigbang - required: true - extensions: - bigbang: - repo: https://github.com/DoD-Platform-One/big-bang.git - version: 2.10.0 - skipFlux: true - fluxPatchFiles: - - flux-overrides-helm-controller.yaml - valuesFiles: - - ../../../../extensions/bigbang/test/package/disable-all-bb2.yaml diff --git a/src/test/packages/14-import-everything/inception/zarf.yaml b/src/test/packages/14-import-everything/inception/zarf.yaml index c137443618..6721fbd109 100644 --- a/src/test/packages/14-import-everything/inception/zarf.yaml +++ b/src/test/packages/14-import-everything/inception/zarf.yaml @@ -15,11 +15,6 @@ components: import: url: oci://localhost:31888/import-everything:0.0.1 - - name: import-big-bang - required: true - import: - url: oci://localhost:31888/import-everything:0.0.1 - - name: file-imports required: true import: diff --git a/src/test/packages/14-import-everything/zarf.yaml b/src/test/packages/14-import-everything/zarf.yaml index 546c1a873a..5a096ae3db 100644 --- a/src/test/packages/14-import-everything/zarf.yaml +++ b/src/test/packages/14-import-everything/zarf.yaml @@ -21,14 +21,6 @@ components: name: import-component-oci path: oci-import - # Test big bang extension files - - name: import-big-bang - description: "import-big-bang == ###ZARF_COMPONENT_NAME###" - required: false - import: - name: bigbang - url: oci://localhost:31888/big-bang-min:2.10.0 - # Test file imports including cosignKeyPath - name: file-imports description: "file-imports == ###ZARF_COMPONENT_NAME###" diff --git a/zarf.schema.json b/zarf.schema.json index d5067e42ad..67094c0f38 100644 --- a/zarf.schema.json +++ b/zarf.schema.json @@ -2,45 +2,6 @@ "$schema": "https://json-schema.org/draft/2020-12/schema", "$id": "https://github.com/zarf-dev/zarf/src/api/v1alpha1/zarf-package", "$defs": { - "BigBang": { - "properties": { - "version": { - "type": "string", - "description": "The version of Big Bang to use." - }, - "repo": { - "type": "string", - "description": "Override repo to pull Big Bang from instead of Repo One." - }, - "valuesFiles": { - "items": { - "type": "string" - }, - "type": "array", - "description": "The list of values files to pass to Big Bang; these will be merged together." - }, - "skipFlux": { - "type": "boolean", - "description": "Whether to skip deploying flux; Defaults to false." - }, - "fluxPatchFiles": { - "items": { - "type": "string" - }, - "type": "array", - "description": "Optional paths to Flux kustomize strategic merge patch files." - } - }, - "additionalProperties": false, - "type": "object", - "required": [ - "version" - ], - "description": "BigBang holds the configuration for the Big Bang extension.", - "patternProperties": { - "^x-": {} - } - }, "Constant": { "properties": { "name": { @@ -533,10 +494,6 @@ "type": "array", "description": "List of git repos to include in the package." }, - "extensions": { - "$ref": "#/$defs/ZarfComponentExtensions", - "description": "Extend component functionality with additional features." - }, "scripts": { "$ref": "#/$defs/DeprecatedZarfComponentScripts", "description": "[Deprecated] (replaced by actions) Custom commands to run before or after package deployment. This will be removed in Zarf v1.0.0." @@ -824,20 +781,6 @@ "^x-": {} } }, - "ZarfComponentExtensions": { - "properties": { - "bigbang": { - "$ref": "#/$defs/BigBang", - "description": "Configurations for installing Big Bang and Flux in the cluster." - } - }, - "additionalProperties": false, - "type": "object", - "description": "ZarfComponentExtensions is a struct that contains all the official extensions.", - "patternProperties": { - "^x-": {} - } - }, "ZarfComponentImport": { "properties": { "name": { From 28c296b55a1bb7401e85e14ea7c29f8eca99a032 Mon Sep 17 00:00:00 2001 From: Kit Patella Date: Wed, 2 Oct 2024 11:01:40 -0700 Subject: [PATCH 21/74] chore: directly handle ignored errs and nolint intentionally ignored errs (#2993) Signed-off-by: Kit Patella --- src/cmd/destroy.go | 13 +++++-- src/cmd/dev.go | 28 +++++++++++---- src/cmd/initialize.go | 35 +++++++++++-------- src/cmd/internal.go | 9 +++-- src/cmd/package.go | 50 ++++++++++++++++++++++----- src/cmd/root.go | 5 ++- src/cmd/tools/helm.go | 7 +++- src/cmd/tools/zarf.go | 12 ++++--- src/config/config.go | 13 ++++--- src/internal/git/repository_test.go | 3 +- src/internal/gitea/gitea.go | 9 +++-- src/internal/packager/images/pull.go | 6 +++- src/internal/packager/sbom/catalog.go | 6 +++- src/pkg/interactive/components.go | 7 ++-- src/pkg/layout/component.go | 5 ++- src/pkg/layout/package.go | 14 ++++++-- src/pkg/layout/split.go | 37 +++++++++++++++----- src/pkg/layout/split_test.go | 3 +- src/pkg/message/progress.go | 16 +++++++-- src/pkg/message/spinner.go | 12 +++++-- src/pkg/packager/composer/oci.go | 6 +++- src/pkg/packager/creator/normal.go | 6 +++- src/pkg/packager/deploy.go | 9 +++-- src/pkg/packager/inspect.go | 5 ++- src/pkg/packager/interactive.go | 5 ++- src/pkg/packager/publish.go | 5 ++- src/pkg/utils/auth.go | 20 ++++++++--- src/pkg/utils/cosign.go | 19 +++++----- src/pkg/utils/exec/exec.go | 10 ++++-- src/pkg/utils/network.go | 16 ++++++--- src/pkg/utils/wait.go | 6 +++- src/pkg/utils/yaml.go | 8 +++-- src/pkg/variables/templates.go | 15 ++++++-- src/pkg/variables/templates_test.go | 21 +++++++---- src/pkg/zoci/copier.go | 8 +++-- src/pkg/zoci/pull.go | 8 +++-- src/pkg/zoci/push.go | 13 +++++-- 37 files changed, 349 insertions(+), 121 deletions(-) diff --git a/src/cmd/destroy.go b/src/cmd/destroy.go index 1b71740aa3..6951efd96b 100644 --- a/src/cmd/destroy.go +++ b/src/cmd/destroy.go @@ -30,6 +30,7 @@ var destroyCmd = &cobra.Command{ Aliases: []string{"d"}, Short: lang.CmdDestroyShort, Long: lang.CmdDestroyLong, + // TODO(mkcp): refactor and de-nest this function. RunE: func(cmd *cobra.Command, _ []string) error { ctx := cmd.Context() timeoutCtx, cancel := context.WithTimeout(cmd.Context(), cluster.DefaultTimeout) @@ -57,7 +58,10 @@ var destroyCmd = &cobra.Command{ // Run all the scripts! pattern := regexp.MustCompile(`(?mi)zarf-clean-.+\.sh$`) - scripts, _ := helpers.RecursiveFileList(config.ZarfCleanupScriptsPath, pattern, true) + scripts, err := helpers.RecursiveFileList(config.ZarfCleanupScriptsPath, pattern, true) + if err != nil { + return err + } // Iterate over all matching zarf-clean scripts and exec them for _, script := range scripts { // Run the matched script @@ -71,8 +75,11 @@ var destroyCmd = &cobra.Command{ return fmt.Errorf("received an error when executing the script %s: %w", script, err) } - // Try to remove the script, but ignore any errors - _ = os.Remove(script) + // Try to remove the script, but ignore any errors and debug log them + err = os.Remove(script) + if err != nil { + message.WarnErr(err, fmt.Sprintf("Unable to remove script. script=%s", script)) + } } } else { // Perform chart uninstallation diff --git a/src/cmd/dev.go b/src/cmd/dev.go index 85f08e9c11..ab0a262589 100644 --- a/src/cmd/dev.go +++ b/src/cmd/dev.go @@ -148,14 +148,13 @@ var devSha256SumCmd = &cobra.Command{ Aliases: []string{"s"}, Short: lang.CmdDevSha256sumShort, Args: cobra.ExactArgs(1), - RunE: func(cmd *cobra.Command, args []string) error { + RunE: func(cmd *cobra.Command, args []string) (err error) { hashErr := errors.New("unable to compute the SHA256SUM hash") fileName := args[0] var tmp string var data io.ReadCloser - var err error if helpers.IsURL(fileName) { message.Warn(lang.CmdDevSha256sumRemoteWarning) @@ -182,7 +181,10 @@ var devSha256SumCmd = &cobra.Command{ fileName = downloadPath - defer os.RemoveAll(tmp) + defer func(path string) { + errRemove := os.RemoveAll(path) + err = errors.Join(err, errRemove) + }(tmp) } if extractPath != "" { @@ -191,7 +193,10 @@ var devSha256SumCmd = &cobra.Command{ if err != nil { return errors.Join(hashErr, err) } - defer os.RemoveAll(tmp) + defer func(path string) { + errRemove := os.RemoveAll(path) + err = errors.Join(err, errRemove) + }(tmp) } extractedFile := filepath.Join(tmp, extractPath) @@ -208,7 +213,10 @@ var devSha256SumCmd = &cobra.Command{ if err != nil { return errors.Join(hashErr, err) } - defer data.Close() + defer func(data io.ReadCloser) { + errClose := data.Close() + err = errors.Join(err, errClose) + }(data) hash, err := helpers.GetSHA256Hash(data) if err != nil { @@ -323,8 +331,14 @@ func init() { // use the package create config for this and reset it here to avoid overwriting the config.CreateOptions.SetVariables devFindImagesCmd.Flags().StringToStringVar(&pkgConfig.CreateOpts.SetVariables, "set", v.GetStringMapString(common.VPkgCreateSet), lang.CmdDevFlagSet) - devFindImagesCmd.Flags().MarkDeprecated("set", "this field is replaced by create-set") - devFindImagesCmd.Flags().MarkHidden("set") + err := devFindImagesCmd.Flags().MarkDeprecated("set", "this field is replaced by create-set") + if err != nil { + message.Debug("Unable to mark dev-find-images flag as set", "error", err) + } + err = devFindImagesCmd.Flags().MarkHidden("set") + if err != nil { + message.Debug("Unable to mark dev-find-images flag as hidden", "error", err) + } devFindImagesCmd.Flags().StringVarP(&pkgConfig.CreateOpts.Flavor, "flavor", "f", v.GetString(common.VPkgCreateFlavor), lang.CmdPackageCreateFlagFlavor) devFindImagesCmd.Flags().StringToStringVar(&pkgConfig.CreateOpts.SetVariables, "create-set", v.GetStringMapString(common.VPkgCreateSet), lang.CmdDevFlagSet) devFindImagesCmd.Flags().StringToStringVar(&pkgConfig.PkgOpts.SetVariables, "deploy-set", v.GetStringMapString(common.VPkgDeploySet), lang.CmdPackageDeployFlagSet) diff --git a/src/cmd/initialize.go b/src/cmd/initialize.go index 376db85da9..7316183e5d 100644 --- a/src/cmd/initialize.go +++ b/src/cmd/initialize.go @@ -94,19 +94,27 @@ func findInitPackage(ctx context.Context, initPackageName string) (string, error } // Create the cache directory if it doesn't exist - if helpers.InvalidPath(config.GetAbsCachePath()) { - if err := helpers.CreateDirectory(config.GetAbsCachePath(), helpers.ReadExecuteAllWriteUser); err != nil { - return "", fmt.Errorf("unable to create the cache directory %s: %w", config.GetAbsCachePath(), err) + absCachePath, err := config.GetAbsCachePath() + if err != nil { + return "", err + } + // Verify that we can write to the path + if helpers.InvalidPath(absCachePath) { + // Create the directory if the path is invalid + err = helpers.CreateDirectory(absCachePath, helpers.ReadExecuteAllWriteUser) + if err != nil { + return "", fmt.Errorf("unable to create the cache directory %s: %w", absCachePath, err) } } // Next, look in the cache directory - if !helpers.InvalidPath(filepath.Join(config.GetAbsCachePath(), initPackageName)) { - return filepath.Join(config.GetAbsCachePath(), initPackageName), nil + if !helpers.InvalidPath(filepath.Join(absCachePath, initPackageName)) { + // join and return + return filepath.Join(absCachePath, initPackageName), nil } // Finally, if the init-package doesn't exist in the cache directory, suggest downloading it - downloadCacheTarget, err := downloadInitPackage(ctx, config.GetAbsCachePath()) + downloadCacheTarget, err := downloadInitPackage(ctx, absCachePath) if err != nil { if errors.Is(err, lang.ErrInitNotFound) { return "", err @@ -121,7 +129,6 @@ func downloadInitPackage(ctx context.Context, cacheDirectory string) (string, er return "", lang.ErrInitNotFound } - var confirmDownload bool url := zoci.GetInitPackageURL(config.CLIVersion) // Give the user the choice to download the init-package and note that this does require an internet connection @@ -129,14 +136,12 @@ func downloadInitPackage(ctx context.Context, cacheDirectory string) (string, er message.Note(lang.CmdInitPullNote) - // Prompt the user if --confirm not specified - if !confirmDownload { - prompt := &survey.Confirm{ - Message: lang.CmdInitPullConfirm, - } - if err := survey.AskOne(prompt, &confirmDownload); err != nil { - return "", fmt.Errorf("confirm download canceled: %w", err) - } + var confirmDownload bool + prompt := &survey.Confirm{ + Message: lang.CmdInitPullConfirm, + } + if err := survey.AskOne(prompt, &confirmDownload); err != nil { + return "", fmt.Errorf("confirm download canceled: %w", err) } // If the user wants to download the init-package, download it diff --git a/src/cmd/internal.go b/src/cmd/internal.go index 4a393d01e6..b3bc2c4592 100644 --- a/src/cmd/internal.go +++ b/src/cmd/internal.go @@ -348,8 +348,8 @@ var isValidHostname = &cobra.Command{ Short: lang.CmdInternalIsValidHostnameShort, RunE: func(_ *cobra.Command, _ []string) error { if valid := helpers.IsValidHostName(); !valid { - hostname, _ := os.Hostname() - return fmt.Errorf("the hostname %s is not valid. Ensure the hostname meets RFC1123 requirements https://www.rfc-editor.org/rfc/rfc1123.html", hostname) + hostname, err := os.Hostname() + return fmt.Errorf("the hostname %s is not valid. Ensure the hostname meets RFC1123 requirements https://www.rfc-editor.org/rfc/rfc1123.html, error=%w", hostname, err) } return nil }, @@ -388,6 +388,9 @@ func addHiddenDummyFlag(cmd *cobra.Command, flagDummy string) { if cmd.PersistentFlags().Lookup(flagDummy) == nil { var dummyStr string cmd.PersistentFlags().StringVar(&dummyStr, flagDummy, "", "") - cmd.PersistentFlags().MarkHidden(flagDummy) + err := cmd.PersistentFlags().MarkHidden(flagDummy) + if err != nil { + message.Debug("Unable to add hidden dummy flag", "error", err) + } } } diff --git a/src/cmd/package.go b/src/cmd/package.go index bbd61c3ff7..4f0c31322a 100644 --- a/src/cmd/package.go +++ b/src/cmd/package.go @@ -219,7 +219,10 @@ var packageInspectCmd = &cobra.Command{ if err != nil { return fmt.Errorf("failed to inspect package: %w", err) } - utils.ColorPrintYAML(output, nil, false) + err = utils.ColorPrintYAML(output, nil, false) + if err != nil { + return err + } return nil }, } @@ -382,9 +385,23 @@ func choosePackage(args []string) (string, error) { prompt := &survey.Input{ Message: lang.CmdPackageChoose, Suggest: func(toComplete string) []string { - files, _ := filepath.Glob(config.ZarfPackagePrefix + toComplete + "*.tar") - zstFiles, _ := filepath.Glob(config.ZarfPackagePrefix + toComplete + "*.tar.zst") - splitFiles, _ := filepath.Glob(config.ZarfPackagePrefix + toComplete + "*.part000") + tarPath := config.ZarfPackagePrefix + toComplete + "*.tar" + files, err := filepath.Glob(tarPath) + if err != nil { + message.Debug("Unable to glob", "tarPath", tarPath, "error", err) + } + + zstPath := config.ZarfPackagePrefix + toComplete + "*.tar.zst" + zstFiles, err := filepath.Glob(zstPath) + if err != nil { + message.Debug("Unable to glob", "zstPath", zstPath, "error", err) + } + + splitPath := config.ZarfPackagePrefix + toComplete + "*.part000" + splitFiles, err := filepath.Glob(splitPath) + if err != nil { + message.Debug("Unable to glob", "splitPath", splitPath, "error", err) + } files = append(files, zstFiles...) files = append(files, splitFiles...) @@ -409,7 +426,10 @@ func getPackageCompletionArgs(cmd *cobra.Command, _ []string, _ string) ([]strin ctx := cmd.Context() - deployedZarfPackages, _ := c.GetDeployedZarfPackages(ctx) + deployedZarfPackages, err := c.GetDeployedZarfPackages(ctx) + if err != nil { + message.Debug("Unable to get deployed zarf packages for package completion args", "error", err) + } // Populate list of package names for _, pkg := range deployedZarfPackages { pkgCandidates = append(pkgCandidates, pkg.Name) @@ -478,9 +498,18 @@ func bindCreateFlags(v *viper.Viper) { createFlags.IntVar(&pkgConfig.PkgOpts.Retries, "retries", v.GetInt(common.VPkgRetries), lang.CmdPackageFlagRetries) - createFlags.MarkHidden("output-directory") - createFlags.MarkHidden("key") - createFlags.MarkHidden("key-pass") + errOD := createFlags.MarkHidden("output-directory") + if errOD != nil { + message.Debug("Unable to mark flag output-directory", "error", errOD) + } + errKey := createFlags.MarkHidden("key") + if errKey != nil { + message.Debug("Unable to mark flag key", "error", errKey) + } + errKP := createFlags.MarkHidden("key-pass") + if errKP != nil { + message.Debug("Unable to mark flag key-pass", "error", errKP) + } } func bindDeployFlags(v *viper.Viper) { @@ -501,7 +530,10 @@ func bindDeployFlags(v *viper.Viper) { deployFlags.StringVar(&pkgConfig.PkgOpts.SGetKeyPath, "sget", v.GetString(common.VPkgDeploySget), lang.CmdPackageDeployFlagSget) deployFlags.BoolVar(&pkgConfig.PkgOpts.SkipSignatureValidation, "skip-signature-validation", false, lang.CmdPackageFlagSkipSignatureValidation) - deployFlags.MarkHidden("sget") + err := deployFlags.MarkHidden("sget") + if err != nil { + message.Debug("Unable to mark flag sget", "error", err) + } } func bindMirrorFlags(v *viper.Viper) { diff --git a/src/cmd/root.go b/src/cmd/root.go index 188f91e8cc..bf695e3760 100644 --- a/src/cmd/root.go +++ b/src/cmd/root.go @@ -78,7 +78,10 @@ var rootCmd = &cobra.Command{ Run: func(cmd *cobra.Command, args []string) { zarfLogo := message.GetLogo() _, _ = fmt.Fprintln(os.Stderr, zarfLogo) - cmd.Help() + err := cmd.Help() + if err != nil { + _, _ = fmt.Fprintln(os.Stderr, err) + } if len(args) > 0 { if strings.Contains(args[0], config.ZarfPackagePrefix) || strings.Contains(args[0], "zarf-init") { diff --git a/src/cmd/tools/helm.go b/src/cmd/tools/helm.go index 0d37f8d017..9f367b694e 100644 --- a/src/cmd/tools/helm.go +++ b/src/cmd/tools/helm.go @@ -7,6 +7,8 @@ package tools import ( "os" + "github.com/zarf-dev/zarf/src/pkg/message" + "github.com/zarf-dev/zarf/src/cmd/tools/helm" "github.com/zarf-dev/zarf/src/config/lang" "helm.sh/helm/v3/pkg/action" @@ -24,7 +26,10 @@ func init() { helmArgs = os.Args[3:] } // The inclusion of Helm in this manner should be changed once https://github.com/helm/helm/pull/12725 is merged - helmCmd, _ := helm.NewRootCmd(actionConfig, os.Stdout, helmArgs) + helmCmd, err := helm.NewRootCmd(actionConfig, os.Stdout, helmArgs) + if err != nil { + message.Debug("Failed to initialize helm command", "error", err) + } helmCmd.Short = lang.CmdToolsHelmShort helmCmd.Long = lang.CmdToolsHelmLong helmCmd.AddCommand(newVersionCmd("helm", helmVersion)) diff --git a/src/cmd/tools/zarf.go b/src/cmd/tools/zarf.go index 5a9cd11718..df516f9506 100644 --- a/src/cmd/tools/zarf.go +++ b/src/cmd/tools/zarf.go @@ -205,11 +205,15 @@ var clearCacheCmd = &cobra.Command{ Aliases: []string{"c"}, Short: lang.CmdToolsClearCacheShort, RunE: func(_ *cobra.Command, _ []string) error { - message.Notef(lang.CmdToolsClearCacheDir, config.GetAbsCachePath()) - if err := os.RemoveAll(config.GetAbsCachePath()); err != nil { - return fmt.Errorf("unable to clear the cache directory %s: %w", config.GetAbsCachePath(), err) + cachePath, err := config.GetAbsCachePath() + if err != nil { + return err + } + message.Notef(lang.CmdToolsClearCacheDir, cachePath) + if err := os.RemoveAll(cachePath); err != nil { + return fmt.Errorf("unable to clear the cache directory %s: %w", cachePath, err) } - message.Successf(lang.CmdToolsClearCacheSuccess, config.GetAbsCachePath()) + message.Successf(lang.CmdToolsClearCacheSuccess, cachePath) return nil }, } diff --git a/src/config/config.go b/src/config/config.go index 4a4001dce6..ca80f619b6 100644 --- a/src/config/config.go +++ b/src/config/config.go @@ -97,16 +97,19 @@ func GetDataInjectionMarker() string { } // GetAbsCachePath gets the absolute cache path for images and git repos. -func GetAbsCachePath() string { +func GetAbsCachePath() (string, error) { return GetAbsHomePath(CommonOptions.CachePath) } // GetAbsHomePath replaces ~ with the absolute path to a user's home dir -func GetAbsHomePath(path string) string { - homePath, _ := os.UserHomeDir() +func GetAbsHomePath(path string) (string, error) { + homePath, err := os.UserHomeDir() + if err != nil { + return "", err + } if strings.HasPrefix(path, "~") { - return strings.Replace(path, "~", homePath, 1) + return strings.Replace(path, "~", homePath, 1), nil } - return path + return path, nil } diff --git a/src/internal/git/repository_test.go b/src/internal/git/repository_test.go index 7e75319eee..e833e6e2f7 100644 --- a/src/internal/git/repository_test.go +++ b/src/internal/git/repository_test.go @@ -56,7 +56,8 @@ func TestRepository(t *testing.T) { require.NoError(t, err) _, err = newFile.Write([]byte("Hello World")) require.NoError(t, err) - newFile.Close() + err = newFile.Close() + require.NoError(t, err) _, err = w.Add(filePath) require.NoError(t, err) _, err = w.Commit("Initial commit", &git.CommitOptions{ diff --git a/src/internal/gitea/gitea.go b/src/internal/gitea/gitea.go index 94244d03f1..48bfdfaae1 100644 --- a/src/internal/gitea/gitea.go +++ b/src/internal/gitea/gitea.go @@ -8,6 +8,7 @@ import ( "bytes" "context" "encoding/json" + "errors" "fmt" "io" "net/http" @@ -47,7 +48,7 @@ func NewClient(endpoint, username, password string) (*Client, error) { } // DoRequest performs a request to the Gitea API at the given path. -func (g *Client) DoRequest(ctx context.Context, method string, path string, body []byte) ([]byte, int, error) { +func (g *Client) DoRequest(ctx context.Context, method string, path string, body []byte) (_ []byte, _ int, err error) { u, err := g.endpoint.Parse(path) if err != nil { return nil, 0, err @@ -63,7 +64,11 @@ func (g *Client) DoRequest(ctx context.Context, method string, path string, body if err != nil { return nil, 0, err } - defer resp.Body.Close() + defer func() { + errClose := resp.Body.Close() + err = errors.Join(err, errClose) + }() + b, err := io.ReadAll(resp.Body) if err != nil { return nil, 0, err diff --git a/src/internal/packager/images/pull.go b/src/internal/packager/images/pull.go index 2e206742c6..a11b6097d7 100644 --- a/src/internal/packager/images/pull.go +++ b/src/internal/packager/images/pull.go @@ -300,7 +300,11 @@ func CleanupInProgressLayers(ctx context.Context, img v1.Image) error { if err != nil { return err } - cacheDir := filepath.Join(config.GetAbsCachePath(), layout.ImagesDir) + absPath, err := config.GetAbsCachePath() + if err != nil { + return err + } + cacheDir := filepath.Join(absPath, layout.ImagesDir) location := filepath.Join(cacheDir, digest.String()) info, err := os.Stat(location) if errors.Is(err, fs.ErrNotExist) { diff --git a/src/internal/packager/sbom/catalog.go b/src/internal/packager/sbom/catalog.go index 58aa23870a..65c32c039b 100755 --- a/src/internal/packager/sbom/catalog.go +++ b/src/internal/packager/sbom/catalog.go @@ -54,9 +54,13 @@ var componentPrefix = "zarf-component-" func Catalog(ctx context.Context, componentSBOMs map[string]*layout.ComponentSBOM, imageList []transform.Image, paths *layout.PackagePaths) error { imageCount := len(imageList) componentCount := len(componentSBOMs) + cachePath, err := config.GetAbsCachePath() + if err != nil { + return err + } builder := Builder{ spinner: message.NewProgressSpinner("Creating SBOMs for %d images and %d components with files.", imageCount, componentCount), - cachePath: config.GetAbsCachePath(), + cachePath: cachePath, imagesPath: paths.Images.Base, outputDir: paths.SBOMs.Path, } diff --git a/src/pkg/interactive/components.go b/src/pkg/interactive/components.go index b742aeed4c..9b5cee436c 100644 --- a/src/pkg/interactive/components.go +++ b/src/pkg/interactive/components.go @@ -20,7 +20,10 @@ func SelectOptionalComponent(component v1alpha1.ZarfComponent) (bool, error) { displayComponent := component displayComponent.Description = "" - utils.ColorPrintYAML(displayComponent, nil, false) + err := utils.ColorPrintYAML(displayComponent, nil, false) + if err != nil { + return false, err + } if component.Description != "" { message.Question(component.Description) } @@ -31,7 +34,7 @@ func SelectOptionalComponent(component v1alpha1.ZarfComponent) (bool, error) { } var confirm bool - err := survey.AskOne(prompt, &confirm) + err = survey.AskOne(prompt, &confirm) if err != nil { return false, err } diff --git a/src/pkg/layout/component.go b/src/pkg/layout/component.go index c3ce6ae930..9a3735b54b 100644 --- a/src/pkg/layout/component.go +++ b/src/pkg/layout/component.go @@ -50,7 +50,10 @@ func (c *Components) Archive(component v1alpha1.ZarfComponent, cleanupTemp bool) } base := c.Dirs[name].Base if cleanupTemp { - _ = os.RemoveAll(c.Dirs[name].Temp) + err := os.RemoveAll(c.Dirs[name].Temp) + if err != nil { + return err + } } size, err := helpers.GetDirSize(base) if err != nil { diff --git a/src/pkg/layout/package.go b/src/pkg/layout/package.go index 532f46653d..7824d34ba9 100644 --- a/src/pkg/layout/package.go +++ b/src/pkg/layout/package.go @@ -5,6 +5,7 @@ package layout import ( + "errors" "fmt" "os" "path/filepath" @@ -77,11 +78,12 @@ func (pp *PackagePaths) ReadZarfYAML() (v1alpha1.ZarfPackage, []string, error) { } // MigrateLegacy migrates a legacy package layout to the new layout. -func (pp *PackagePaths) MigrateLegacy() error { +func (pp *PackagePaths) MigrateLegacy() (err error) { var pkg v1alpha1.ZarfPackage base := pp.Base // legacy layout does not contain a checksums file, nor a signature + // TODO(mkcp): This can be un-nested as an early return if helpers.InvalidPath(pp.Checksums) && pp.Signature == "" { if err := utils.ReadYaml(pp.ZarfYAML, &pkg); err != nil { return err @@ -113,7 +115,10 @@ func (pp *PackagePaths) MigrateLegacy() error { if !helpers.InvalidPath(legacyImagesTar) { pp = pp.AddImages() message.Debugf("Migrating %q to %q", legacyImagesTar, pp.Images.Base) - defer os.Remove(legacyImagesTar) + defer func(name string) { + err2 := os.Remove(name) + err = errors.Join(err, err2) + }(legacyImagesTar) imgTags := []string{} for _, component := range pkg.Components { imgTags = append(imgTags, component.Images...) @@ -323,7 +328,10 @@ func (pp *PackagePaths) Files() map[string]string { pathMap := make(map[string]string) stripBase := func(path string) string { - rel, _ := filepath.Rel(pp.Base, path) + rel, err := filepath.Rel(pp.Base, path) + if err != nil { + message.Debug("unable to strip base from path", "error", err) + } // Convert from the OS path separator to the standard '/' for Windows support return filepath.ToSlash(rel) } diff --git a/src/pkg/layout/split.go b/src/pkg/layout/split.go index 4668107405..3354a66038 100644 --- a/src/pkg/layout/split.go +++ b/src/pkg/layout/split.go @@ -18,12 +18,20 @@ import ( ) // splitFile will split the file into chunks and remove the original file. -func splitFile(srcPath string, chunkSize int) error { +func splitFile(srcPath string, chunkSize int) (err error) { srcFile, err := os.Open(srcPath) if err != nil { return err } - defer srcFile.Close() + // Ensure we close our sourcefile, even if we error out. + defer func() { + err2 := srcFile.Close() + // Ignore if file is already closed + if !errors.Is(err2, os.ErrClosed) { + err = errors.Join(err, err2) + } + }() + fi, err := srcFile.Stat() if err != nil { return err @@ -31,17 +39,28 @@ func splitFile(srcPath string, chunkSize int) error { title := fmt.Sprintf("[0/%d] MB bytes written", fi.Size()/1000/1000) progressBar := message.NewProgressBar(fi.Size(), title) - defer progressBar.Close() + defer func(progressBar *message.ProgressBar) { + err2 := progressBar.Close() + err = errors.Join(err, err2) + }(progressBar) hash := sha256.New() fileCount := 0 + // TODO(mkcp): The inside of this loop should be wrapped in a closure so we can close the destination file each + // iteration as soon as we're done writing. for { path := fmt.Sprintf("%s.part%03d", srcPath, fileCount+1) dstFile, err := os.OpenFile(path, os.O_CREATE|os.O_RDWR, helpers.ReadAllWriteUser) if err != nil { return err } - defer dstFile.Close() + defer func(dstFile *os.File) { + err2 := dstFile.Close() + // Ignore if file is already closed + if !errors.Is(err2, os.ErrClosed) { + err = errors.Join(err, err2) + } + }(dstFile) written, copyErr := io.CopyN(dstFile, srcFile, int64(chunkSize)) if copyErr != nil && !errors.Is(copyErr, io.EOF) { @@ -59,13 +78,14 @@ func splitFile(srcPath string, chunkSize int) error { if err != nil { return err } - err = dstFile.Close() - if err != nil { - return err - } // EOF error could be returned on 0 bytes written. if written == 0 { + // NOTE(mkcp): We have to close the file before removing it or windows will break with a file-in-use err. + err = dstFile.Close() + if err != nil { + return err + } err = os.Remove(path) if err != nil { return err @@ -80,6 +100,7 @@ func splitFile(srcPath string, chunkSize int) error { } // Remove original file + // NOTE(mkcp): We have to close the file before removing or windows can break with a file-in-use err. err = srcFile.Close() if err != nil { return err diff --git a/src/pkg/layout/split_test.go b/src/pkg/layout/split_test.go index 718dc7bfee..51866374ec 100644 --- a/src/pkg/layout/split_test.go +++ b/src/pkg/layout/split_test.go @@ -61,7 +61,8 @@ func TestSplitFile(t *testing.T) { require.NoError(t, err) _, err = f.Write(b) require.NoError(t, err) - f.Close() + err = f.Close() + require.NoError(t, err) err = splitFile(p, tt.chunkSize) require.NoError(t, err) diff --git a/src/pkg/message/progress.go b/src/pkg/message/progress.go index 7c050b0ba2..e756ae0715 100644 --- a/src/pkg/message/progress.go +++ b/src/pkg/message/progress.go @@ -22,10 +22,11 @@ type ProgressBar struct { // NewProgressBar creates a new ProgressBar instance from a total value and a format. func NewProgressBar(total int64, text string) *ProgressBar { var progress *pterm.ProgressbarPrinter + var err error if NoProgress { Info(text) } else { - progress, _ = pterm.DefaultProgressbar. + progress, err = pterm.DefaultProgressbar. WithTotal(int(total)). WithShowCount(false). WithTitle(padding + text). @@ -33,6 +34,9 @@ func NewProgressBar(total int64, text string) *ProgressBar { WithMaxWidth(TermWidth). WithWriter(os.Stderr). Start() + if err != nil { + WarnErr(err, "Unable to create default progressbar") + } } return &ProgressBar{ @@ -53,7 +57,10 @@ func (p *ProgressBar) Updatef(format string, a ...any) { // Failf marks the ProgressBar as failed in the CLI. func (p *ProgressBar) Failf(format string, a ...any) { - p.Close() + err := p.Close() + if err != nil { + Debug("unable to close failed progressbar", "error", err) + } Warnf(format, a...) } @@ -103,7 +110,10 @@ func (p *ProgressBar) Write(data []byte) (int, error) { // Successf marks the ProgressBar as successful in the CLI. func (p *ProgressBar) Successf(format string, a ...any) { - p.Close() + err := p.Close() + if err != nil { + Debug("unable to close successful progressbar", "error", err) + } pterm.Success.Printfln(format, a...) } diff --git a/src/pkg/message/spinner.go b/src/pkg/message/spinner.go index 93511a705c..76d2d81bb5 100644 --- a/src/pkg/message/spinner.go +++ b/src/pkg/message/spinner.go @@ -8,6 +8,7 @@ import ( "bufio" "bytes" "fmt" + "log/slog" "strings" "github.com/pterm/pterm" @@ -34,15 +35,19 @@ func NewProgressSpinner(format string, a ...any) *Spinner { } var spinner *pterm.SpinnerPrinter + var err error text := pterm.Sprintf(format, a...) if NoProgress { Info(text) } else { - spinner, _ = pterm.DefaultSpinner. + spinner, err = pterm.DefaultSpinner. WithRemoveWhenDone(false). // Src: https://github.com/gernest/wow/blob/master/spin/spinners.go#L335 WithSequence(sequence...). Start(text) + if err != nil { + slog.Debug("unable to create default spinner", "error", err) + } } activeSpinner = &Spinner{ @@ -108,7 +113,10 @@ func (p *Spinner) Updatef(format string, a ...any) { // Stop the spinner. func (p *Spinner) Stop() { if p.spinner != nil && p.spinner.IsActive { - _ = p.spinner.Stop() + err := p.spinner.Stop() + if err != nil { + slog.Debug("unable to stop spinner", "error", err) + } } activeSpinner = nil } diff --git a/src/pkg/packager/composer/oci.go b/src/pkg/packager/composer/oci.go index 2541e45f32..4d2589f717 100644 --- a/src/pkg/packager/composer/oci.go +++ b/src/pkg/packager/composer/oci.go @@ -64,7 +64,11 @@ func (ic *ImportChain) fetchOCISkeleton(ctx context.Context) error { componentDesc := manifest.Locate(filepath.Join(layout.ComponentsDir, fmt.Sprintf("%s.tar", name))) - cache := filepath.Join(config.GetAbsCachePath(), "oci") + absCachePath, err := config.GetAbsCachePath() + if err != nil { + return err + } + cache := filepath.Join(absCachePath, "oci") if err := helpers.CreateDirectory(cache, helpers.ReadWriteExecuteUser); err != nil { return err } diff --git a/src/pkg/packager/creator/normal.go b/src/pkg/packager/creator/normal.go index 9b2c8ab372..099fda5e2b 100644 --- a/src/pkg/packager/creator/normal.go +++ b/src/pkg/packager/creator/normal.go @@ -177,12 +177,16 @@ func (pc *PackageCreator) Assemble(ctx context.Context, dst *layout.PackagePaths dst.AddImages() + cachePath, err := config.GetAbsCachePath() + if err != nil { + return err + } pullCfg := images.PullConfig{ DestinationDirectory: dst.Images.Base, ImageList: imageList, Arch: arch, RegistryOverrides: pc.createOpts.RegistryOverrides, - CacheDirectory: filepath.Join(config.GetAbsCachePath(), layout.ImagesDir), + CacheDirectory: filepath.Join(cachePath, layout.ImagesDir), } pulled, err := images.Pull(ctx, pullCfg) diff --git a/src/pkg/packager/deploy.go b/src/pkg/packager/deploy.go index ee3796ac6c..54b74f9727 100644 --- a/src/pkg/packager/deploy.go +++ b/src/pkg/packager/deploy.go @@ -438,8 +438,11 @@ func (p *Packager) processComponentFiles(component v1alpha1.ZarfComponent, pkgLo } // Replace temp target directory and home directory - file.Target = strings.Replace(file.Target, "###ZARF_TEMP###", p.layout.Base, 1) - file.Target = config.GetAbsHomePath(file.Target) + target, err := config.GetAbsHomePath(strings.Replace(file.Target, "###ZARF_TEMP###", p.layout.Base, 1)) + if err != nil { + return err + } + file.Target = target fileList := []string{} if helpers.IsDir(fileLocation) { @@ -467,7 +470,7 @@ func (p *Packager) processComponentFiles(component v1alpha1.ZarfComponent, pkgLo // Copy the file to the destination spinner.Updatef("Saving %s", file.Target) - err := helpers.CreatePathAndCopy(fileLocation, file.Target) + err = helpers.CreatePathAndCopy(fileLocation, file.Target) if err != nil { return fmt.Errorf("unable to copy file %s to %s: %w", fileLocation, file.Target, err) } diff --git a/src/pkg/packager/inspect.go b/src/pkg/packager/inspect.go index ae850498b8..03dee54883 100644 --- a/src/pkg/packager/inspect.go +++ b/src/pkg/packager/inspect.go @@ -34,7 +34,10 @@ func (p *Packager) Inspect(ctx context.Context) error { fmt.Fprintln(os.Stdout, "-", image) } } else { - utils.ColorPrintYAML(p.cfg.Pkg, nil, false) + err := utils.ColorPrintYAML(p.cfg.Pkg, nil, false) + if err != nil { + return err + } } sbomDir := p.layout.SBOMs.Path diff --git a/src/pkg/packager/interactive.go b/src/pkg/packager/interactive.go index bd44342e7f..bc29c8e0f8 100644 --- a/src/pkg/packager/interactive.go +++ b/src/pkg/packager/interactive.go @@ -21,7 +21,10 @@ import ( func (p *Packager) confirmAction(stage string, warnings []string, sbomViewFiles []string) bool { pterm.Println() message.HeaderInfof("📦 PACKAGE DEFINITION") - utils.ColorPrintYAML(p.cfg.Pkg, p.getPackageYAMLHints(stage), true) + err := utils.ColorPrintYAML(p.cfg.Pkg, p.getPackageYAMLHints(stage), true) + if err != nil { + message.WarnErr(err, "unable to print yaml") + } // Print any potential breaking changes (if this is a Deploy confirm) between this CLI version and the deployed init package if stage == config.ZarfDeployStage { diff --git a/src/pkg/packager/publish.go b/src/pkg/packager/publish.go index 94fdee63c2..6e421efd1f 100644 --- a/src/pkg/packager/publish.go +++ b/src/pkg/packager/publish.go @@ -117,7 +117,10 @@ func (p *Packager) Publish(ctx context.Context) (err error) { }, }) } - utils.ColorPrintYAML(ex, nil, true) + err := utils.ColorPrintYAML(ex, nil, true) + if err != nil { + return err + } } return nil } diff --git a/src/pkg/utils/auth.go b/src/pkg/utils/auth.go index 0bc5cf501a..a6285ec35a 100644 --- a/src/pkg/utils/auth.go +++ b/src/pkg/utils/auth.go @@ -23,7 +23,10 @@ type Credential struct { // FindAuthForHost finds the authentication scheme for a given host using .git-credentials then .netrc. func FindAuthForHost(baseURL string) (*Credential, error) { - homePath, _ := os.UserHomeDir() + homePath, err := os.UserHomeDir() + if err != nil { + return nil, err + } // Read the ~/.git-credentials file credentialsPath := filepath.Join(homePath, ".git-credentials") @@ -52,7 +55,7 @@ func FindAuthForHost(baseURL string) (*Credential, error) { } // credentialParser parses a user's .git-credentials file to find git creds for hosts. -func credentialParser(path string) ([]Credential, error) { +func credentialParser(path string) (_ []Credential, err error) { file, err := os.Open(path) if errors.Is(err, os.ErrNotExist) { return nil, nil @@ -60,7 +63,10 @@ func credentialParser(path string) ([]Credential, error) { if err != nil { return nil, err } - defer file.Close() + defer func() { + err2 := file.Close() + err = errors.Join(err, err2) + }() var credentials []Credential scanner := bufio.NewScanner(file) @@ -83,7 +89,7 @@ func credentialParser(path string) ([]Credential, error) { } // netrcParser parses a user's .netrc file using the method curl did pre 7.84.0: https://daniel.haxx.se/blog/2022/05/31/netrc-pains/. -func netrcParser(path string) ([]Credential, error) { +func netrcParser(path string) (_ []Credential, _ error) { file, err := os.Open(path) if errors.Is(err, os.ErrNotExist) { return nil, nil @@ -91,7 +97,10 @@ func netrcParser(path string) ([]Credential, error) { if err != nil { return nil, err } - defer file.Close() + defer func() { + err2 := file.Close() + err = errors.Join(err, err2) + }() var credentials []Credential scanner := bufio.NewScanner(file) @@ -151,6 +160,7 @@ func netrcParser(path string) ([]Credential, error) { } } } + // Append the last machine (if exists) at the end of the file if activeMachine != nil { credentials = appendNetrcMachine(activeMachine, credentials) diff --git a/src/pkg/utils/cosign.go b/src/pkg/utils/cosign.go index f81183741a..fe6ac9279a 100644 --- a/src/pkg/utils/cosign.go +++ b/src/pkg/utils/cosign.go @@ -228,26 +228,27 @@ func GetCosignArtifacts(image string) ([]string, error) { ref, err := name.ParseReference(image, nameOpts...) if err != nil { - return []string{}, err + return nil, err } + // Return empty if we don't have a signature on the image var remoteOpts []ociremote.Option - simg, _ := ociremote.SignedEntity(ref, remoteOpts...) + simg, _ := ociremote.SignedEntity(ref, remoteOpts...) // TODO(mkcp): //nolint:errcheck if simg == nil { - return []string{}, nil + return nil, nil } // Errors are dogsled because these functions always return a name.Tag which we can check for layers - sigRef, _ := ociremote.SignatureTag(ref, remoteOpts...) - attRef, _ := ociremote.AttestationTag(ref, remoteOpts...) + sigRef, _ := ociremote.SignatureTag(ref, remoteOpts...) // TODO(mkcp): //nolint:errcheck + attRef, _ := ociremote.AttestationTag(ref, remoteOpts...) // TODO(mkcp): //nolint:errcheck ss, err := simg.Signatures() if err != nil { - return []string{}, err + return nil, err } ssLayers, err := ss.Layers() if err != nil { - return []string{}, err + return nil, err } var cosignArtifactList = make([]string, 0) @@ -257,11 +258,11 @@ func GetCosignArtifacts(image string) ([]string, error) { atts, err := simg.Attestations() if err != nil { - return []string{}, err + return nil, err } aLayers, err := atts.Layers() if err != nil { - return []string{}, err + return nil, err } if 0 < len(aLayers) { cosignArtifactList = append(cosignArtifactList, attRef.String()) diff --git a/src/pkg/utils/exec/exec.go b/src/pkg/utils/exec/exec.go index 3f76e3f23c..f9ac5bbed4 100644 --- a/src/pkg/utils/exec/exec.go +++ b/src/pkg/utils/exec/exec.go @@ -65,8 +65,14 @@ func CmdWithContext(ctx context.Context, config Config, command string, args ... cmd.Env = append(os.Environ(), config.Env...) // Capture the command outputs. - cmdStdout, _ := cmd.StdoutPipe() - cmdStderr, _ := cmd.StderrPipe() + cmdStdout, err := cmd.StdoutPipe() + if err != nil { + return "", "", fmt.Errorf("failed to capture stdout, error=%w", err) + } + cmdStderr, err := cmd.StderrPipe() + if err != nil { + return "", "", fmt.Errorf("failed to capture stderr, error=%w", err) + } var ( stdoutBuf, stderrBuf bytes.Buffer diff --git a/src/pkg/utils/network.go b/src/pkg/utils/network.go index ffe5490600..17aa9a6ac3 100644 --- a/src/pkg/utils/network.go +++ b/src/pkg/utils/network.go @@ -6,6 +6,7 @@ package utils import ( "context" + "errors" "fmt" "io" "net/http" @@ -39,7 +40,7 @@ func parseChecksum(src string) (string, string, error) { } // DownloadToFile downloads a given URL to the target filepath (including the cosign key if necessary). -func DownloadToFile(ctx context.Context, src, dst, cosignKeyPath string) error { +func DownloadToFile(ctx context.Context, src, dst, cosignKeyPath string) (err error) { // check if the parsed URL has a checksum // if so, remove it and use the checksum to validate the file src, checksum, err := parseChecksum(src) @@ -57,7 +58,11 @@ func DownloadToFile(ctx context.Context, src, dst, cosignKeyPath string) error { if err != nil { return fmt.Errorf(lang.ErrWritingFile, dst, err.Error()) } - defer file.Close() + // Ensure our file closes and any error propagate out on error branches + defer func(file *os.File) { + err2 := file.Close() + err = errors.Join(err, err2) + }(file) parsed, err := url.Parse(src) if err != nil { @@ -90,13 +95,16 @@ func DownloadToFile(ctx context.Context, src, dst, cosignKeyPath string) error { return nil } -func httpGetFile(url string, destinationFile *os.File) error { +func httpGetFile(url string, destinationFile *os.File) (err error) { // Get the data resp, err := http.Get(url) if err != nil { return fmt.Errorf("unable to download the file %s", url) } - defer resp.Body.Close() + defer func() { + err2 := resp.Body.Close() + err = errors.Join(err, err2) + }() // Check server response if resp.StatusCode != http.StatusOK { diff --git a/src/pkg/utils/wait.go b/src/pkg/utils/wait.go index dbcbbf0267..8fecaf8e10 100644 --- a/src/pkg/utils/wait.go +++ b/src/pkg/utils/wait.go @@ -197,7 +197,11 @@ func waitForNetworkEndpoint(resource, name, condition string, timeout time.Durat message.Debug(err) continue } - defer conn.Close() + err = conn.Close() + if err != nil { + message.Debug(err) + continue + } } // Yay, we made it! diff --git a/src/pkg/utils/yaml.go b/src/pkg/utils/yaml.go index 641c219977..e0b8a3e953 100644 --- a/src/pkg/utils/yaml.go +++ b/src/pkg/utils/yaml.go @@ -36,8 +36,11 @@ func yamlFormat(attr color.Attribute) string { } // ColorPrintYAML pretty prints a yaml file to the console. -func ColorPrintYAML(data any, hints map[string]string, spaceRootLists bool) { - text, _ := goyaml.Marshal(data) +func ColorPrintYAML(data any, hints map[string]string, spaceRootLists bool) error { + text, err := goyaml.Marshal(data) + if err != nil { + return err + } tokens := lexer.Tokenize(string(text)) if spaceRootLists { @@ -102,6 +105,7 @@ func ColorPrintYAML(data any, hints map[string]string, spaceRootLists bool) { pterm.Println() pterm.Println(outputYAML) + return nil } // AddRootListHint adds a hint string for a given root list key and value. diff --git a/src/pkg/variables/templates.go b/src/pkg/variables/templates.go index f0153d0baa..5f8c9b940c 100644 --- a/src/pkg/variables/templates.go +++ b/src/pkg/variables/templates.go @@ -6,6 +6,7 @@ package variables import ( "bufio" + "errors" "fmt" "os" "regexp" @@ -49,7 +50,7 @@ func (vc *VariableConfig) GetAllTemplates() map[string]*TextTemplate { } // ReplaceTextTemplate loads a file from a given path, replaces text in it and writes it back in place. -func (vc *VariableConfig) ReplaceTextTemplate(path string) error { +func (vc *VariableConfig) ReplaceTextTemplate(path string) (err error) { templateRegex := fmt.Sprintf("###%s_[A-Z0-9_]+###", strings.ToUpper(vc.templatePrefix)) templateMap := vc.GetAllTemplates() @@ -57,7 +58,10 @@ func (vc *VariableConfig) ReplaceTextTemplate(path string) error { if err != nil { return err } - defer textFile.Close() + defer func() { + err2 := textFile.Close() + err = errors.Join(err, err2) + }() // This regex takes a line and parses the text before and after a discovered template: https://regex101.com/r/ilUxAz/1 regexTemplateLine := regexp.MustCompile(fmt.Sprintf("(?P.*?)(?P