From ed6b967c3d5dbba909c0a1c99acfdc9e6af57f53 Mon Sep 17 00:00:00 2001
From: "girija.saintange" <girija.saintange@gmail.com>
Date: Thu, 25 Jan 2024 16:53:15 +0100
Subject: [PATCH] feat: migrate to CI/CD component
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

⚠ requires GitLab 16.6 or later
---
 .gitlab-ci.yml                      |   2 +-
 README.md                           |  67 ++++++++++++++++++----------
 bumpversion.sh                      |   4 +-
 kicker.json                         |   2 +
 logo.png                            | Bin 15516 -> 18682 bytes
 templates/gitlab-ci-sonar-vault.yml |  14 +++++-
 templates/gitlab-ci-sonar.yml       |  46 +++++++++++++++----
 7 files changed, 97 insertions(+), 38 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index a8b6a3a..7371d78 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -10,7 +10,7 @@ include:
     file: '/templates/validation.yml'
   - project: 'to-be-continuous/bash'
     ref: '3.3'
-    file: 'templates/gitlab-ci-bash.yml'
+    file: '/templates/gitlab-ci-bash.yml'
   - project: 'to-be-continuous/semantic-release'
     ref: '3.7'
     file: '/templates/gitlab-ci-semrel.yml'    
diff --git a/README.md b/README.md
index 34337fc..01f64df 100644
--- a/README.md
+++ b/README.md
@@ -7,13 +7,35 @@ security vulnerabilities as early as possible.
 
 ## Usage
 
-In order to include this template in your project, add the following to your `gitlab-ci.yml`:
+This template can be used both as a [CI/CD component](https://docs.gitlab.com/ee/ci/components/#use-a-component-in-a-cicd-configuration) or using the legacy [`include:project`](https://docs.gitlab.com/ee/ci/yaml/index.html#includeproject) syntax.
+
+### Use as a CI/CD component
+
+Add the following to your `gitlab-ci.yml`:
+
+```yaml
+include:
+  # 1: include the component
+  - component: gitlab.com/to-be-continuous/sonar/gitlab-ci-sonar@4.1.1
+    # 2: set/override component inputs
+    inputs:
+      host-url: https://sonarqube.acme.host # ⚠ this is only an example
+```
+
+### Use as a CI/CD template (legacy)
+
+Add the following to your `gitlab-ci.yml`:
 
 ```yaml
 include:
+  # 1: include the template
   - project: 'to-be-continuous/sonar'
     ref: '4.1.1'
     file: '/templates/gitlab-ci-sonar.yml'
+
+variables:
+  # 2: set/override template variables
+  SONAR_HOST_URL: https://sonarqube.acme.host # ⚠ this is only an example
 ```
 
 ## SonarQube analysis job
@@ -22,17 +44,17 @@ This job performs a SonarQube analysis of your code.
 
 It is bound to the `test` stage, and uses the following variables:
 
-| Name                     | Description                     | Default value |
+| Input / Variable | Description                     | Default value |
 | ------------------------ | ------------------------------- | ----------------------------- |
-| `SONAR_SCANNER_IMAGE`    | The Docker image used to run [sonar-scanner](https://docs.sonarqube.org/latest/analysis/scan/sonarscanner/) | `registry.hub.docker.com/sonarsource/sonar-scanner-cli:latest` |
-| `SONAR_HOST_URL`         | SonarQube server url            | _none_ (disabled) |
-| `SONAR_PROJECT_KEY`      | SonarQube Project Key (might also be set in the `sonar-project.properties` file) | fallbacks to `$CI_PROJECT_PATH_SLUG` (see below) |
-| `SONAR_PROJECT_NAME`     | SonarQube Project Name (might also be set in the `sonar-project.properties` file) | fallbacks to `$CI_PROJECT_PATH` (see below) |
+| `scanner-image` / `SONAR_SCANNER_IMAGE` | The Docker image used to run [sonar-scanner](https://docs.sonarqube.org/latest/analysis/scan/sonarscanner/) | `registry.hub.docker.com/sonarsource/sonar-scanner-cli:latest` |
+| `host-url` / `SONAR_HOST_URL` | SonarQube server url            | _none_ (disabled) |
+| `project-key` / `SONAR_PROJECT_KEY` | SonarQube Project Key (might also be set in the `sonar-project.properties` file) | fallbacks to `$CI_PROJECT_PATH_SLUG` (see below) |
+| `project-name` / `SONAR_PROJECT_NAME` | SonarQube Project Name (might also be set in the `sonar-project.properties` file) | fallbacks to `$CI_PROJECT_PATH` (see below) |
 | :lock: `SONAR_TOKEN`     | SonarQube authentication [token](https://docs.sonarqube.org/latest/user-guide/user-token/) (depends on your authentication method) | _none_ |
 | :lock: `SONAR_LOGIN`     | SonarQube login (depends on your authentication method)                | _none_ |
 | :lock: `SONAR_PASSWORD`  | SonarQube password (depends on your authentication method)             | _none_ |
-| `SONAR_BASE_ARGS`        | SonarQube [analysis arguments](https://docs.sonarqube.org/latest/analysis/analysis-parameters/) | `-Dsonar.links.homepage=${CI_PROJECT_URL} -Dsonar.links.ci=${CI_PROJECT_URL}/-/pipelines -Dsonar.links.issue=${CI_PROJECT_URL}/-/issues` |
-| `SONAR_QUALITY_GATE_ENABLED` | Set to `true` to enable SonarQube [Quality Gate](https://docs.sonarqube.org/latest/user-guide/quality-gates/) verification.<br/>_Uses `sonar.qualitygate.wait` parameter ([see doc](https://docs.sonarqube.org/latest/analysis/ci-integration-overview/#header-1))._ | _none_ (disabled) |
+| `base-args` / `SONAR_BASE_ARGS` | SonarQube [analysis arguments](https://docs.sonarqube.org/latest/analysis/analysis-parameters/) | `-Dsonar.links.homepage=${CI_PROJECT_URL} -Dsonar.links.ci=${CI_PROJECT_URL}/-/pipelines -Dsonar.links.issue=${CI_PROJECT_URL}/-/issues` |
+| `quality-gate-enabled` / `SONAR_QUALITY_GATE_ENABLED` | Set to `true` to enable SonarQube [Quality Gate](https://docs.sonarqube.org/latest/user-guide/quality-gates/) verification.<br/>_Uses `sonar.qualitygate.wait` parameter ([see doc](https://docs.sonarqube.org/latest/analysis/ci-integration-overview/#header-1))._ | _none_ (disabled) |
 
 ### Automatic Branch Analysis & Merge Request Analysis
 
@@ -65,11 +87,11 @@ This variant allows delegating your secrets management to a [Vault](https://www.
 
 In order to be able to communicate with the Vault server, the variant requires the additional configuration parameters:
 
-| Name              | Description                            | Default value     |
+| Input / Variable | Description                            | Default value     |
 | ----------------- | -------------------------------------- | ----------------- |
 | `TBC_VAULT_IMAGE` | The [Vault Secrets Provider](https://gitlab.com/to-be-continuous/tools/vault-secrets-provider) image to use (can be overridden) | `registry.gitlab.com/to-be-continuous/tools/vault-secrets-provider:master` |
-| `VAULT_BASE_URL`  | The Vault server base API url          | _none_ |
-| `VAULT_OIDC_AUD`  | The `aud` claim for the JWT | `$CI_SERVER_URL` |
+| `vault-base-url` / `VAULT_BASE_URL` | The Vault server base API url          | _none_ |
+| `vault-oidc-aud` / `VAULT_OIDC_AUD` | The `aud` claim for the JWT | `$CI_SERVER_URL` |
 | :lock: `VAULT_ROLE_ID`   | The [AppRole](https://www.vaultproject.io/docs/auth/approle) RoleID | **must be defined** |
 | :lock: `VAULT_SECRET_ID` | The [AppRole](https://www.vaultproject.io/docs/auth/approle) SecretID | **must be defined** |
 
@@ -83,7 +105,7 @@ Then you may retrieve any of your secret(s) from Vault using the following synta
 
 With:
 
-| Name                             | Description                            |
+| Parameter                        | Description                            |
 | -------------------------------- | -------------------------------------- |
 | `secret_path` (_path parameter_) | this is your secret location in the Vault server |
 | `field` (_query parameter_)      | parameter to access a single basic field from the secret JSON payload |
@@ -93,19 +115,16 @@ With:
 ```yaml
 include:
   # main template
-  - project: 'to-be-continuous/sonar'
-    ref: '4.1.1'
-    file: '/templates/gitlab-ci-sonar.yml'
+  - component: gitlab.com/to-be-continuous/sonar/gitlab-ci-sonar@4.1.1
   # Vault variant
-  - project: 'to-be-continuous/sonar'
-    ref: '4.1.1'
-    file: '/templates/gitlab-ci-sonar-vault.yml'
+  - component: gitlab.com/to-be-continuous/sonar/gitlab-ci-sonar-vault@4.1.1
+    inputs:
+       # audience claim for JWT
+      vault-oidc-aud: "https://vault.acme.host"
+      vault-base-url: "https://vault.acme.host/v1"
 
 variables:
-    # audience claim for JWT
-    VAULT_OIDC_AUD: "https://vault.acme.host"
-    # Secrets managed by Vault
-    SONAR_TOKEN: "@url@http://vault-secrets-provider/api/secrets/b7ecb6ebabc231/my-app/sonar?field=token"
-    VAULT_BASE_URL: "https://vault.acme.host/v1"
-    # $VAULT_ROLE_ID and $VAULT_SECRET_ID defined as a secret CI/CD variable
+  # Secrets managed by Vault
+  SONAR_TOKEN: "@url@http://vault-secrets-provider/api/secrets/b7ecb6ebabc231/my-app/sonar?field=token"
+  # $VAULT_ROLE_ID and $VAULT_SECRET_ID defined as a secret CI/CD variable
 ```
diff --git a/bumpversion.sh b/bumpversion.sh
index f06829a..ed44d7b 100755
--- a/bumpversion.sh
+++ b/bumpversion.sh
@@ -27,13 +27,13 @@ if [[ "$curVer" ]]; then
   log_info "Bump version from \\e[33;1m${curVer}\\e[0m to \\e[33;1m${nextVer}\\e[0m (release type: $relType)..."
 
   # replace in README
-  sed -e "s/ref: '$curVer'/ref: '$nextVer'/" README.md > README.md.next
+  sed -e "s/ref: *'$curVer'/ref: '$nextVer'/" -e "s/ref: *\"$curVer\”/ref: \”$nextVer\”/" -e "s/component: *\(.*\)@$curVer/component: \1@$nextVer/" README.md > README.md.next
   mv -f README.md.next README.md
 
   # replace in template and variants
   for tmpl in templates/*.yml
   do
-    sed -e "s/\"$curVer\"/\"$nextVer\"/" "$tmpl" > "$tmpl.next"
+    sed -e "s/command: *\[\"--service\", \"\(.*\)\", \"$curVer\"\]/command: [\"--service\", \"\1\", \"$nextVer\"]/" "$tmpl" > "$tmpl.next"
     mv -f "$tmpl.next" "$tmpl"
   done
 else
diff --git a/kicker.json b/kicker.json
index 1a9f529..a7e7e95 100644
--- a/kicker.json
+++ b/kicker.json
@@ -3,6 +3,8 @@
   "description": "Continuously inspect your codebase with [SonarQube](https://www.sonarqube.org/)",
   "template_path": "templates/gitlab-ci-sonar.yml",
   "kind": "analyse",
+  "prefix": "sonar",
+  "is_component": true,
   "variables": [
     {
       "name": "SONAR_SCANNER_IMAGE",
diff --git a/logo.png b/logo.png
index 03783f50a774279a3ca061a99efd380162b4af89..96b4ff541eeaba6a8d8e8fc3371995f58b6ef0ee 100644
GIT binary patch
literal 18682
zcmeAS@N?(olHy`uVBq!ia0y~yU}OMc4mJh`hM1xiX$%aEEt$^F0iMpz3I#>^X_+~x
z3=A3*YbV-z91aj^^$%Veq$T@C;i#hX+Z1up!Zo29POSmjTV5r6x@4bmY0{D%7F_FC
z+3Uqt^XZ-2WwnE==>dPo=H|(Zx~Ejc2W1F8Zax0n;{CkC)!!MNb{{h-R^ZIom6~!{
z(=a|llzIIJ#V&<I9jDLaobe1|oA<TU|87V*=e(zPzo+xAcAd;<H__sxRGaG_N1M%=
zrWWso-6LGXI?s2i^XyXisC->?`hAP(vSJl!M^2<Z?^HgLw6lMzU7Dz~@;tS^m9zYQ
zI^9d1`dKV}?X{G<)t|)Mx_+H9x}Mpq*z2m}*u=r=8xq*u%JSAqQ*BepyiXt8W%s-2
zwZ?=R6zMGB<K6U_{eScQ&8FVLlk<W!Sb6r{_;%bv;0CLe?(Khe+uokzd{ED}?#sOW
z_t?_xJ@dbAxgjWUk4<k~^{h?oG4B`_`}5wMAbZl^TVra&cjI5nm<)=zS+3vNS$e+k
z7sHc`u$j^i9td<y*Q~z#_^$Kc;@{hsTkn^zYcE>;=-06~3=9lxN#5=*3{x2nGRXfu
z@Mtar0|RG)M`SSrgPt-7Ggd6MFJoX}U@!6Xb!C6SC?&409W5Swg@HkV!PCVtq~g}w
z*z^dIaPhkB8+Pk#C|RP}v_PS2uUgg{QPaTv5sNmeW|_=7a^#+=;k6YPC3dSx^>R)-
zazsziHK$WF&{1%SXFm7s@4p=t4!k>a?%cbeC;QGD^S`-cRQ~Qv<?}nm=WVAizM8dF
zL16`3NZr>jd%Kp+F;?5VuE~E_!vZsoeH-_8UJzzdSkZbY{-1fMlp?be152sPhp(Kr
z!Ac6wAf9Q=kC|L{SL2uc7hb5&;t+85(0P}o`t|1~TrgJTabjy>;K-Ws!T9f`*TO~1
zes+KjJ9x-n{YD#0Y<yj?Y2&UeWd#<80M$eJ9v&-McK@;LbxWRLz|e5~apUQyO@|)}
z@HPlAIF@qQUtVu_SA5<pjkD(;79^ymvf9m$FALzbWmIHnl2Z8N6H?Xd=B)Y0MvkAU
zk%6g^p~kMVmXlH7ipAFXy&tCAYY8(jaIi3SxF{)o0lDe&jQLqn>;F{j+jC(0e|ZKM
zCBZdo*LG(4b2Kd2#%(`&ecj9Wi5@H)BYarq3osmft@CFp>-^)74<0+#w&E8^|LY&~
zJ3oYr{kgQ>F7P|Z9;Jopuil17{?P9K`u5G6gw#}5t7!rZj=8@dT^3}T`ytyzs$gf#
zjhi<ck3XK+r^@0GFncRQ?W+1z?)u7y&p%d7@KAAiy56n8Q(R!iudmCczfZS!Zvk1I
zt@Oud+NU7N-#cRT1nZm_Sk`xo9cW?k;$&#J+4BG2-`^cwT}e~Sm6e%g_}V{3?5nX<
zWME=S4yo5_mY=J?f9_n_9Wj^VcF&n3lXGJOqi)m|2S-Q7N(;3H2}aH{-@aa7&N$`&
zujuIL*-suU4qILL^Hb`XdA8E!@9(MdHw!R0`u_eEoXJ#UCx7kQwKcate0u7gb88Ey
zw0WKie+$TaKYmT0&$(gi*3?qpnLcfk)%}wWwQy?a>8bHIf^;h}sd3k?S-Uo}|9AeK
z9gP!}-6#2N7w8b2a3JIB{4SO+f=um)8$DE%WIZ_=9+WCDEo+MZ_uBv2Z%~K|7OnX6
zRh+AJNizqdz@ENW^-nYQOf_X*7~rw*pQ+3d4vzy-f7k1L_;v03^|U=TKZUmE-#^wX
zZC>#DnyyXlFOh%${$<?VWg4|Dr}Ns{=*6Cs)zbLm7HR6W7%8&7TH+qC{HVj^p8~fY
zEoZncC39Qt!Oe=s$2VnazB7ENoz;~7-iM=MLE4J{OaDhlMsD2n=lRp82M-=>Ec~~x
z_V=qfukY+MR#H}uydRvErB(L!R_jvl>93Zks;WL*zyF`sZ`+(31~ng#if7#4xA)|&
zJ}Y(EO|R7#{7IKw;CcD}{hRy?PO*Iu3iwyuC%!@CTI}(r_b=Vs7+9_@|2O?Q3k#Fu
z+CA^J!`D6NHNSU3`_C@{F|oEjS?i>`yGq~u71<&sa{rGo>+Rc4mDO5HKLiW8zbO)V
z_tE`gEAxd_p)Cv?tNLVCZ2PpTm*vCn_xl%TUtibJ-*3L_&7GaahUM>KL_|d;uTR$!
z<?^p%{&~}}!Rq9aZ`zC09IA43w|KECGBBO){r~l;ra#lt=;EttG8P34&FuVUEBo^I
z{}p?EZEf<tuQS59U&`Ni`uc!-^WFAWAC*Mr-go9`Sn#Ty^XcDz+0r*^zJ5)-xhZu=
z%}=Andp7-^zHpcQ?Kj^S{i(KkVtAdCQ6Qwh_dzMg%e^@_jcjUu2(YrU253z^aq{HB
zt=ZQN%HBjYr>38o(fH;~&acAiFs+n&pC#)%p7TD8c2Bf^tNP}-*x|ZHrZQt=1*sB7
znL_ibBFq1xTeQF~=VSjO$?D7bAu~TeKG7ra-lKK=>F4KNEp#wSWn*CY_v10YPUI$*
zg9i_8*t(T<{`vOiW@f9>S1og`%ah*T+PdZG;>C*v1qB`T7X&6Y{9;YDI=)Oj$9@mr
zYrVq<%Re%?E3mX5XFq>Wa#5IV!uLdp9e&Cy=7-+XJh6DaAd`Z@{p)kJ)@~Bqu&ww1
z>Bk=)9+ogjV0b!Zo`=ezHIbV?d^|3H`P$~><9sVZe(8Ri)g+_w{@haCeB&(jAA0ky
zG-W?$d9AqmMLW~>J^?0$6;+E?tX16C&Li2h(79dejJg1aLGd%6TQ=$E<~Zi$ths0M
z^RRZqw5n4VR-G+>Q2j$Hr+sQU!;h~kJ3Z#^5`J|?<d#*3vOr@b=R&jkzv}+;&fKWJ
zc>liq<z>EyzrDS!`PruapNylUqt)}!jo~jimqnHz%YDZBt;sEpVV$?a4!^huw{|yc
z7wTE&$R60b4OCLqI=9_wxwbZ1dTRZH1C3i)1Y~7<8=2X|-e@mndNsX0L*<rq&3U(;
z+X;6KMXt#@N8UG<WD=O+`Xk$#v!c5C@Y%CxR~YTv_a*Ds&CThhS3jLeiSoCfcblPL
zRe@Nm00Sdq!-We0i<j%i#>Qq|){ouA((4xdaLzJ?_Be&trfV<#R%3BU2n(run9beu
z_ZPFO^em~S7`^o?3{Nio!s=4i!obmCyI|Epml@j4C-aUO&0Lf8|HKQ<hU8RVj)n!_
z9PZat=3Zs$VeLO|oWZ{0j(C*o#)W(!U+wN}IK{Y3%~@;erb}f!YZWhWcBZ8!%nH<0
zW^oAkyzkYoOJ4ui&xv0fc70d%xsxXicl89VG?}s7h_S%c?8}lx8cHk<0oI(0zSsyK
zT#>n>?Cq?J-?*K#|JT;mmcC(;VP;uy(p!ziA)xwX!{LVx3j?m~`n{v_v)ZT6pL?|?
z&zt8r+b-b%Lu}*b(k1E*Q%-2@&40w{aUkl0_x>46qjRQjXUs5>+Ps4`JT>Iu^Yil;
zhprCm`K+#{c4^u6?CXBdWzJufeh?A7j`f0AY}+yg_84n-x7-UNPZlJcmne9>mF@aQ
z#T|We4{q&l$bQbVZmsf;ZQmYz_|d|^aYni0>D824m4K=fDMlSfle&c)EYoH5;`il<
zFuwTwMZ5o4uk`DC{ZkqCuw7o@x8UBBke{CnTYRkzvzoO`<!&_@2Z+yUv^(AXpjTe;
zonadfBZtm+)@$ZGD{TIs6>AF<n|1lYkC)5mE2*lse!O1)_t)1gl{s^57Y4n)CHmuE
zY{qHLyuVxqTii9|S}!k){<&4jjDhL%WT&T+4X30UV)V?r3#5v+t$dT2t`)W>BJo1o
z!l0EKa&Md6vN5**&15E|u97OI<R7)sE^)J->R|@0An!kHpN^aJ)c-XO&UnmO)S}Cy
zr=!H;knm~x{!dpDUgjq&KY7)>aP3i^-ouOwJk~j_n=&)8=y;!O#O5^K)Z0_NR2Q#s
zxLZA4g26OOVYNfwl{ZQ&uBaXsU3Y{tOgHTEG<`cesZ%WyuNL|jDt7hjFJ9|>Ayd(U
zNfA^|3NyDK)-?V#^`HJ!FW)j=vnPvom%WX;v#XTbYpD<`D{IA{ABJ`Rem>`_<m#Sk
z6`yDYDtv_1d=5N4J$>Tbxx7=oSXYL0Reyi?@Up-C(JwDAXP(|~UM4fklz*kh1uoM`
zMoTp`^kyoFmP+w`*pqq8Okd%zqQs@ozZZB_Gp==F%eZnu<cY&S10mMk_nNJ8&ClLg
zso1i%O0sU=t?Q|V=8ZQUw+kCIY|1_0^?%jXtQA+YGEAgaglK6@^|G+AIB@J(Td8zc
zS69STeLX!r?spR>#C7!a@NCI;+gt4S|KH!jUtcmef4RLm{rrQ=7sMlf8i|}L*{k$+
z&DsY_f=+ejGMj?;>U?_R!hGKO%C6-HYh0KW68>zx{(bi*+Xa6PJ}sI!eR}#NF$J-1
z-nzoCiu(HNkGL%eab9a!^LJ-=cv8TNgvr0(OpmW?oIhW_B8Kmd%$mUS2c>NCj@D^w
zgej@6=J@mM?g9R|<ZsW9<!@qI6n1727pRCmZLna^h3Ws-Ud-qz+pw}{qO!YGteUyG
zIKzUV>;tI}yc9NUJN!uB{L$KZwGrEkZ*R-3cs{pWYtClDj}PA_F-r#?l`P-s)%@g*
zQo(OO_Wdufr&XKnX;`|UvYPL}Lm?)G4SO!U{(bss(P=)u_U1i%Y$l6wl)kvY$StmC
zvdSkjrcQdIXw99R!1D(`7)6VRo9Fx}Q$OZAE2~7hU(U8`W$^M>rFD-AEmu5G;7zwy
zJoSB16!RXf0OzaElR2v8*mt~BvsHGS?z}<PPF_a)+3igr4^>Jm@c*m7Ua-JICM7Lx
zQ(p7bsiI<fF&*#s|DRVlbIqDHT)85gGhDUG3Q7(gN{vr?ztCVy#?@;H|1^V_J^1+e
zxP)O+i{p9sYH3EBIY%B$5BA)`uxY852;2A8w^#NjUd`fuE3)t%^Cq_aH?3~eeUN#y
z-L3Jkd7i&p5{rsK$EjocPt9(eA}7_m>`lPxt2;iL$Z9PW%9_e0wN>a~@1BQ|=UHv^
z*kknAZTwEgC-149JZVzF?{B#-Zf=h*E_UBh|KD!Uo;??~WCpXavM$WLyo`f~r)B;6
z^^T1p*;_Pp!j$%VFfNsAmyIkmTqJ+*@ZA0R56|5<7ySG{ZqFW@i~DM;x8&XydwXlE
zvx7s!#doK&dd1ckbt?pCl(cc@eN)Ql=2}oA$b0p4`-Nq;O;*3{wrq-Mc+c3kR)5E~
zuLnQ#F`idu2>aT6VC&X&{|_w;95aL*Di^NzVR@R);>DTpvopiylwO<L+NQ9zO}gRT
zKNqfj_~^s^D{|}%{l^<c`?>A<xwY-Yo9g-P)@O-?=r$zn<k}guvo9d5E#gG;=D8eU
zHS0QSxl%+=Oo$IDe7a<7Lwi-<wFhArr8t}zSi~+fO_S|+D=8D)l2t0nX)-Ay@!5g0
z4PugEp*v+9GLAN1=whF^;E8^JcI3ecnjt4NLl#6hzCC(^QDNi8rp0S7q&S|{oua&Z
z!=nDChV!lMlW#ow?v=y9qIR3*RR4d?T*jEZn}XBTk010dUl<@|#+9{2mCs~n5bLF)
zE>JFAa>gk|^hAJ8c%;g|1s(_5+b2uRJD1eaYU9<b=)cOPXqm`SuFH$$EpKo=R9cxK
z6SBg@<K!fxS^HF290GKk{GYSMxN*qvS;*w=+#ge55p&1m<nfF9-#MO4N^@9vNy&ee
zOO~Hu+!Apm-Q^stN4+x6=;$bE%iWPZ`k_R~*<;~5?W<8s(!`Z*w@XL~pYTu;TQF~N
zDQmQc=iO=Qj7|(JX;+z6cr0*Xe(<-tKu~Ue>wLXG%&kqeUli7gX-rx@aiY5Oq5UZV
z5o=65B}z@1<ZR~VK2Q>DI;9e*5v+L9CD%dc$>F;fcQu`Fa$4#d<u@_%eftdtj#X#G
z6v9_5xVB<pz$(RXjRgU#0wPqL8$<dIDM=P_cOQ8A>Egyzfi)~l8ds%eJkEVm#1NgW
zeIqj3F(Y+fua{|*?k4UhR&BdK6>JebaB$lqulzZ@PQ6#=EaLjBAXM=1p~g0k0ud($
zmNgs;_FQ<a-1KQP)6#5~D_N!?TA??s7+ak{Xl)pGe0=<kn>QU-UUOJ@#bIHP^TJCG
z%K~OEVdMT8<B`L%LG<HUHHV_5QZFly2CVwB{dClU=Gk)M3ClDlt^T03T;dj&6chhf
znImcaQhpo_2i8O}e7LW)@YLm|sh$g_FnFCjaQU*ZoSd9h)2fhch42-DYXTNWtZV9G
zRs671#v_MiLdV)OMn{)j&6=nks<1tPv39LyB)3A-)`r*%x+{HJzuf6kNl4FS4X+kd
zWN4bTlvP5CYf8Lk#5|TMUa2!bO#dg^>GI+8=f$y%D*~oXXbf3rVv)Z-zak-DxnXbb
z0UZ~G;8hdnMXxdc#LwQa*@dGs;=rnRhmuq;eb#adE7~aRlmzah|88S?YTEe8x$)EC
z#!L6#y?d8&VL{`;4hOBRVnH*7f@TUCEj^~8RIowNA&E`tLdMn;C#E`TUC(Ek(y{h|
zj^M^k+)q43PiRdDR}d{%&%QQ`Rgs}d>mrla|1dQME1?xWEDk5P-HnTj>-qLDc$Mk@
zUEj1MZ}V2f@X6$|ZV={9SY<aMK16BFFBLBxosHZZ6leF?L`Eu14Epq`Xq(|p>4^di
zj#K$ry*L+`WOR5fZHiiZO|kLQ|Lm<%6;)M-PM_|+s5Vdaa<gh+!;CCeCvCksZ(VxC
zc?0=4MgH?~ei4{(p^LlR{ju$zEm68bo4d8{bT^!DUB3B7%G*`}hDO&mCLfOlo74g#
zrB~Ff2+_K6^X9?Jmxc54@_Lk5Pfp2t;wh>zY2|?@uG=?nYnnXwf{J;})@3RG;?}j-
ztf`Qxu(;W9-nfo2uxQ$rrnLvdj<nBiHU-6#y-0$QjK)=#FM^IQcV60`wN>icwQB{1
zg^iOZ3#$lm=H%ok2)r<#pcyLlMC8=hwilPobqc0&Bx-LmS{Z*y^9_@#ih^0y#>q}A
z-Mq>KPic#Pm2uf%xNt6Le1eBFWE*$Lzv!wd=fn4{30vJdb*d=HJfY45&p($=V-Y_&
z#pBc@rOgKlCIqBMGuFJmxlt}Vdux<Rn#aURi+6KRIMLO;?5k`~S;(mq+HNsXi8u4@
z`kTdg=PD%JblYSs(D<@#iI+7?=GLga_1>2m1J+%=zJ0?AlNB7(PqX$PZ}wWc>O=ig
z&0~A^*gSdiWQt%9pJL|L2O_5gBxkqY*dwHLA&5sHrp4w9Z&9L1U<cRwNuLU=!pgrV
z@*DCuM^_zi%a|kKc6`a>uv_(sr)Tf%xUf6YHmuLjg;`;R*y06t_Ka4y8SVz|^Qlx$
z&iw1(`h3Z!x1JvQN0#2mNjY^@bZy7f3x}`E>DI~|OwE+;@YX%hIm5?R<-qX|X7k)K
znY^~L+28eWbKCjw%moGUAJsPmnG{w;vN*UhO>Nz@=fNex#(npfK0h^G+y2M}cbliT
zmxg2(e0Sy3JM#R}z4!%-1!`wqZH_qMS6DY|Qh#!PiRXfi%>oN`ZF{7$_MFl^wC{Fi
z>VDQ3KD#$>a<|-V5@2xLI>F)P|6h07zD{(gbWVJ_exIH0f=`aF3{U_2pVvJ$^97HJ
z*Glo<7Th}}t{s}Y_3PivBD+4f^cQpT->SLo7bstB(ldMGObhY(;oo-0+8X}a_5n0r
zw%em2Yu1FU42SZNYbsj84R*5~ewwYiA{A3TtCRaFi}&$@V^0%YjKx{1Hg+Es|7#@f
zF8?Zv$+kx2#kDKFg|=C}V!xGzCr12`PprLhPdM&ek`n`q>3o(IIm}PrGEKePp*^{A
z-~FeYEqM|S*N-jn(d@fd+v+nb^Kj$8z85ktPMvBtc$KMES3hfQ@xS_mdKoWYAK5W)
ziI3*K-Sc9;?QUEvYWL#SgpKmdpuss$rjWx;r<_@8w=vf~<+;iDrPFbuPiyjjmB)E)
z`_`WG{<QyTZhM`s%>nZwDZkaM=kEC*Y!w$Z_kGClW5;H5sU5eB*1g_-`(%fQp2lz6
zRWr43nG}IKR=YhM<RwGy)lcXXSn=tFv7MCAzyDWqc>i_z9rv`2e;u@?bo0RzefI<+
zKK674ueg@+;dHNx%Th1xIpqQcA0x}-Zy3jXogTmB!1U+yoWHGapJ3YG-CFx6AwAa>
zH1ac%VeSX%OKdAR7H(SQ|8@E)w!{t=h6fi<$Gq7!Ge|AP%FQM{yQg+Dql??ROOscJ
z+$huBcSe4ph@ziT&4shmH>L@GRbjTj<FEhQR^@=;->51fCWRHUDhY2cINax93Z13M
z+pwy4>clyr9r^nEUBp~Zd`LT|RC8hL!i$$%B7YjyRQ|K%(poDkA@rcbF?Wx|)rBFM
z8=m>-2>mnV__R}|#@67#0x?I9h6T4g8#>Jvyg%)merK`t=U`rMo~_~xMO;sB{JYM5
z<k{<T)x1|4M|$MyHkeIfNece-@oGG$)$`}&pB<C+ITu^K+k4{Jvh4qoEbXjTi2>RA
zP7EwtyIEFrH1vslv6PV9WNPsDQ+Qj*vLoL<Jl`>0^YZL_$F52RSO0Q4Vcy50cgO!I
z|99<Q96P!yBJ5Uh=D4=K4$3x(`1w27=70HI=J}@&9#iyv;INn#G^QbXi{b8#yBBW6
z-LKqsD84IcCztjAsy^xUU0;{&f2eni-S&^d1LN|KS2MQUs8i&d`1H>o#s&G#ocG?p
zI=!OL`uye%@3Mk!zAtZ{W3VK)_SB!0c!s7d#=GkdTUB#Uv5v1xoUrex(^B^S<J!MZ
zKmK^&`RCLBru~cmXMQ(u*7iS%+G0s=^N+o_<`9&(zxjV(_RFF_HOi7QeBt?(we3?y
z<sa|*b<i;*bm6+<&LA6)6Uia&+V<imo3`s||F((dE3laIvy;ssAla1Bd6kv0v(nY@
zc`q%U16Ex5@$ZpwjIZvc*>>Azay#9wk`8@-|NN#6&rY4@dj5trCPzYwrSryzEBEZr
zZz?d=<K8=Km(q#bjb&36K-t2b#iwO*uWqB?3130xnNF=|pFb|Jj@|E@P^PY5!c$_p
zNWa0h-uCcKaaPfD`-LAg1m>HWtXFdb4Nzw=AA4ea^wRlLY6`)LZ)Zl>oS68!Z?olr
z@Y=r*-YX`?#4q&e)bBg0;2c+&RdCp${>P4+p!B!<R)c2N9@Y5oHY=G<*VT8i*haTo
za#uze@8F#CrlsfgZrRzL>$P}Uo#wPe*jSv%iEbBGR&eZX-nYV`<R?$AzhC&VIql7B
z1&V+DIOx~^J#Jb|@B2fK7lvd@T)(b%fOYO2?R9T<&(}S^c8AaAtuqA}9M>u_MKz0^
zebcz`aLk92Z3hp<?R!vIy1r1|yKVCJNi*x`TFUgijEG-8Z}0ZY3X4CusYo##%=Tqz
z+rqRgzB>7nR5eSL^@GLR=4nLU4*zH&Gr8AY|FgvPr*D(GFCNqreRX0|w!lx7$r%hR
zrIR^UT&dkw8u{pj<fFcWb>DtjFi0y4O$c9-5_7#FY~F^=kHS_wey}%OW7=v?MgajM
z0~3}N>%R3?9cK4^!)nDdVeN%S?W^?{BxX$5A{v>P<Gr1$^oi!y9luoO@-T96tUCPQ
z_!EKdH3qBO<ym6-`jiCbsT_T~L+4m&X>Jt%Ij6W*tGYe28CS-*nlLaiIXlJ2ekj^@
za7)>{s>|Er{oUq;99$un%_yH771ARfvEq`#r$V-i3>+M*s?Ox|+~X>97x%wg%Tp{W
zCA0VAq(a+#mR*NjBMJ*I>hl{d2-rAZaKjAcfV@0CAt9j&GiP=lI^^`^`EzA`bAG3Z
z0%m4r0^LU^c&HSVm$$E8tvzSXoCA+P>ikp6Fp=6*^_6RV++L@&G_^~YFDp(zsW{ck
z`-<5{iEByOJFXYEcdzE&vuDqP7cU|n#}_OO>b!C#<jC>k%DTF|KP!Ju5c5n-PiIe8
zPrqS(V{zTzUl|t`Fh2cP`K--H&DqV3?b7AT6X(wDJ#)q<B|X)7Wss7&xp-8s*tMkW
z4i}{zJ9Zp6dzSazyLTVHeQTRMIk@-j>qU!{jvPJu@aN{|Cr+Gca9Y@K#E&UDI(pCF
zbGNHbr#wAvpsd5@niX3ZefK)Q?`vy=UEh9Iue?#Ez4g$}rFUyD%u3{O=oV~nTYT_y
z`guW7(N=D8y$6qWcDqe2FD^g4!f^40eYMprtgHvmo;{nxzh=V*fr}R}?x^~z)%UlG
zhw~$++tl~B_G-8B$Tod@dwX%>;Wo9^Q~2fWj_AABC(fxqbw%^Tmn-u3G%YP9r|ZWb
zdl$R=qsg<C2Y1!f)EX3ia{2Q1w)nk!_tHdprh2vBxDjz@cR9cLy88$8-Rlx#!>_-K
zHO%>8Q1ar!!6#+!Ztv!={8`!a$t?exjBWMTEBZ$wBP}W)scfs;E&4KZ7n?<+L&NjV
z^O~>s$;@r*4b-%H{`bwA4P_C*5rz>~F#&6iv>fJNs3SgW&C+g;)9q$!<(MvHZQW7*
zU9ar@t=`GU{bs#Qon=#M)W$2__U!EJ&Fhp^Raw)|&pB!?z2C7cZCm6m(<gHkEB^oe
zesNi@^fjr|Z*OlmEV&SH?B{=*@9IuYP9-L57Te1o?OLiGasTwBr``rxUo>vqyt#3m
z^WuvSPEJ<u*d^8~U-yHt(Erhye@EvU)p8x{lkINfmENRfUwSHJj#Xt>;Jus0>5nh_
z+h46bt{=0bVQ2iAtJ*(&I33nrO#1r1zfjxRyzM~xT$_u!H|7RP*Y{NP#m^7Bb2Q`h
z1BM?vB>&6!ZemPHPfvb&YAVND`K+*q><xGCzjsSXQCYp|=g*%vwwKG_+Md^clv`}J
z?+?ZYPc}}jNIzjc!?ai|DLFavYT_EMd9#B*Cf?s&&9B_nYvB2VG2!SX(HS<GMnb~E
zy?U#|Ru{g$rdwn3R{6`jd(z%wdK)`FFdyj4wf>NH+`RC`1x1aiUW-plI~V-?`P0gI
z_4{qL?VQQ#7r5+&KkSg{sdug~=(F8^IUwN3n|r%hUuGQ_)ah+p!>OQW#<$q5@6fsT
zWl=e6LVvD4&SGe2C}CX1Bc>mbbFuJ2=LX>y_m*0(o_^`nsU3fBZz}$$yrKB{xx|G1
zjUAnRhNo*?++32*yf6e!$mB_UexP`duXgsw=~rcDSXb+b=|;6QH8Cwd)p_(x`6*5R
zZBc8*et&;^{8i}cvt|7E^tM%)dtBc)aru=8f0{$wN=*v3x*o3*egCpQy>fzPXs9zo
zzr6ji|89TyFMeOF`|E(TX;#XW0F^h_4M0Iqo_BxcrRhaayQXSrX>F2VOi7ut;dd*y
zxIy6^m(BN`YhrBd=KN7KGB%!RFa6&wG|fk+-<h2+@!}!Z30_Oja2{~WDT!x3Fw;1F
zL(R#e&G!#42#c!{=lLr#w{;Ga<zlNU)}0|gV%J=I<QcT@DW`(2F0Z`LzXK_yCj@Sl
z<{ZBvu;OCIhU)KmXJ#34Uv1pG`&-h#JwG*cbhdCXE?K%%QB95Q@qOw1jny5UeFvB2
zn@w#!W5yC49o<uvAF}mJ`HhPPIk%4NS$j?CnRMl{B~v6`Ub=jFW5GYC?k(|3+YTKu
z+x571sayAF{>u_q1!L|rhE1Ku;%<9-n-1fOt66JecZ+>2{3up`f|-pkAt%?q>WjuS
z{kXnYE;lY3tclqvRJ1dZ?YXq1?zcy+-9Ku+Jr~>G{<r$u<7a1Q_k1pYd28vdU)8_2
z-<G`H;i4q?xN80}n^w2Q2M;#0>;9Tpt$acBtIIC8C-db~6<0f?MXVP5bn*7`MY)e_
zoa~kuO?}Go;8?G;#jnd3wJHzzto<)IUHQXL_4$j{9$aX2wkY{9Au)Nv#Leu5{*MaY
z&#w+G;*U1VZ}d9)Mm6i!mdvf+zIUZ+OYpK*)Z9r`c?(+$@c5UtrKM!FdG6MX+pS?X
zJ-KUFv#!{3;Hmo=o~pT0mM^FDdY&>}CEH`~D%Hzoz3=|PS7}GhlJ?yE>idKJhqH!=
zlC7<*zHq#flFgwdAM3NSwCrYn?TnQ3=)R^a@LNU9^^(%$SCN|vIB#vqY!=gv4%n=>
z{h3vQTZ_Abm6eok)E0vo*KgmJR@8Ma`2Vi<lnqlOL-Tz(p7+1*6_gdVH8(SxMDcQQ
zb5EQzr{{6v@rkqMoLaTk@S@?4qNiNHzP?TmI~2RSOjm@f_2}<i&dK5x_k7*GRA2wU
z=sxp>@FTux=IY<3A2+q@&hK`*TJOBjy0bFl_4}kcCQyF4wUeD;+uIv$^K7dRT?;es
ziwq1D6cQHx_~fMUpQ10~e@Z{D7y7#5wRA!0QvO9Nu4ZY<8qGLx{5pH_v$Kx3x8**3
z_l{3)eM<82GiQAMd_Hd<vA@hV+xz#b(A5PWE;w?u9*S~jaOm7Pk(04tXUrbkH@UJ*
z5{5-AY&<dy_V)G_)z!h@m>JH@wH7xtG`z7t-@Z@ADyby;`<r{scD27QeADdDmSL3n
z|FmN2m(30556=k8ix7`A^zhgi)h)eo<_pP3i2>a&UMe3vnf|}_tG>EeLQ@p8U4M2Q
zQ%9fKy+`}2|K~-OiFF_4;NfveNKjzom+SfQqvFrE+xZi2Nb=3Acz#Y+=0<fx=<#+w
z-lMDZ!w=rvx#+h_`{BmbtF?c9d)p0~9lm)fb<Liei`Ka*+SttbbnmPygWW#68NV)u
zu&}c`D@|OmV~2#Kq@=~)=b18g6*EfrvVW63a9qCr%!yO?ca^^0w5`VQId{p68;o*t
zay{#hKK^)NO{8(n-e=h+nU{`atggOtRbx-ZN2a>Ex+^Y6SMO}Oy=|hgOx{wZ@W6`;
zD!(|g?J`@-uFX8V+3fQw4+d5(-btI6^vrFN5I!(j-M?qwPQBO}(w!DEe1HD@`EXKw
zzC_6WEm6AP-rYRC>To-sbl29`*QDl1Z`;28_^b8d&WkT9yvdmHG5Mu$^o7Ol{Ck~J
z_?Tww&#=2E|9@ZH*;VfSauOf+3(m01wbK4-Wo<0o$=UgV|AYAqa|H#4+1v7*?(eJh
z{iN~a^G^x;M4P<3`&#Yme_vj)$$!4xQdI`;b%vaLoMxF;F)9xp-%VS0<Ky|&T+c6e
zg;va&)Beov%j*ECov-cwFJIZ(!`bk0_79zRGYen!Ixu8sXNS#AdU0A<TDn^}QN3r~
z^^-?AKZ~D9e<PtJ)M-$DFUDf0#D0UP|L*?YQT)8m)uiEScKGAPFXdl~{tMcYe_w9*
zw>L?(y+@{>*~6?V#M#C#pEv2l^h2jkalP-YJpZDoU*6tqHE#pgKi@wa>n>NtbnR$4
zUf4fz%Cwfv&(A4o>T+)UxN(P2X=~`-xwCgPtxrGnI;bZxdBJ9v76wn(%AIp(9RG2v
z=l+p9F^|`DbG0&Ya&m59QBqQhm>RvO#Bk4^Jv~~FU%u>g?H1oC=N+7Bonx5vgri5w
zwkuFpH+tKVH#;{+#y)rb)14LASu6ERB3A8B&<@Aw)|C+-pK|^A_*`DXvPebBJa3Kj
zzH8U6x$Tc$TChQI!T$B{vJQBAww^d+ZlikR=5aZOgyYW__4mtK{kCj)$t8cx_Hdf#
zn^U6N+7)3lnYE^JvDe#Vlvr-;m9VY;mQs3F&bE5Prz-0W-y7ndD<sP{o=SeSq|@!E
zAdjR`%hl3JlP0eU`H*TPxg<za*}m)4kKfPkZ+UlcSr)@@{&&ZZcnT*bCns<G{r;BA
z|Dt>K^Q6n(y%c-W^)}!9U}K@K!QOI)U97vCUz)dloc-kC%fv6fbFFLn%HQ8P`bf3=
z;_`g?%_Rv*NlL3-)rIY6oT%#E+1<^3Z~hm%vRre&rFxUZ6crU24<0<2_EV|!{ngmz
zdd=}6^775WrPHo4Y>CnZwSFf}YMS1uKXJ;O7V(ez0@Bjm>4oRdY>Mz!n;gjJ>~nEP
z*xI<(xV=@8a~S^Gs$^tjw~DulE@wG!chc>>nB11{pb^o1ddW-~S67Ly=3cUV>Ep-!
zc5UU%`93qPSnpPsr0-oL%<yRb=Fd)VZY*5v$^W9){GP!q2CrQ8V_dqTzrMatH>vzk
zVN>${=G_b?4{u-NNCkP@supSUya!j_FV}f@LS^#FGjZvU7aXf7f3iDt5o6&_86K{p
zW7ncZf7`BeXq@s!slqba?RSC?!`WG;#xI>bJ3UjizqI|$muTyk=rhZ`C9yTAyYpcC
zq(sSxEt#i(Z`PKV7SG<+e$>pMZT<T77gH}?x*_P`<;8Vwu64Wa>}?S>dpnkLCOlg+
za}Dp!9DzrVIqqC~`@NcTr<gLsIz#=7H#n2e7G2!1I8nkhNn}^)%eLC;?~1l_e|CTR
z@-jH=dP!lS;mWf)r;pp2$}?_|b@EgZT6|hUdrxF!<d1i|-(T2QTCFo{`wFjCd4{)>
z-b|XY=U8*6@f1tY%;DL&C0Bob-gtAvm1%8mFDFk{^EG-cbm7XA5S_RU60*0;j{N)k
z8#E<Zpi}wy7w_Wrm)9j*FBWTg(Y$u8Zc|fpk6!ubW4@ceibp3;^U&DzqPzO<uTq{j
z_5$&1e{fx8(~T9ferfomH;eNN$AzuIw)z1|%IkOh;yiHwzP$AI9FuBg5iVA-v(YV%
z%<K<;eSN(}Xa1CoJ*BsfA3v`1Hs`_y#?|^Oqt?2WHXYvT6Ol93t97n*S<;US57*4|
zo_g2bn|FcM)&D^()vvE#o44#)xIH6-Lq>+iG@baQiN}r{KbrjG!owdwpU?lA_xOyO
zj0nSKi<Jxwn}v6uSe<h_cJjio)f+26r%gUQ>1s&J7M_)pG_Fp4_)NjgIr?tqBkNAn
z7KRENIkkEN$<^1_ZHrJpGtX4Iolo}C?@Jql=Kg$EIU%R^)au8sn@sBd{Y<af{7!n$
zx`Kj|71Lf9SvX9um#seaxTr|+iPz`sNi|_j2c9Oq*|9O>;wIL#daK(xA77qIzW4m|
zg%j%qtxDg0iBJByW>)u}J2soQXj<R?@iVK@Az{*Ee_t0LAD(A5X2+LUu`n?@wYM#D
z?G^)#aPMulZE;duvu4eP{P%WY>+Y@Ro>k@D@S^MC%_&m4lQwrfc%B#jmnC4CT5HRL
z7wg>%-`p^)+4;wN^ZJGVzD)Kn{PpIgk-p0|mIR+Q)>bJ?q~Bka5RmwAYvsS}Yikl?
z>yD`#UsxY+&%(wQB$al4u66sap0>PS*DLm%m@sQDgHPF{vXYV`OFSnFR4NN`PuFWX
z;+VAUn5wE;=!fOv94sHcn%DXLet)~(xUa~Wwbkk1shLYtS5I4i^>pR;cd;=R#Rp#$
z<$tZ=7T1qIvZwO%g-xm6lhadsF0alGm+x+^*?YOsFq1WH|FoN8Uey&93AeUn?x_20
z#V2Fcu#frotflvSrOiVx=vbA!NGOs0x%20VQ>TpHzMenvpx5D#`A_~w34&VMJ$jd4
zp7p!2C)IeCNhT9hTE^3rt65!Cy%%20$W~*V;-oZjLHhZ5H}+PWuZ!E?Wh#Ab!>_FA
zN{V)j`tkp^HzqkGmuZz26>akTeso(6^L)1TXT2jsLXK#0oNj96E@@gXAn~K%%H`5u
zS^=38VinfkWC>VST4<4RV}s(c9?9m*>3+#~kCnO|P1o;FKmV`WRX{@G#45hzMR#8v
z{<`Az8@VO_UoU1{vTT`@tntR!<7IC7ACz>bT&raIP;f<Gd;OU=0wJm!C*|bk8fJab
zn6tM)%x>Q?>!(x9A6;~<TX?viy)I?z6%mb(#`pK<@4xtTPRyKu{dIq@KU<oz*<nTQ
z?rm=V&Bu-$xl+kgFpWd;%Hso5XDP3)WeMPlkB`@hN~$U7eY58Ovip1X?D^n!-8_O<
z^~O8Xim$Ii!}h(EuleD)_07CwO%V~P{1&4!Ue~}t!MvE=iPy?z@0wj)+Hm~oqM4i5
zDH<rQUhz$cAwbCa+!D6pouKx_np1U~KT0p&_Cc#w@%q}><FBe>cbC?#-RG4Pc4u$Z
z*Hb$dUi<o5LBlaw{BEK{PMK*IL-@KF!<#dX9n-ybZ{MQyE7JLU4!*ioo_GJ?wYAZb
z`I<{FW^Bm4Z5HMzZ@u^C%3J2=49st=akD9W!_w6~vp0J4=FJ<EesU@OTw2D!ez)LN
z;ZLs3=U60M8KU>!?c&R|N;v&Y7qo^%`}&>L;p?Pgk6k{!Iq7&s#e>P`Z{~7rN_{N$
z=H}kx52nluT6yGO?eC41httBY&$LVamHnJCLw}?BE}yC>tABqk7fiXoXOE3e+?E+%
z#UAH`|GAoCaqERpL(pQ^g+7sAStd-K+Ipg6lHr$ISF<m^UK=N2mt%3Lj@Q}8r^oSX
zl-~5mM?MO#DT}_E{zKZbNagj%ub)&;e?0m;{=vV$zpYf3UCa;=7H($!ES_-EsjPe6
zuJ5n<&ds&nU#7ogwe;?%8#gaIe@MRm&%*1H-fP1i&#(V?@Cc`H;ins(*K$|C6P-Ry
zk>RiWgqW2-ZSs0=Nv<%;i{0NEeLerL`jlk1L-q&c*Xe=EqlT$dML&K1G;zX&24(lY
z4YxwJ`2IG_xZqH(clY*fY3+Scjg|AyCzn1>bU!RmX2PSW>wIBfa&<*zm7=k>@b>(>
zW;Z#uCOmAqe(Fbf7aOnCf&HEKtJi;-;u(BlU9$C_&*!W^eE8B3w%Ro-OY5J-SNEIk
zM@23OGO*8yx_SSb*{|}DQ`$jcwv0AaUrr>*nMGSm9$Ip8vc~d>ZT#|mr|V;ny$oI+
zdA<JsyV}K%pI&^pdTYF*h6cxa<q8`)w?3)P(9>ZXwc>v^C;H8J^(t04QTvkqykqYe
za;7OBILa-)dJl6`Q*(xMWw(oxPV_#Wd%SzHk1$u)Kl&|UTV)cL&Ld^A!fo5@QW>U#
zoiY~OrS^3}m7>B9d3k!PdmVj`UeDfdmQnfb)2BoH?DYv-tNSet-_##As6SY9O<OFR
zd(Ymzk@;pxo_qSF7#MckezDJ=HFPcG3+eySQqt!6F0;*YC7$Nq*<o1s?`e8iT-&n)
z)sOEVo*rN8xjXdw>z0p?k1ux3KFxZjX7%%Ex7z`$lC0mqYS=t4(V;Fho1s5hF8rl$
z{*671huwM1^L7Y`v@G5)=eoXb@2V|pwf9GLPSp;-Ci#%vYg$A8tv#JzZ}C~}x%ibg
z=Vuu=TMM7Tsu({%zEY*--@a{KJ5SMJqf_iwmIGz_cF7N4zwb`oFMD|R`+cXgzRT$A
z>(~7M`~64O+NX;zmsM>RJ{M!r%qgtCr|k1z9{~Y@2I2kl4KkOer}9*$bL_kQPj=3n
zITsc!EtG28*|hJ9NyN*E%&DQ)OlRW_<h`fqZ{&E)tor-g+Fw<o|9*Vt-;#g--jZD|
zN`l9FrQ2U`U;lXVO!=96*E$|_yz%>RoQzG$g(qi&vaDyB<#ru*=UeRm-%joN*1X47
zIX8AJ%(+>x*sZrmYyPA;pQ?l!=5ZRdo~mIva3bmI0!QW=i>J<i-rxQI5VAb`&_a3s
znR}K;|9AZR@tpPh1;Nk#3JMJJ1>ExU^K~LNFg!lq?_N=1QD^mKvghq!-x)TH3l}Z~
zRkSTmiX8u5KcBn1?9r{Q*%8~zWZ&J{mn`z}{I49bdv(8aE2^qqWfUKK@bmNY^_q+?
zj2eQL8b<$>Sv&3SJY}PqJf5DO9=^V=mrkqLRQ_V=<m?2MlB|xCEj$FSm~hOCoA=?%
z7nj9uy%#nlI{*0jbLO7te#3y(S3P`uj%-dp4_f8<;zdSG?~blNF?S12uf4U+>GU++
zi+d`If3W{hR!}&Qv+!u+BwoKypL_W~=j7&|J$2ASZ~Eq_6Ty|dZHgKqTsC!oB+B34
zJG%8m_KuQ=L9IU+h1fZF?Y+vIduyAc$7cZ(-aM~N>x&sCZj#?DWcXAK#YIFMv`qDm
zG4vl_J+0SKOIde0$Iq!U^(|pBKX%*<)n_!Qd}$%$*ZZwQyY{5lW0r!QF&!?8tSpyp
z7kPQ=X_3ZMFAf$a4wk0tMlMykZAUp88X6WnYxdsN(9i%{XUYg#8PDXzz{0}P!ob17
z!NDjXARxe`prD|@;^5%m08&qk!hpvI)MGzXJ$iF<vxbJoh1t)ZJZX`$t(xGcq`>lF
zmy(VSPyN4T_0jLXAKUNF(a->zK_J&EtZp(DF*Q@@2wLe96eJWhDR{!9Sxslo_=t##
zI_gb#))6~=@+9ZiS67>N@3xjQ$zX7IcmHI<$&qEucp?S7<a)YZ?4g75d`i~FvkPy&
z+q*0I#)ia<+v{}q?A?2EvMH!FTU1=EIQ{g(pp^$67AS~yKYZ|jq0u2g`PPb{l@lgU
zW?mV>)#}8kH=TQ70LR7%9(Q;5f}Jim*KTA92ncBS@Sz~*&IZ9k|3?v51?v=L9*Q4g
zWDr*KKX4*Y`Qnz$-~tPo$+xCWpWZ%YipZ%Fe}DfQw{Op0tA8cSbe>(U*G#>M9uJ;A
zO)X69>h3=L_V#wcQeCd){&U-$7G9WL{$j(z7xxxhM{UpRZR3@mb?3g%!iyOK;^OV>
z-{lpQl$e(Px9C;MoOo}KT%6ns`vvy*-h5JXa&mg`?wy~?|M-F}QERvD(pz^iLqJlp
zv$FV^qN3fwH(&i{*f0h!^E32R-ckIV&*^u2(6ayEp66%W-L>`REuE=e7ncMIpZb!z
zdRpSACnwon|NL;6KQo!B?(f&@R?nXnSt=<je|$SFzwq@h-Nm>6ee2k6Sa~U>Wedkf
z2|*1Ju9&@5qQAer(^jrYHmto?(j#Ljv~S<O(s>N4eDzPAIB{T({<DND9f4wkbqqJQ
zSIbwGylym3Kj*OcqQI`@2QM%82N~8QZQD2X1M`88@qNh&`x_&+l}K*dwCT*fW7g&G
z65doN8|HnnxORx2;kH@6^K`%14~O~f9n>ZZGOfr0O;fzz^Op}aT=g+q)U(^5@=wZ|
zxV=(Gj~;co^!34+nZ_?JZf*B;3YDuadw1}HqO+i|aPqWYPl_zd-rj1x@NZ#9Plw6v
zTKyTD8Rnn=Cv)@W%@&4LT;c0t4&GjvuWYBc&ujhezqjAcFfW(;^yyQ_k?DsoE_OGp
z{FAczy0pA_zhZOSgKKM})vg9dM0BK{o|gFY(NnRV|AiCP4RT+ZJbCiu%E{;POWh8f
zp01yKW_Pm0bN)=prVEM-L2C(Duh!1V&1GcJTFQ0P@@B=)PpWw_`y1!i{pk#>O>{rJ
zAV6b7-rrrDcD*wC$Mv6k{@Fig7Tvl&V`6f_pY4x1`1s6r)f5&Qis{C*#Ml3uYBs-K
zxV}fqmaA9VTyOSF4Lv<KH#aspn~H|N)!&uv&F62bNpVqmc7Arh?`(5N6(K>U4J;s8
z&SZ6iQ`Vn1&y=vKFkoV0I`H_T#^<g1_vH?^@gDxe`nmA&G2WcpyLij<?k`;X`@8V|
z!}ku#X@{?CnL0IeuIRrdOH^tsemd{Xl(i~9u;cr2P|IN6ym=e8ZDZ>{-W;RnURGxI
z=<(yimzPv)_J6H*Q!yw#6(VC_D5IyR*K>P$*y@dWcdeox=3m^!DyAFPvMu*^klpEj
ze}5<c`tlOA!D5<TT-TK+A$x!N&9!L_TN|BtYKmqGM?zjoO3H&~Px$~p)u~B8b{{VM
z`YZIzOk?)O#>Op&;^q4K`d(aLFJH&|TlD_>UvhqWep`O>zq9X9cJI3q`SARyGl!1#
zN|!D>+vMEz@$|>|f+x?FC5%!yq|EbpqN8tbdafYC_3+`t#&dJ6lP@lE-BI`3O0CwS
z^I}25-(O$dB$Mj@zb$|BCr|yY`=bvN55Kswa<Ze+_Kh14HZU@OIR4W9LVZB}sT%F+
z>y9jT@8@8gA)K{U>h<;Y?m<aHx%<xEHcLKyj2F}od7aJK>cqn(+j2SGKl#7|#x0f4
z>kZ|<zq`A7GE2d)E15EXUuLux2QTwKsK5W;A&&)K58uA+U3z+2((iR|**?qNsTa7u
zK0ZCozN7zmPo}ZPWpSOzhV%CSWrRA9toU74TzvQ!@9T>Ti`h@v%r?tyidw72l5no@
z|3c<=jmt;Pl4Sn>wP@p&KK7$KpCc|V?#Hv)`34`GJGcA{TN@Mle0d|ogYKX43HSC?
zx^asz6zq&?X={75d+vS7GrOO?Hf7uD(CgNm8@)Ynng3ivQTe(birMGws;jHl+}|LV
zB)#$87yJ6(!u)bJ3M>hHA|fIQS5Jj*spONl?J0YEYv$iuW@cs)8wwcR`el7*s=vw-
zIXA~LczJ96ncvADF1pLl%;D$c<vqIU>X-As-p{TF%~fove0O)ZyQS@$*YCR}jnf*=
zo1ZOt`ucTutG8ItviTN;O#%&;0&;SF%MGvOt+oFC4%GD1DXX36(c;=IzR<V&RrZ?b
z&3vt`t))RfYX8=PHVSQ)aJH1;1GQlN^2-*f|C!GhyexBT)SLU;=NtV!y?$Ryb8~a#
zyV?f_8mB}Z;IFQCsH?M6WC&K6emXOBC+B4K1^M^)iS2jnbZJ_Dy~cOuJc0QQCr+HO
z@?_u^(`%SKd2%FY`MW(kw^aJcS$8g3qH=0u{f&zTdoy!yZFgMmH}}l7FmZA5p4kR|
z`LmoBt}s5#&@FhNnVnyt);=nKmV?59E&a=8=AOytaCCH>vAsYp_18gp{%e-u505$a
zUff$<zWMs?WxmopQbryB?(SG0zvD$m#j7nV)8=n`dub_m>aD5T;T()JnmRf-PHm~=
zetz)s<;`CCB|kbIUU8nv{jlQar_{Mh4IhP%MIU+DdiddmZ>CchWSdCISk|;mi#Wq;
zZ*PBUi}CXF3#6`}yqd=ppdoT&Z?So5)&75fSN(Cjd-ty4=gl*>NO{LPwe!j9gq7dk
zmYeyQMTXm&ZD~;C!<eEXqj!H7*GFypzu;d%aj|i=_1w90H7`G!cSO<Le7XRGw2G=~
z;I6oDvNyzerA$^#oBj6YX7$utZ*OmZEy5V_Nz%f?BEdmptGruXo}H1Ak=C5*Z*L@1
z|K;VEZuYP~nq*k>cja`J{Z(JPKt`#l1TEuzVZY$lvAw<0!K-WP=dCp6Q;@YPZ`itZ
ztLyrU+hU_{l_YZ<IDY(i(%U7MbzU9Pa_nBi>fz_P%!fNeCLq^5J3YOfv6=k^@05vC
zX0-hI^T$dsdP3ftY&{m13--@Xy(%p!F-g7W%+CMt&`)l$%=ACSuR>QIbv@d`aHHYe
zf@iN@MXfczvnR6nl!s+yWo2m-!;z$oN7p-=@4M#C@c++W{?vQH>i(hL_MY8KQaBE<
zm1Mtr`{vE6uWhk+S8#T)@EFST@ESfTs=WE%Xl75Tj)%9?;%fp-3CvdKcfE>h(iRHx
zuU#3UrL^<et90hzo~PGYB%<U4VmEBvtjcnLt;8wrE}uCoE9;fHj!y2g-yb!)Fx^IP
z{W0P7y*Ju!fE*aVd&iC&kHj*pQc{E2SBr49xD=gbabB%+I-8?SCU4jGSLd>pDn%Dq
z$XHlgAHI2XrT~NVmDS<>Q4E_moq1KCrxO$$yz;HEkhRjzP!|TLi}fkl8Kw6pE%oL(
zrzLP@fuh6TUtcvZzo=nZ^=Rpzzfaz;F%eHPH{f%1b=~svX?irz%~p>yZBcFvCDzyP
z>?z%RE6+?%ukVs`;R$PJ1re@ZxzpD|n8jpQ9eSv#YT0VGcaNBcSog!b4OO3~&3PlE
zv~p`F!;3>zZ*T8if9qP*{k_%Gjn*bF@2ff={qf~~zo*MLpJ`lWFzMK_V^M#k`jg}g
z)fgBut~Xj~_!JcxO}ui;h2h(`Zyd6#>aEu*WeP4@v}l#<-}`&Js~Us4#dN>SdmeqU
z-{08Scy&mr8M~6QlCD+B#jLG6D*h>@Rs|GH@N0Q6VS+%`+K<nC!46?aIB`L7N@lcK
z{>o2<u`VtwOE-7U-Yxyqicwnn*UAMgET8kT!$PH}M-(adOxKTp^zZKPDKBe(eZ6?o
zdV^>3tG@#Na@LXQN?-Pvu{dn6`+d*;d%>%at2@h|J$;(^v}@{=m-6TT%(zr|^um|R
zYiDmibL-l2|9N4a^KEK=Tu3UF=32HeU$aR0zuT0bqFk(RKlCnO6KYt!TH9{^cgxgY
zbIw1zu#Ulaxz(=P-(|Pfo~Zh^C{8UWIoUaTLDw#+)NQGYqt=Rv>&2{?#9sgDh-Wv;
zo(ZR)-q>0!o;z=u@9bA|K7aXgB--}=BAw0k_y1XmuG@W0n1O*u)@sVMtIyBQP5)?n
zv+nm>^PIa|rW(~=dlR`O`|-{gy<guJ_s3?e^EF78J1TL9?R1RxmAbz_!|&{`zyIcM
z?Y}>jQTzXWoP6x{UB!;W4-=03cMF(iUH)s%$=^IeA%=`5IX48jr|B&CTXk-}`TeBF
z_qxUPlYUKkIpt-Nw4qzST<!)rD`wGvO)*!mte+gCcl=gqHt(}wjhVjItERN|)<kcc
zab0Zk#EFfppT#abt4zOPJtZ@L-%qvNo1&+~u5@bHuIFWBIPl`);)jpDWiLFuax!?v
zzl$YHmMod^c2?F_sl>#@iuyCZxBT1}^;vZ7c_+<TrulBO>waCyoLnY(DQoME{q^>G
zb9Nqhac@RLXTtoyk9EGizn?$NE?jHskFwL-Pn=uAx9H;Pc>O4&(z3E+kDhjGUVeXn
zZ~xWR;ljrk+;U;y<Kz30_St+(<-c7&#MyWyTJ|6MZ}ii9*1UOrQ?<jBu6>F8a(Hs0
zv!ImJsTF?l@$t7V1Tt*MIH(jRm|`Nu+b3h$G}SxYNX>ki6sz!>sBK*CeKLk8<rW03
z{P6eN`;Fz-<8IX$r=K%<@y$BthJlC73f}eYd@_f^<Lg}0SkJKB+mw2GTI4UKxVX52
zf)a-xOAAifTyoOvYn63AbeaXUT>R?Qt1GTnT3T9KRDM#ioAHHFN%_U&KfizdPP$!w
zJ0U;+{F=!XHWA%x3je*SJY}=~Qk<f#vh3U2+tXzV7H`-fV7>2tV`}#d`=)ET(Tk(a
z4;y~sdt==Yo_VHc^7C_Znmu%!3JMHz4g70QoIij3*Voq@D<7xbssXiScE8`Z+W7Bs
zV;$k{izoIA)>(g)PMv4{|IWd!E3z}LuCm&?W*Gwm+kMcv08=BG&pdhd?Ap$^2Uq9(
zeZAxR@x)ulFY`RJ{&%{N=ao4}vom}0|9yXV)c@ZXw=H~Sh=;egb4rTJzJI^6w`5*q
zn_vIQaxE7ZgAhCCw>Nj4cPDttSABVt7+`UzuPyP&2f>bAVy>%~iHVCpesr{3!n8=_
z+PZZX@5DJ+EDAm}oRo5KT=*~beDXc{X4&ep7jxqG7MULFm2J<yzRs{Hf7;0u4u1aQ
z8@9J69^WRrrSk9WAD|{HTkC$2z182%cC3Fq_jdV(-PQSP;`U1Q%iE`|J(!Z7uKX%W
z1k_-!tNnF#=T=#nTv0ar=_gY_d-ck4@28eT%E!z9F#Xi*qU0D9B=m3JPxIAgHGf_n
zpJ83Dw|dj>@9&Q<s_d3{`Ze!C@5aZ+7S;XzRZvpY61LhkE=~^Am{+!!U8u6^eR*v^
zpRDzQ(9dC2myi2P^@ql<Gg_m$C8zhxmXf)jFWb#)+gbcP>Drk{i^?}k?rl=kbvCFu
zQecvOkLTREa~rm9Z4Fxu8dZ*4y7$oD-`_txZj_%Wkbi^IOF`hlm6yR8Qg^Pb*r%tV
zaiHg=alywsu5Lefe}B~%x3?P9_?MHD+puk0+t#h7J7V-ixLBVQSx)g%Eh;LSFl}1f
zlIfm1ioSB4`&YQl$u@BNq73oPf=mX2T&+y^Yro50tKYltR^G4m+VuzR58QuI6tq(0
z@v*+cz1ikEm)6}ZPEWqJCQ?I3$K~>|U#w|Ab|2oD`B|;Gtd(uvujOX@XZ&YPJ3Fg&
z%NCQKn(`$_oeO1ue(i94ZFl$j&(AmKKfd#_IP_cIpD&;NU))-&Ey)zY#ni}PoPO>|
zpRIL|T>dO>X|tS!rLS(@xRG%8S7||!VZBXrzx`hc<Fqpj(@!szZBI*0m0Yv>(=zF)
z$8R{Cbkn^5{>MF~?@UvCHvX%66n^ax{}dgGUul=kCG0b6rtX#IUo5{!Z(&qYLgCIB
z9vKUPhvA0|OKx1y+W+spdL3veZ1twPy1E}PPxycM@W~*$dSA?ERlDDBHg78Z$kf<y
zNod}@d3i#NQ{rz6NJw-%R_|BVusE^i@9l-f>~k#Z*<`KDOm^y3S6Ayq@8gNyp1<_Y
z+3RyGs-NY|y&<$FigQ6u%=^d9XQRy?Ki@E)H%~h^PbY52jIH8Ho72t;l-cmq{`zjX
zlJ~9Ew!@vl>L337e*c=~Xok>=`a+*Sn=9N7>u5!EYqce3Us)m8Cu7^Bd3pH^*WJ;3
z%S`KRek_jsF8AQ`Pl;dO0$g0&9&EOpANgi32OsCL8->ZQr<^XFdYfUzf}oWJ@9)|E
z`T2Z4+uBnh8CSQ7s`<^~a94NVWB$pu`RDU9^P6XGPTQ2XIYti@6#H)e;C<?MBBaUw
zXY<JyH#e&<-DUrG@yjW0yM9dnxFxV8Zf{kqneG?;W4E^Ei~sumetmJ=>Z_0L?X9*b
z`5?e2Z<7;Zzhmd_hl?fU6E7@qEGRGE{$ux~Y17&|Iyhwhy)?*+H9u>+qk8>2(0GZH
zlhcJIo|CisqhixJ7ubCI^a(Vt?cOi<@L_X1$9|E%D=Bv)>hjB~g=MWvK}%JdnwlQG
zeH**&>5n#E=?`aj<@3b7uK7{P!a8#qlQv`k(9qCuhgc==^Ye4p3sj!i-Dtk6<ZTn5
zthIuM21jFKBinX2eGQETJbX$MJu;SGxstW@-i0?uj~)eOw6(gmJ6=C|k^(v>05p#H
zb;WBdC$(*Yi__oF%ecSKc2>KIdqF|LR+g%(873Z{o{lv&Hjk1XPna;H;kaS{N2PzP
zlY}NSFz7~YZ&*EBTSivq;hRT1^V#fH++Se#>gsBCb93`%=@|k{D-<W3Oi8_$E5pZb
zW@fg<Y0A{8t@muJU(e;z?zj8<JK^{_*|hY!nLcc-PK*;hLUND!6@y0F76v#hzBt9g
zH8NUS#em6);cDOI<^GSGIprnJY%hNA$0K3Tu!onWlyCi4KZ(87-;XU&Z0313+dO^V
zxxB5Q5y&jdA2oJ%Kfee!|J-D}d1Lx{xld*S0!$Tm1tcUqq$e*B0j=}$Xy9Q2na$&D
z$m#X*>#Ox=<(|!MXb^BPJ$&#WqjuO@gBkitHcZR?=d0zjGAcG)=gr^yRjh5l^__%$
zmYbhncqi}S;J~p!tm*jUhmU8<OP~4va0@^0J66ze=K`@sfs5TDb``C>XCfajFZ1uI
zLE8Cwu}h-^g#`qdRyg&@SO%qky*=am@drOnK7Mg&Dfi<QrYtP$nd7qk9kg6rToS(g
zcXQ5BKK85kwPC>phex-(95@!Nb66Xee0^Ok2QP1`h}azH(CbEG$6B*={_+2PvE4T5
T{vRO*1_lOCS3j3^P6<r_Qw&@S

literal 15516
zcmeAS@N?(olHy`uVBq!ia0y~yU}OMc4mJh`hM1xiX$%aEEt$^F0iMpz3I#>^X_+~x
z3=A3*YbV-z91aj^^$%XEB+72xVUe=pQG&Q=;hMDpEnEx3GOiwcvb6rf5=GC#LXjA5
zzJEGlvN3Z?OAAC<4$2Fpv#Yy`Yku6f<bu*M?*8wE_iWq0zhiDmo0=KsFLR;f_L(I@
zNqYOW+TsKqI1(9zjW+jGdU_q+zVF@2*{}4DZT|E7-x|iP35E&^LdRz&-Z~<EWb^E8
z2P@}W96GhhtH#eJ^Ac;P{LXb1e~#^Zvgv@aa+=v>l|F&)rFvnzW=!?%t!T4Ym1Xsm
z+p<6OT=bl+S#!6(KN&Bf_d@%0%yQE%5wVRdoJt~B0v$!olD52F5^>@}<)P#DkAA5Z
zX+BxiFfp0YG-E=n{SWy+^VWvWnfGbZA<hNgj~3b;Yq+3yA<N?2_l=LY_%%E*E?8Rr
zXRDgQch9QDi(UI04(2|1v}>_u^?|2+27gjcEPLbS80EB)W6%7H=1&_JMlYy8J3IQf
z%yNE*X=zjUG4k;>eiTYw|9j8w_0@U*zioN`o!L0DsQ2la>4^*s3~Wi>?k)`fL2$v|
z<&zm07&r?&B8wRqc&~#nqm#z$3I+xS_7YEDSN0c->^!_Ix@!~57#I{7JY5_^DsH`<
zo9+;D{Q9x^vA>wS-C342D|E3Q6|2@iA{YHe&CS=O^Pgz7?;F#sq~k7&12-PM*P+p*
z8knQ8z~lYicZc5XldsV|v8}pXT;SY$;WuaIT5ms7oPKVO<>84QDnbG*f$9%0=_+st
zF*GT7FmN;}Fe-2~u{6+GV9_s44ZXwv>XRnM$G9;$2$c2)e-|#$Qe(d_Ti^9TTyla(
zR+_D)kf-ljDaRG<FP_-!Ij7;4%r1Pz{Bh==n!=Z?GYZvq9m=<r=`~z7SJ{WBH2ccl
zi_5MzuXuZ>|LnnuCvqOdaY@a3v7mXg<es-b3s$A`=(R8Y_PO&&!{UW}kGk%a|6hMZ
z^nqiRN?Oe|2H&}7SF$?@gf_Y;9o%x*e}Yb`&bx!xUFG$;f9#Arbi%=X?Q>nhDUYxG
zJz{?7vtaTbUBe6K<!(jA2r)EWP&s+ibw<^r);l&<F?@eweJ?DXXezU&=StPT6-#XX
z2nqH7Sk%RIWt|-V{gTp^-xL`+83I>VPMpzgda&?>P{)*0_b;7dXr6uh!0N`8x7yf`
zHWkV2pWU!P+)}h|yXl2vbKdzCtUIpGsKDW?DAX-DJ+6a&eQ}|t8hhr_uA>KT$M84T
zzFN4m+j7f}S1(t!?>}+i*9Dg;o%hWxbNN0vTU*yW3+-oVP%zPF6FRa~T){+3czN<C
zEfcrQikYt-c0V)Ac$UMb7yebwF)2;(T70i-&cY3c-anodk+dM5xmQBflc6I^(MF3|
zsFOve;J{OcDyygqmoGB;`*YjG=Dv8H)wq25+G%Y^S7paV^|=>XT70&U^)F^E`fRrO
z%JCOrWgj*e2majCx-|91Z-1S2>SAF(YB#h?x@|9C6ZBYtlVPEu7>n)E$ud8Az1vSW
zuHMKe<NG!7@O4+)eRi*AzB+u%MZPBPs>F#SLY#5So;<$u*n~x0<kZ>UJG(jAwr*<Q
zxpCep+lj{Cg#~|TEI#z!R<_r0=VtCNC0jfgI&SGReA;m3vXgPPoK0@egPdFr>tZ>c
zFD9>d3C)jd*esa2Lu9(XalhR3X3n!~E}lKkw(Hg^(<>9wGj9}FuRN5$b`8&mT77eg
zm#-%<2$Y61EV+0mNWP9w?ZYNxH)e0;-qPulH+2=fOVm1d^x4U+{624AFt}$YPd)cF
z-$$)(pJ4wd{-{O$JMEZ$RUHV3pUu*sz&N38qnUWDOwYwjH$`~g`Yc$#`rk33`GFnI
z4?8*hwWrNYUoxGQ?dQ$aS91IP&K=%#dZUJhc(}lB%UYWQmlM{vvo!ojVSVs8uTo##
z?oZ6wix>LV7hT`e)a#&guzvlf4d4BYCV8J)`t0L_*GX0B?iMRANOySaAGp-5KT)?v
zpGh`{*Kl#Wbctz-umYokN!tb=7S4MTdrr9~bsQ0z!f`rKNnoLihLdBa<R<RZ6Q=1q
zB<*7ev~1#vci1-Lb&=tL%S>zU>R#FPWBHafGT}-=8}*fBFQxJClzCunA6=3c)Bm+3
zuEtIA+5GO61@gOYNhd~?o4?2?_GIX|)$O9>m^V>CvT~`%N!^35*9hJ5*IM($?R1OT
z*NPX{k4W9)Tb5P)!t<Qgp>wkfD`rG$neLsgEdSWbVx!#t{XQp;@8Q;0{Na%LYxj(V
zq;&C&m6fNaur#dr_(X(j!i><K7gwC_)XeP;XFbDu@TQ0O;aO3Kub-9qWwok*<!RTX
z78~!w-*#(?_LS!rnp`=!CeLpTZ%d$O<&655p{(vpH}>ipF6m|FWC+~ud0yAiCyVjj
z-g8IoJzE8gE1J)i?v%K^NA6Z-)Jj*5Nt?Phe67-%_ncFE>B|Dk8MhZQM(vE=r1je~
zhEFWEcWpr}x0Tg_^M@y~G$=4ESg?fWyik##)Z||2ldfL!>1&s_8tUd;ICeNFl{q>y
z(vq)zUnhe~ucz<Yi~E<#YVSVq_W8?*V(pDhD{@}EU-s#WGABczb~_h;(&oZfo@uQK
zGM_d)eVH&RzIIE&)_|M*|Lc6zuHE->=v+}W`PZGJEXh_@8)wb65EJWf_BYn<xIU|K
zo>sN;BnE-4LK7pJRy?tZshHCz?b+%jd-+;hyZ-GPhwlY#tzhV!>3XB!?bHx!SN3RU
zpSQ10-LQzz6H0!)^aYpg9I<I^Gp?U^etM4^R91PO(mHf?`AZAoxyn}~z8l6@MK9XF
zUY94NKub$Y_xQJLLk{1SZ)~3Au4`|&C->m<jGaHlrcX;gIrDkPsrvkEiFc`efp6z}
zFmN~t-ehHpshQH0e15a26t65#slnD-W|Ja=)Y^TUiUj%Ybsb(g<BnHm+_I_}*N@LF
zG+FTFj?fvqzf6^>?`v7Yz85uyGk^PfC2Cj6%b+UTj$3_=^UP*h%vdygwdR)7rvzul
zY8mIp&6Kzv_iTa5eiq)`o=D3F8HGDDUS)9E9r>ZZby1<w=8%>XEipeVXFA1)|J2*F
za39~Cp3)EJUw?lsJWoY@!RFnT+2$!i42%2{SFCSN^Gkd2Afe~Z93hnxhGKT-^^WeH
zelsH@^T4SG#~v0uNIc!XR!%&zlU3B!LE+Hm7MU$YM#(BnU(Z$wh)vleyx~xhA=fAG
z3#X3C$cVZ5fDAqK{N<v(?W|HWUq4K(Ds0XBdVFuA_r;qA(>fjmo$m<!Af%qHY$2WX
zIIQNV>aj>BLnYy&3)ha$nP|9v;abCgwKJPz9?rgyw*FH~f!U?Ty-O8uGH^6$HW>-(
zxi3jLf4F4l&s*1@Kb)<nw}yG@oz7DS&MR_Gt;-MYZ<nv$ZT#xkey_8~`O}l{{XKvA
zQNr;JZU)9l*Mb+yF$6xpc<s@mg}U;&Z+j+8h-=}IbaWQxI$iKS)lBO8<AYZw{G4#$
z-XVc?ZdN-a!wru)Bn3)xee$|^=%i0(Jd3fitwg8m`#0RFLJRgpaKyLG?wi0MaO8h-
z){=HUIk5}+;tvCNefj$TXKGSR@43ds3(el>&M4pcR;QxC;DS?z)6s_xKI<5wnv5!L
z&vv@GaF4gGvQ6FG<}?4r*Q}6Xta<%0;ox;p-Dd`h$dr7h`&BkJzIrZ=BDWhNnC|qP
zZeQrZQXZXr?3g*bw(|$oq(8qezB%x?N9fA+#|KW{@;JGx=t07wc5V3`3hF5$3pX!c
zdTBMACj*BQmsm}0Ns+0$TbSUZ)HQZB6T(;$9X0p7^_9@ST)O^z`;w4`<ug@9>-NtM
zVThNO)9Lv-bzQn=9B15<Ju^j5h;$?@KOY+9l2KjIG@;SZpWXgT+3^Z_?U|K+$DSnJ
zo;qD%N~grsvkw^#-?mz?d~xB@dq-boub&vZphjh><Jva|E?4P0?0&yoX}gDqEkjd)
zs9rm>zO``0tXGfxYW9VcKf2E9q_R}(!1a?;CSDepez>u}nNvx)Xky@}IEOA*p(QCI
zi`K4g4YK8Cj?JBs$yolc{%&)CPNU(GjFj~i{LHTy1zLnm$~PXERhPHn+GM-Xa_hAc
zul3v(uh=ptaOW?pTR--#=JqMkGCR8arK&}tx#P<sE3;MX=8wN$p6os^RdIQM1CxWm
zt3wxWNvvi!Yni_Ci{^oPW3LU*oJ6`LyBfBxWPDayy6VgC`R6x%(6I|&X;iXhr^L(b
z&+q;lZDhGVZ^=XkfflQc2G@=+`p0|m(kX|mDwi<LZ84pWnUcnWAF>j<G<CJ|1$J4g
z@Ug0%I%<~jE{TudZgU(1CxfHGk$`yV&DFaX*VeuiY(IRtYvbcn-W;cAO0rd(Z+2C`
z-L;Q3bE%RHXLtCk3SB+%!_fw>Stl?EuyFHy*<!ePx%DoS33hkOly`ElJH<JlQAkjn
ze)?cbpWoCsjOp=DAKss#v-DKPvz)ktVjq<Dawu(l6Y$!E+d)7FlmS{NYhJp{EvSAp
zTtUm7VV(zzKbtj|^oy*+_dKK(*K6<Mc2^N!Fnf3Fp|4CadhBAqVjLp+G;`k??wD%3
zqv+7W%Sj4N0TY7~EzM$jj@|ttwDM)~?c0mzPTzXzsi(?;b*~LA<fAXfR?KLZ-1p|i
znrpi*3p6N%xWtD`+kYu(@84PSesAe^VZpg`mX}n@@ENR{o4i!>cygd+#oRDZWSH{K
z+h>;cy{LI{;?s!wB+d<83(MzkY~<UQmmL1`d+l~%1tD(_298C`5|dVRH_X#BnD&Tw
zhN{5B>DlWg&hq@&6}e!o@6nlU9czN_^qx~-ROp!1v9?uFtgO7rg#X@uBkzJwd5b>v
zPCk5adhQ$Tzx#gYae1*kRbgNW6#lry{OFfyUzaZX`%{P8|54Etz0>zDaV*}etMyea
z&-OgnEH86;>6&*+wZHNY_gX9sf6eG{|Jk;wZKCxyKFM#2e3%>rLRs1mA6)URFC!!9
zrp63ik;ezlUKh}|WX@l*zS;1smY?#oshx$NE3G&g9Iu3c<8n23$r1^cb?Rb|;!2iX
zN-fPv;qC5U#`?cvM&F@JMnVitD^}i!lt_xwmR^}@eQ5H8<xc_*ID|_to*njvRb)!H
z;HpKs4WM?fPkO#|$(FS;4kqCm$1Yl*TK_ZueJ1Pa{whXy`E-N0l90p|i!{R@+_@8T
z<mgdFV`Jgg*47i}&%4Lv$$k0qH6bH|L$06QZa%-Xv~)yd<iR_4WTK*?r0OM-HcDh>
zW_oygJEx_oUAlZ(QA2dWiWM9(eC#%I{A@PNH?C}MTsl?t&6_s~X=!1P<2P;EWVB?-
z5(P6ev6U-Vo;ZKnJ+M%)r?)pTF^^F=SlA@v0s|i(--WAJ*G{sUI&GSgvNH3_moHD8
zJLi^`rnYJGrogbcwmWxXJdOxSeBfEIem%dpw|7Kz^x<R2*uH)HW?*i<e&hFDJ9bDI
z8X8u7{UmB+WUL^<b<q6T;S(n~n%Vd#Rr!R~Y3}3ga@ja#?cwmRMUKj<-@oq`n%I>4
zJxJ@%wk6%lQ9GhS)-!Y*P1;lSlPfVXaYxlxt#z^cj=iYJmd@^xu@$PTtNZZjQ`6S1
zTW`rlBql1(v#afj-k$gH$VcIh?%w2*n&W!1h6xWCe*FA-@Z`zPt71O#pPrl)ma(q#
zdHE-J-%O_H=;)Q1o}QjN3Lmq5dvmXO#R-kpR7)%Cq(@IWUtC=+{^sr5tG5hJojxrn
zE8E-A!EuLke{-^X-$uRF$<zBJj7m77w&$%avi<)4cK@E5r!j@IP4b%Z?(X)?KN1;f
zQTxhd+uu#RFIP_GE!eedSB2<*ue6)y^OhwgM-(l+AKO#9q0B@1MTYi22C*qq5)VC8
z*Z6%vdc(}6cGGxsLTs57CVG7M@X-0q&Asf){pW<;K5g=I_DKn&6pmRYnTK}uJb985
zv#Wx0wppH2S=zR!SEdOc7<#15`S$77Mt+ZYcYl9><6m~Ix&Qw>{rutM$CXzOTm8Bo
zs1v_w&eyFvaoZ%6-FsU$Zrtc~=>Mam+%0$c4!__3zi)=PVb=dgelzV@laKW@PM$2h
z`tkmmpLoyBvs)c<FS0oOVY__YiZ6Zfd#gl?|C@(r9S#p;a7p3}`}<esyOEZ@)US<e
zb*(CIYlI%RcZz#h5pvYSG1|VoeX;51=PM@hDp*@fYlp3AsF$zbYF5W^<MVB~mbSJ{
zR%Z70^1r{oZI9=+*O|57Bez$c!Ee4r??Gm^<YzrIJNo+4LfJ0sRpj{{ZI}IMz;w8c
zCwS#Y<^!KpPa9TVN;z`;xUpTBiqOM*d#h)dl}c5WylgzmEtb9HBlCfCZ>>K@&OTr8
z;)3FosfOFDj0Jc6`SZuidA02A@`OV(IE$qB8)Xz)O5ESqcxB7p@4<lqYwm0<owR9_
zLCaFZ30oPCxExP-(lPPI*5v8Ojz!7Wf1RReWF)lMz4zFnpWP-_d^VybT(MRqiC=?W
zy?9|Dd~42krm~-(Qop>u%RkXy`D&5uLdAs=wpk`g$;mT$ljZCWD*Si!s*k*S@J?j$
z#)5}VA|eLSg2x|!jObkJqU8ACpTnA{onE=u6Y?`#9>z_5D_xnI6jM28QHUg8m|I5h
z`bVa7t7jg!;E~K`toZlGa-YOE)_HbSt1hy?d-dv6hK5jy4TtTnF9(``^RN1{G-hKB
zYgc!-sTzZ%Wd4=Eudc41VNtf|)_O%VHL-aAe^N7No;vTnd)LmenT8*o`D86xTDip*
ztytkv$!PGzaNl)?f{%|}b)xt9yuE&5|IWErSe@(b&N}r?(q`LT9U1mxzl+Mj?jtp4
zxgD~ywD!&VGxgM6Mb|A^m%TEb7eweBn`c{X@cH)46@1^`-fOR9{2UMwu|km1!`Ig}
zB}L^}y=7eTb%CEILbJ_t+ammatl&2^GCFiZ-#zT~Up_0Tmb0^`u3z1_k5PHIAj6X7
z%aaf8VU=2GKYw|1=f0`Of2SsKuCwtBUB&aBZP`?ro<nhI*<lPWN`lwc#dhDA5z%Y^
zWZ&OkTDiIQRbMow=|;7^QhAXf5Vj_QvC&~;Q+9T?vDWWfSF>l>W^X&TUa=rw;oZHx
zt4sdz$y$fp{`>Fi^!TaU1Yf?^-XED3k|J^>$&gRZX2r$+m}-CRE0@>jxcqw^DYl8r
zOZ0ozmn|0`FOF?pcjT$@z3B}T8Sd;XW_SN@6Q#-@5&63QM6bY^e|2VAOznI!hZZ)s
zi%2(1oRd4Ur^E3`y<lh&Z}j#Y*UFtm`hknxdRKj|(~sX3vvOg>G_%dW=T4c@k~@2Q
z=9YI=R#6g{7ZvF*h+(=@v22dx`n9VomnJI<7fW7se(66kLg(1I`(>MUMa)y=pI`ci
zC+}U}h0B+ntE#Mo9tjHw$t=3`!(LUD_5S%kak~6VGP{>`)Cu-JT9h>PROFrn!<yRK
zi(4XtZ>~DMb|>Eq#e<3!zrJYBGRs|Muzv4e+nQNFA6z`_ZuI%Zt5=UcJI+76uhCZL
zjBY|!7S~3Xo<oP6R8&<Trd;q`qOx?us_ZA1J?`wO6y96?J#6)Zb+Nm}oE8Q={=RE#
zyK0X7GUcDjum4|6pZVftGP5%CPv@g;WoibOo-Nw&=WoCZ#~Qh)U6HHe8IqEdC9S_R
z9QZc(_Qkc)<`R;jeDh;sVtRi3sMu5Sk?DA!++q9c|0*xrzPce778X`?da8$tk*v{_
zgBNcK7Bf9tka~LBhK(B=r%e-65#ls5HvV|O{(s`%TVL1czSRz2cjTZm`@-eRzn|n}
z_;BpTiXMi7oiRL8Mk^*U@JJi-)c*e3+TG3l=Iz_md+ZD|tjqP3l$8Z{*bBJx$tK2J
z-&_4{QTq9LMekRNO`pjy$EIwP*SpQ@wu!l!Z$Gx{!V<3i(>qjl2+!@zv->LgO=*|q
zr@~)Pf3N@7`-90xpmX8cqoL~=Y-&&4d9+`>pg*Sc*~f|xU%s>~U#@QV|4;FeW5*ty
znQ8n$`m^Y?zYh*F%iJh$xZ3+&{zd;(`?W2tuCCub`P!MawY9&zy2_n<Ys<k)s@{>6
zn_KU4ITsXcIFlVdox#G&`qAvn`v-2{maegrS5;L#apJ^**3aSvKOQ7rdn$LMp5cD&
z_qjn~|HO2o_N+er|Jfh@wYRsp{r&ZIs@?Qy)5N6A^Lnmkhb>M#+}5-9UE=mbAAWt!
z-mzoH2{Em;v$S{U#_A?i>9g)U)Wvpoali3}je)kUvwO|9t=3>*eVU|_DysQbWXTqW
zJry6DJ{~Q7v0%@{j>8WR96ic<zyAN;L+_@$C>`9l_jknI4~@=jNpE*;<$B)c>*KQ_
z>#J7B(IggG-Xyze_x6a!?k<~ptK*6y!)LK`hj)B@yyV-OU1e{(661Lee_44svUL4s
z<IRHd;{4|2=B<@?@7~>5c{}aPtE=9s{Z6^Lxjpj@<i5YVfB2{Ib4gigQBl=!29uq~
zj@&*Tz4T>4ZEP-2eopJ$|Dksds&8E)bAIxt3r7O~S&4+tK6Tz+YiU3xW56%p8p+R-
zBEP$Zi?gw@t;y?Jr0-u+V&ca-Hz{V_&ZU;m&dy)HCAnkYKD%dZXIgives0z5m$N(6
z%+7Cei8*3xndma#`D$A~?mv3|Jpb<R@6u}fey}{<!~C<xu8mK2RnX)5?!G?0eKLPl
zA3vUFU%xI)x<TiT)UL$8&%W-EE0R5*JWtusRB*apyi-z^(xT+Wg~o5xRu|ni-O{ve
z3g`OQ6T5mF#cFDIeAeDJ{rAUH?F!+)e9xRsO^X%bYVGLmZdT*q<V-BRvq-f&AwB*0
z3yJ9HXq}iX6TU`7h2^*F9(Ln7d?HYJs@CGj&1o}C%f(iI-qTkbs~el-uI_&9I7>W#
zSjOsrsZZ^7kMI2a+#u-)M@2<Nh)_H;GxM?c*P?xROD`VZ`6=tb>(15_XToh%Z=Cz+
z`@%3eSFg%SYVq7|%_*@D7k`<XxLKv_=qFK8o7GnwD=RJe{uNI6SZL!cx2yE^u~&0q
zcbBF<{aTiApK;|mM<3ZnyOc*uI(z<bu<=M7cxBV+*%^B4gSWSLU`WW4De^~;|Ec~S
zzw_O}Ro@tx_}P*kE$K8cF}ZT%Yk7`Ft>ydr^&-~aOFnHnw7yyD(SaMwX52e0J9kg+
zf;Z-FFU?o(%dI^oUi$M;s!h!Yfo?H<r}J^PSBsb*KYkpkYc=!7RhMhoXLNOS4f8Hp
zy!kgZa{8_vD<ldF3qO4O7Is>ErT2Hesi%T|xR#cLScEQrDc9hl<XBZ@HEHtXi30N*
zjx2H6(^uR3;zh=up30Tejz%qAy40v$an+X{Ve6tg-`(Av9m8<<)#ryPOPa5@iY{l-
z-+RKXf7#ckam}pp^S@S36>E5QcJ^i~$Eqx=eY3yGzL9-n_;j}Bi%VO%U#HGx5cu6S
zS3GI<wcL;@hqt%4r|U4}=c@Ziuhpsg{_<>u&6X`&E-Z}}KgKj+)}&QM%{AZNNWQzX
zvw3s<{Hr^ZgEKQ%-a7r|!>0ou1P`xX!hYmw(S`e`nQp%e-Sgg%)k!5?{O~y^<GuV#
zSr-&OKBhHS!_e;IU9P=~@jM4FBsxEQ{rYsq(rHF)@-w+sx41^X`<VBpufMM|?DpX#
zX^F!(XZ~!Pv~uMe76nU7$?5v>$F7}?Hr*HJa+%2>`5Di(wj8q`7PA<?Yu*3eu_LCJ
zlVSQvZ<Dk`5?kk(yvPu6<CE_6leJ3xzwfVyfA~Mw&aSScQa^8R@2RiOeEac2<0~h_
zZAFp!=hJI=E+3mcb!w}ub=iUSt@2`QI%_T+<9B#BDTnU{FXNQLwjlMdKD-xPPO&Wx
zU$lAQO4~h>U)9xpXDzv=x<J!YGs2`^@Ya@`<^u;Do;-c3DdT;QbN}HVHfwKfN!p^|
zBIV}h_TkgFq?$W-t;?^L?Y|+l`ODWYroSGwwYM*hpI`T*^5^*#W-6a1-PkJUdT+(7
z1*@x5t*@?bGD>+eHDo`-j-5LbA7AUuTHg|&apX`#>x=vA?GGJ3{B%`Kl1=gJEsGZ~
zj(YX-!IJ~8ytRZn1LhX&km;Qg9T(RZYh9lB;=sZ+^Sr0V+Mkwl2rc`6|52{~-tA&j
zC&m9|Vqp09?_b28oQ-Z;!qURs3z^#=t>6EzX-hzB&LKy}fbPj$3=uOnckem1?VhRR
zM2{BT=xr-xrmb1_=<=E6UW-ENd$wxw`?*bB-YI|Nx&Y&aOP3BkS+ACS^;W3VZqChV
z=MF7&ZeOymWX-N~w_a6F$f-TG`myUJlls43#m&~<Zn@R9a%Se%Inxg_T3LkM3;y61
zq{x!`>b+;y<}8jFy<<JH&CAZtO1j3s`HI;5cg{>{><6wM70tc9wKhI7H|(lwT;9B>
zS5xMmt=Sh99v-fGeEuwtloXX`e=OXW8kLlmKD56e?>pP9b?H)7A0OWZ%a^mu%F4dE
zzkUAH)#bShC)&zaL>byd&x~kVvL<QA4T<pm40~Ry{rvIZ#mB`Kg^yV3qP|VObv@w!
zhrj$g3SJ(v)_2*)bU@|WTpOcHGpkK^RqwjKYu*1@rr8nl|KEPUzo`8Ey$@f$Ov#+F
zx8|qOD<i*am#$arIj0e{n_<NpmE5$nHqXgwieLOR#B?GV_G!lFPWA5bU-Q6!{p!`+
z>E_RhZ~edbKm4VJ`6dCb)-`h?XPM@Qt&Tg_&M*Jy)zQ^G{jcw=HC}gjM_WS!gGu%^
zpQn+MX@6h&zn1&_Wy?}OcDH3>EB?l0MQg<FudDT$YbE-y{BYre3yfc0UH8^~ns;x<
zPN(yWN?%{=Iep^%S@*E8X<70Adw9ZZWz563N2xN1>&K<k_}o5!E9vw#-HaO>6gi$|
z<VEik7nl~pvN0manDv2fjh+16U8RTT*;W^5{}H>E6LI*}>c7)=+^|ql*>m6F;@#%h
z=~kMWo=aaRRqttD?7X&8v%9-Hk~MMW{)D=v542mF_}%xO@{4DEnv^2Wk+qFs&+F1c
zi-Mw}LoY5aE`0cib<OP^eStOK_$z;Ys?}lg_xBG=HRvqU?)|W#pp5_0+HYSNf`Wo1
zj{D?XT_*aNH?E7T`_&$XE9R5$g<ZPxMj%9W<D{OR9)qGQ9x=PBIQ!0>nOkIM^5|su
zAEkbKzCQ=ER%(7YcHX9-Ug7cMGrDIlE^us)`W&<=QsK&`Q14@x7fhTuu{4fB=SS6r
z$&U_9ofQ1*CFg<YIdkW3EHM21K<Z}X`{noFym@nBUvhPrGv~Hy-g~=ByQk*=4v()7
z)!qF(qpQj3nVZJ4Y>lq&?!xEaWVc?6zIu1gYGz$M@m^gmX{N`Uy6j^a8SWjK5WMnG
zj9y!<Vb9f#v(567wzOWqEnal@R_U5^*Ea?qkNO&#wE2;qu5Rzm0BswYBhofH+WgFm
zHm}~uUhw&u@6_JRoI6RrK3Y|7Tl4SFySh{UPJKh}?QNQSmrjY$Iri=C?MT+zoZpeR
zv+i3s-`x<|Tk-0M=9DQK=6Pq&ojdj^_4LZ8`?oUB2;*BWH(5XAwGV?b<Be~p&9;2Y
z?Ohwa?a|NA&)38h=il9P^oK;W_3bY6Wp%YR_OtJ{DMXv+9ld8;E$a7j>eQ)<1@#Ks
za&8=YWpjD|+_={^48A|qdip*6eUJbA+_m`6v!_oJFCKDTvt1&6_oMY{$!QUh45y9=
ziA<Xox|bm(HC55%$ytf2x2v|kxVO`~jZd;`!DGjco}Q2!Tg5n7EJ{C#tiBtzRPvu&
zkHo>Mn!Pz6jsE0+`~Ts^#l>DqYTrMcT*bg3)eBk+Al5A?DcSk+^RwiSOl95kc9pzu
zDtmkD>Mrq1r)J&#bYte_^hbAg76;AU=%OU}@ArFqpE(AC%l+r1#cqEUSGZD=al${w
zle$6kkLxa;+i3SJ?uYFi?)~5Q1@_4?nwOhLL`EIFaz@0;$_g|j6%!-VCu4aiD>yLT
zKHkD2WS;l-?c0xknm=7Rp^RZQH@}rs%Ywy@A2OdY?>DR4uz9O<TA13q`@7d~63qJ7
z^mFT}AK%5;+1YoPmLz|jI?pJRD{5<I>%nIB#rtw=Jye92ELrm4&duWYb~>vR{244B
z)J*z*`$)jAKCjB7siFD|=jYi5&uBk;&97^QN#&$7nM)Qrw?8^&Z(i{54ePb1_EkSR
z3isGl{@L>_y`r*mq1mFPOIrn%-4mW(n!2X%|BvQ{ej%k_*L6y~^v<8>Q_c`}THwL0
ztJ$G-%zO6iebV;n+V$(lFQs}XzE6l(mb<Z|^RYqJ6^$!tzrMeZSAHET-Od0S)UBFo
zU+3DSCDw4~PE43|^Qu#?wyqY9n)mk2n-9Ma-j95HZ?RunjUmhDXXlgmCVdP(c<<i4
zuW8D&mY98GU^sAW!>8XN0atAqG9TCbZZ16S_T$$tt*O@!A7-wX{oOrv`a-K8MSrIM
zc=>$(lf0{;vnA~7Y-Vk{5Od(nxw}@z+ZKi#ExUKMv2{wKLtW^1hI#IG>o0ZR+mOoK
z#wUF$XUBu5t&5NMFRFh3E;Q=8sQvl_U835rd>*sk(_y^7C)N1%R@qM(_cz*Z`?pE7
z_U~^aD?N2}_cEpDm-k+G3u<Ffbqc)7#c+G?j~S2NJnIoo_e=Qk;o+LH^BXsBKAgY*
zZ`=IqS$0;rx6j{t^yq5$41+?awX@%cvz3>Z&-wLxikG&necFKsj5j{M=9@8l_To(A
zG+Ulh*4mYsFFZ2YQ$yc!nB@Pn(TUp@q1?s4=jQhOr>~}3l>d|Y^XE^9mUn!-eDd)=
z*B^fid}bT^zAgRw>D!@w_rE`Uu&`Mxf7+*&msbQT%h(l3*#7<!vU5$T^!3EU$9UgQ
z<K4Y$mywm7rRL5uu7)X`28la=u{daUPi<~y-Z$@)={|{nta7$hEgLo%$ozUd;Z*gm
zuP^VjH?#A*-7d>b%vyC%q37GTZ!_%c?T+=!_dj@$@Tc;H|I}^EXBkv7{rUSB)D?g6
z@?~R1{rvK`_gZgn&riO4tF)rvKcn))`9B}~@JN|(Y}>YNYE`jM#n)G%x}puIxB|lT
z!lHl5bhg}`r@VCOQV$;=7cVa^Az`79O0QTSJ$^KC+O)8R3qSh){E+p8HQGA*#;se2
zu3i=O^YbexEDWsNE~nPvqIBf=@yAb3PX~4W!K0^&+b7JAw!BmHdD_{FYa)$JGB2^@
zy~`^oFAtB-D1301P5tN3Gly-YB_uW!83=K(tP%TEvxm)D&}pH-`T6$854ZCdT7NNH
z7r!@7v5w*XlzzXt)(5vQ)vuZLW5L97<(b=rH%6Q}vElf`f)uV|M@Po4t{F!qE?l~_
zYFe+Ooto)#iJ$V8|6aT-c$kqJvzKYX8Smo{3$nJj-?=^gP3{~9z3JSwwSTQFmtCLo
zf{TS|%G9Zj;o;)DcJ10~<nn8I&oPz;g^pSL)AJY|K{GIpOb!ApoD7ZvDhw>73YhZc
z?qc0K*?YR)!UYQ)vS#hvX}PQHt(SSH0^^FcEUc^#|46>PT~u%R&s&J0sf~e!61zao
zyAqI<<1k^<CL<L!H6=?;$&;EVPn<d9Qdnrn!o*l%BX{QP*}(O2wl{9vIB@VFV_I6;
z7Zc7$!D0=UE(O_Ceqy=4KK}T@`}|7Q#?dd6cbB|xQgm)xkh*%>hV9#ztFLxzaZ)TQ
zE>;xa2#Aa0<7;P@>t_!R4u0|K)wK?*Y15}GtE;oSy1EK*wLU1?dExS9=KkZ&GiOTf
zh<WwqS_GqphK55yfq_}xjgA@OhHFl7?33zwu=*fF1LtJ*gd-;eGp?)<w2<lZDm{Jr
zv~y9>rZXkc(a|$z%vkX@uERyi#ntts&-2eeH*DT~xgxo%v-9BJ-`@qxta-%G#We(I
zOqo^wU_v9P2Nbm>gHc^wed_z|n>vmr9XWF3!N<kNIXF2Fwib&A#DwUW=GX52_2Tk&
ze!JHnBx`DF5|Wdhb^rf==%FIySvogHM@-qoM1--JNkCkB`L|E%KJywh@B0L<bpP<+
zAoGv!AE(c(d-g|iOU6Z~+)_O)Ehp#eZAO=;uZ!tAIays>=lSdP`=?0@7kqtnb!weB
z2MY%;?@|5e`h$BvRQJ5L%ebN7GtWfQ&bQV?jm2r9!1lbmhyK<6zRzhFyzKm(K0#%-
z12=E(Jjd;@^=r40k&(gk`eK8k8y>wTbqqK5r`zu;d)3t~uJ5EHHu=tJMJ+9^$?Cqx
zZUiPrn$|H`RK8L9_4Qr*QtxR>+S=Z4OKUznU_4f1$(HQin|k*LW5VxgZ(m&4#$5OR
zZ~2sI(<U*5m<kFCO4wu=^vPH)`dBO~E}H!5$H|DTS)yKEUMrS*KYVnw`^Bw|tG#+(
zIe&Y1tGkhzP07e8NcSlx3)7o>d!_%?{t=WCTD9%<Jo|LJwDYri-@M5YYFPE?+1c3=
zPwY818g2}&x))#nQ<SlodBXJR?z;b&`{Zo9PCiy&z4y+I84)}$>>0klyBoZ6&Y?q2
zI<dP%PK)VYKJj%vmsRV^`#!FIetvUn{)J|->?wTA=Eg6-wxn);n%xKa2mJp2{t=Op
z2Tz>fU<il{>w7aNM@2>Df!`0=KR=Jp_nInRV#49HP~i2o_0{2FvCrl|sQ>V|N8a?-
zZz<a(6Tf+uoca0r$Bs{*G9}?*Q>(?l>xDaif(B5YteE)W!-ooU<G`Sxrk)-io4P*|
zjlY>D&Y!LS`NxF`0cW^pw4aSObB>Rn&*C5qk`+GY6QK3JM?U?*=kxaMyLVe}*|H_&
z+2_xn4^L2ZHpu^H0~*G?y*>AM^Kbqq)Bb*6xj!)}t4UNl%)#A#`8l(HM~=AE*#693
znYs4%)?+sclOH~P${HOVEg>P{;O))L)W~r2=FN`Y-lJb%U;lV}+x;m*jrq%JnkO&!
zJ9Oz%(92()E=p^nxBKNi&cC%tQ%o<aW14RCshVlEzrGy&^73-w<72!!ky}_aJvD<q
z&$X=;I~#3se2Qjp2FHRtBO{{^SC_0$@l)NK`r^aF9inyI#m~+(E?>U<&awZBX=!OM
z?(R14W0yUizq`J9=hB^b{;)IiKRPi{xpdpd^whM($H#i7E<3xYc2D7(Cx$XVUxUV8
z82I`5B_t*HR`XR=Rjr8MZ+B~Jc6%$gxYD0G3$<EX&y^1k{QCM@QZnhk-DmT%w>MP3
zD;NGak+>!IcG$uR(o#~3^6&4nD1RvP>&ts(<NIBz+8^HBG!|kgRTAplQ1`b=<(T@Z
zv)faDi{;$d!RY7bx90rP<;&au{rg+^@Dl5nzkAl-+4K3IIlrKwU}+G8-kiM+i|ggq
zez-m5WpKfpABIb%u0+3i`*vf>OQAozeuuYK^0UdgR8;IJ`qq3SqQ?4b^vsu^#m^sq
zb93{-=bt5Gw{P8QdM!Vq|JvKA(`PnUeopIfQ4(S(?fcCyYoTI1H~qxnll%RXPE1hr
zs{bgOn4aG5JKHSrQMmBaXVE*8Qs>TRV`}(+_P0C}6O)9w2E&7*ogcn`Ki(H>E%GdO
zb5-x5IMB4lx7^#Q%j!SBHUIJJ_4>%_Z!>4iNch|K^?~H4CCld97t8g_+p94Ku(PtV
zM(j*lddH@{U(RiH*xD;~dCtzxXW|Xy7a!}HG*kUen1o*3o`~hr|6dd?Hq5<cGWD$@
zXe3~#*T2pGzQ5bQqx$>0J2rxXf=0{R=iZ(3@$L5ePSMe(m#1#tY%Hb|r(pc|%F19B
zhF1y}77~FIH{FdYe|wuXK0dy8ZhU;aJh!-R%li3miq}MM=4)+jE#36ddbefryE{9x
z4BLt<WO^hlnR4y3wc|hhx6v{7Rhp<!P`}{Jm-%)7IF~J3mbLR+-QQm)-?0AK_rCne
z^XHQpRx~*%Ot?LDwm~IR)z?=`KXO0${4-*2+SW5)cHFRNX=}UY$v9(wg58<3XRm7Q
zC}w_k>TL0^Bbh2{YNup=v&-^Mn)U4U^X_fAw^yxQH*MN93G2i)S4<WLM5MPdN(na{
z@0Wl4a`Ez@%O$0yhNZVcw)XxMefacgYXd8z(PjRBg&WT8<f^WyT;M%jFH8UW_3Pq)
z*}qKxpJy}a-i{}nAI*dJ2maoY+s-GOvh41j%E>GaqE1duDa%-OI2zWj&7B(e;zFWx
zDu3uYHf2S{g?^j|esDfEee~tf!-6OGvLkt8b;KT@c&J>|>UtM6-0icw;-S*2!nt>r
z>oPbk6sRtHJ8|Z{-Tv>j_6JByOP~2s*mg(GI~LTHm(t#ydU{&XW0pA_R*joBZQ|Om
zs;a8^$o}Q!O|`$iH-e_4UuPyJDjMrPbLA;2F7{-&F=56Gjmuv*h3}6mC@5Glt^4h@
zwX@G``ThO<bxp<#PmB#rO<m*bZ`Mit-1+mwi4!Y6+&(>BKlR!BD?2B<y*l~$<AXP9
z)t&`WQBs@?(vKcLN?rE#?d9#ij_s9`+qAppx&Adt_6gVCMjbwIz+v(8jGL>L-YHRI
zdhp`Kij7sLUPoSO4Q-N&<eo5Pj*9WwyNCDQ(z|x!hD5FXdu`JIx1<`SPoF=(cFA$9
zOpY&o_)hP?W&NGKb-%u>JhP{rPwvoF?Qqke^Ebjbg)f~ZGJOKW2FH1hXHT746{Ww!
z^Rb$d^3x|zpI+r;eDJYC%D#Qi$E_xeKi=Q}pYqJM`d7}@JIfb6Qj%iY;COFVb#n6K
zti1`^**BS77@e=QFH&rCP^kD`o|&onI%2{s7agI=AhXkBOZ5+4y*}CYYiL}YpKf^U
z_sD}HkK41EMAq`J(Cg{x^<cQ6uzq6r_QSr8j*V|-J1$&&^?Q=$j_FY`Yo+w}wAnas
zV%*?3Z-1GmXXi293!hG$nkKs@$UnS4YTc}WEvG&mmTOXKpRIRy_lBsIC&c*LnYp>S
zBO;<EFl<;Dx3_AObVAs)sK4iDPMS1H>9*ZL^JUYbU6~dv{~wnly7pc4o|KJ;B3T!)
z@iI!8WGEQ>&g*vw-7}?r{=eCw=Ud;fozc+Kn>PF3!<=rV-2z8*ejH(OxOdL9{Qcdv
z+q!!@J14$eXp!)N;l<0BhH|H`g)mRES#{{4rln?N-mmt(4s!kM)$BKCZ-0{VJiz<!
z6c&fLi1mM~zlGn9dfm=1f66EO^0wY9_e-}tt)FW*=UfnbXrfAQU*EMKmh)Wgf}<E1
z7KCQsbWEHyY0`?NbzV#fNl8rq8!v6Ytfi;r77-D#wdDWzH`DeytjxT;EU5nawTbq2
zXV08jb7|dXD-K@Ht1m9NDouQFYihR9<-L3MYPoWJ`}lF<-RwQp)1zK3S7Bf<NO-_7
zGc$U7&e~6fu^t{BKIy{Q(%Ca#v+(df^=CbLbY*$;=2f?LxJ;H#1l8)GiNnj)-`+)L
zzCX|=x9PjHP3@zSxt$k+vsoPO{d(K+U#Z|*&efgepz(^MpG1u=@1Ol~uFr8%*USFj
z-`xw&j$It*5_;0M^3#*fW2eGIe4K9urG%S@&-~fywD8VD=|E=I1E)@LZDvk8?KA)L
zW0{@W2d><d{rmNL{L?(wYioDENj=oo)>gzDlDPfQm2Ej8N)sQvy1F{_(*ytcR%<6V
zh%+@Z>@I&hZT9lO#cosUHgDbP`aExLs+{l+`wf1rum3$^Wnf_AlhFvj%KVHiqsD)m
zar(K0+s|^1E~lTHrCFY9GySyd`g@;}#aCqupE;2}k!$<GpzB;)AJ@wsU+mt0rEdTF
zn4L=3*Vq49@-e8K<57Wy#J8gcGmppaD~Nnr%hstS#-OgQekR@~{@wNBxC1u5z18bu
zcelL^UUu5&x#TC%AVBNW6UG6I`O{Xf`c*2#!4k1MZ|$L)Lq<=R$(}wfBK>n)Ug&yV
zHDzVy&&<zGpEa&HkuWoJe(krJcao>;$Hu8I`f^2zk)a`QvD?9mk!23;o0p$Y`nBby
zho4{AZA(`r!KS7rgS;;mJAc;2ecl{1zjeDw-ld4VU#*+PLvE#dC{0u_Fc1jWj|+Wu
zYl`E{w%V6>R9V>ARz00Jed^SQ)7S1-unsO0=zX_$_i52!Zf<U!sBIo;zZSRmZ^*i;
zRmAga3d?~jS43uS%b7I$`TXqv3+nIx`=S0re(L@uFJHcl*qFqc<~LunzQQO);m_Z{
zQ?)MNycwDILW3c~qF!+|hf&f-3HLskgI%iHQ^d?ut3^(2D0=B7V_D>)TJ2C-X<7IC
ztNEMTd;RnFNgAhVl>C-8O5ymiY!mN#&?NhL`@cS$nX;U+UtU`3ZCWd2ZEZbc)=Z@z
zRU6LOxVE}l2$nDvau#mby0vxcRMEv(D=jT8Eoy(6?3?vP)XDkD@t@^o#mBzM-cC$P
zT6D+v(xs-xeT?g3b}1SAM`cM}GQRZi`Sax^2YL@3a(eS8SACjZ$Ung?88?~cT50x8
zEKm5)xMZnT`kXyAAC10L{`&Ck+cfDj!BRhe{*2gPXS*%uj*|KPDKCQ!YJPn1x?DfC
zE!9RY=59>kvn!G_E9L%tXV`u?Z*k@4XIZ=klV{J4e!h);{id($laKcvz4CsU)|v88
zH$1<*zbilgcYWW1zl{}NUQ7(xs;{r_o|UEL<m|k$>TA{yv#&?ryiY&<wuuSU?cV$Q
z+o{+MD!uFO?$XMUaddAs$a!JVa+h!NZC_nY&4XLBuNxE{@mLcZT6kyu>eb!M?EEY4
zFl%T`+4rXM%Z`gTc9y3vy&t|dqIF~Pu}9zD-uBvQK7HCWB?}7)XExr0=iXXBeO8+N
zqV477<=Q!a@?TzD+<vH57BnI%7h9EZbyX;6b;@fwpRzKuLwW6q51U$F+}&J0H~RL$
zi6My}K3}>Nv?g*h+wS_iXMaSvr@Qaiv8&<yb7ezA!T<OEP7jsc_xqvsnYq@}uWoE?
zY>bfD5U_I3H@<HY#$`NGCK(LI#l{{gLQkGPefaV5af?sS1!p>az5VX~g<ZbcCi$0Q
zvVQ&We7y0~@~K_bTxX*cY)$uGdLO)hcGu40=Sk0cW?Ixf+HxhicGk~?7aJC4+*x9%
zqob3MlETvI()8$2(vqdi6dwh${ImGL{wPV*+VSP9SC8JbZq9gex8veoJq?Wm+b{1w
zy7lz+DW~o)trjnNe^E9rE)LXg=HcN<NJsz;P%I4KXmn`Uw8`knlP3zMrlOskojWRD
ztLe?%9kOuFhU&y3@y!z%R&)et9O;v_-ca}TSJv(q^?Co8&CAV?9Tyc9O?)$B<BsCr
zeQvKzv)}2QnPUlB{+IDYaqmGMSv!&0+jGJ)!V5M`wcGl0f93zfXJ#5toHeUU@UVM^
zjmY(hkKIM0zCW#<n|^*)?`d(p@SD3oK98?ol)Svpgyn+Bu3fuk7$&ooy}Ns|V$VuF
zvz!|TR;^CY$ml42ef{8_puZn^Kp|iA`|b7zMLUa*FN}<g<U0MU;&N~Q@f!zb_XgG7
z{yE!i9czX0(W*aJ3a|CbS8Ptmxctml!alQR>RxI8d3KJmi=vVe3U|hQd3~M#pn0=l
z!HEM}_W$oM|L0avV6ZwlHYVo7^NIF>_t)*a_3HEGS@S<U?zi6;ExvyBYVFHH^XAQ4
zH;JKU$F_r)FAJ;t&u^K&eR|aU{MTh`3qPK6-I96P?dc{TAD;~+H-mD1m(D(Ox8~}}
zrQOqC9hsJJRg2;Mv9Eo7H#U`W|Ks}Q{czi*S7{fUT-WRskT%cjSuol0#m(i*y-G8#
zE)(^eYuj4*_*f`c*ToCLzaGuFF@2*K@8*=m1@VS5vsbUy?vt@?(!9KU#nSTaS#P!e
z6n@~}`p$O2+O@rn&1_04CM@>neg-DLZ`s~&eym3}czI0U>N{)--Jd=cxwyDI`1A8K
z*V<E?GVX1%RP&p|VO(rnWBJIt_2=_5vzsN2(>JW!?4ST1PRYHaQmmd5$y@&^d@^Xk
z%gnofUtV5z+T_wvwIio`7fqfvjqU!jOXA6I@9mea{q<$#m)$N(jxH`Ne6ltzhuQg!
zcky2{yEfz7Taz#E@5`H+nMu`$2L%TU3JEnGu9rKux8UlXX3#*8UG47!$B(n~N}H|u
zw&H4O7=xXPzCQoOix(@ty^)+}Q`hw1^+6BMRWhgFZ}ywN(D$|(Xl=^$>7a#=_j4`x
zB_3wWiQ4Y@aOXOf_{Qnevtkn#26Q|>KVR9%NNBrr{^L_mwMCWqZ(842?0lRr<L)xk
zJ$v>%c=>W=LH3uXCZ?GO9e>p9yQ673(L=@5q}tPyv!|ygAw|XhPH9k(&^(*UrgnaL
zB^#YRLCTLMKV4YsZvNxv&xM`-!WGrk;ob|vH%5R~IUYH7Oi9g(t?*-Eh1^e>^~v$d
zhIWDs7q++tM?^*+JadIdY?@d>Nr4M<JKKuz^>S<0t`*HoaAFE@*3i|heSY`Y!-9m2
z42|uAsi~<8-M7mHEk9(pBz^w88#}X?-<rCA%N7x*g#y2R{kod=CPbX65!Ccg+W4b4
zcuHfV6Qi;R!>YO5;(8BObH;0)*`9r0@5|fU)9<k@Iv2RQ{LqVwi`jqizgTY&e_&37
z*Y2xAESv|_`?hT}+xP!rb?eVf#+x^mzmKbu<`8PQ)duRQ&tS>Fxvg@x8&iq^3#WtW
zVhy!}(P8VO)_ya%&*I1waCXM5SxG-nJ>~k`%F_PeP%HPBFaZ^Yt-a^wS|`8wu#oHX
z*_o#9@BTHiI5K_U1kE<QPpesOaQ}Mn{;(b542}~RYMOTJ+Ld&&OEu`S%v{;RA2$-u
z%raf=wSAEqhfsr7%8?GisbTwj<;<nj{pY*1^T|%>i*gp&+8FhgQ=@yr1c9DkNg@?(
zHf!$hko)`VyYlt0CYA;36ofiARDaL=@%y*7sMs9H?o4S0vPM-wBb}6v%!15da@gLW
e@JjDLJI}gq$J0sfCm9$R7(8A5T-G@yGywpW(yz<_

diff --git a/templates/gitlab-ci-sonar-vault.yml b/templates/gitlab-ci-sonar-vault.yml
index 3746bad..f2aace5 100644
--- a/templates/gitlab-ci-sonar-vault.yml
+++ b/templates/gitlab-ci-sonar-vault.yml
@@ -1,13 +1,23 @@
 # =====================================================================================================================
 # === Vault template variant
 # =====================================================================================================================
+spec:
+  inputs:
+    vault-base-url:
+      description: The Vault server base API url
+      default: ''
+    vault-oidc-aud:
+      description: The `aud` claim for the JWT
+      default: $CI_SERVER_URL
+---
 variables:
   # variabilized vault-secrets-provider image
-  TBC_VAULT_IMAGE: "registry.gitlab.com/to-be-continuous/tools/vault-secrets-provider:master"
+  TBC_VAULT_IMAGE: registry.gitlab.com/to-be-continuous/tools/vault-secrets-provider:master
   # variables have to be explicitly declared in the YAML to be exported to the service
   VAULT_ROLE_ID: "$VAULT_ROLE_ID"
   VAULT_SECRET_ID: "$VAULT_SECRET_ID"
-  VAULT_OIDC_AUD: "$CI_SERVER_URL"
+  VAULT_OIDC_AUD: $[[ inputs.vault-oidc-aud ]]
+  VAULT_BASE_URL: $[[ inputs.vault-base-url ]]
 
 sonar:
   services:
diff --git a/templates/gitlab-ci-sonar.yml b/templates/gitlab-ci-sonar.yml
index 4d7fd84..f75fe67 100644
--- a/templates/gitlab-ci-sonar.yml
+++ b/templates/gitlab-ci-sonar.yml
@@ -14,6 +14,34 @@
 # Floor, Boston, MA  02110-1301, USA.
 # =========================================================================================
 # default workflow rules: Merge Request pipelines
+spec:
+  inputs:
+    scanner-image:
+      description: The Docker image used to run [sonar-scanner](https://docs.sonarqube.org/latest/analysis/scan/sonarscanner/)
+      default: registry.hub.docker.com/sonarsource/sonar-scanner-cli:latest
+    host-url:
+      description: SonarQube server url
+      default: ''
+    project-key:
+      description: SonarQube Project Key (might also be set in the `sonar-project.properties` file)
+      default: ''
+    project-name:
+      description: SonarQube Project Name (might also be set in the `sonar-project.properties` file)
+      default: ''
+    base-args:
+      description: SonarQube [analysis arguments](https://docs.sonarqube.org/latest/analysis/analysis-parameters/)
+      default: >-
+        -Dsonar.links.homepage=${CI_PROJECT_URL}
+        -Dsonar.links.ci=${CI_PROJECT_URL}/-/pipelines
+        -Dsonar.links.issue=${CI_PROJECT_URL}/-/issues
+    quality-gate-enabled:
+      description: |-
+        Enables SonarQube [Quality Gate](https://docs.sonarqube.org/latest/user-guide/quality-gates/) verification.
+
+        _Uses `sonar.qualitygate.wait` parameter ([see doc](https://docs.sonarqube.org/latest/analysis/ci-integration-overview/#header-1))._
+      type: boolean
+      default: false
+---
 workflow:
   rules:
     # prevent branch pipeline when an MR is open (prefer MR pipeline)
@@ -56,23 +84,23 @@ workflow:
 
 variables:
   # variabilized tracking image
-  TBC_TRACKING_IMAGE: "registry.gitlab.com/to-be-continuous/tools/tracking:master"
+  TBC_TRACKING_IMAGE: registry.gitlab.com/to-be-continuous/tools/tracking:master
 
   # Sonar
-  SONAR_SCANNER_IMAGE: "registry.hub.docker.com/sonarsource/sonar-scanner-cli:latest"
-
+  SONAR_SCANNER_IMAGE: $[[ inputs.scanner-image ]]
+  SONAR_HOST_URL: $[[ inputs.host-url ]]
+  SONAR_PROJECT_KEY: $[[ inputs.project-key ]]
+  SONAR_PROJECT_NAME: $[[ inputs.project-name ]]
+  SONAR_QUALITY_GATE_ENABLED: $[[ inputs.quality-gate-enabled ]]
   # Sonar base analysis default args
   # see: https://docs.sonarqube.org/latest/analysis/analysis-parameters/
   # default uses branch analysis: https://docs.sonarqube.org/latest/branches/overview/
-  SONAR_BASE_ARGS: >-
-    -Dsonar.links.homepage=${CI_PROJECT_URL}
-    -Dsonar.links.ci=${CI_PROJECT_URL}/-/pipelines
-    -Dsonar.links.issue=${CI_PROJECT_URL}/-/issues
+  SONAR_BASE_ARGS: $[[ inputs.base-args ]]
 
   # default production ref name (pattern)
-  PROD_REF: '/^(master|main)$/'
+  PROD_REF: /^(master|main)$/
   # default integration ref name (pattern)
-  INTEG_REF: '/^develop$/'
+  INTEG_REF: /^develop$/
 
 stages:
   - build
-- 
GitLab