From 2db29e3206c9e3f8fe1b3504b7ecfca137fc3d99 Mon Sep 17 00:00:00 2001
From: Saheer Babu <saheer.babu@arm.com>
Date: Wed, 9 Jun 2021 11:40:41 +0100
Subject: [PATCH 01/17] github action workflow for docker management

---
 .github/workflows/ci_scripts/github_utils.py  |  69 ++++
 .../workflows/docker_management.branch.yml    | 256 ++++++++++++++
 .github/workflows/docker_management.prune.yml |  27 ++
 .../workflows/docker_management.release.yml   | 320 ++++++++++++++++++
 .../workflows/docker_management.test-PR.yml   |  62 ++++
 docker_images/mbed-os-env/Dockerfile          | 103 ++++++
 docker_images/mbed-os-env/README.md           |  49 +++
 docker_images/mbed-os-env/test.sh             |  17 +
 .../diagrams/docker-versioning.png            | Bin 0 -> 31578 bytes
 .../docker_management/docker_management.md    | 135 ++++++++
 10 files changed, 1038 insertions(+)
 create mode 100644 .github/workflows/ci_scripts/github_utils.py
 create mode 100644 .github/workflows/docker_management.branch.yml
 create mode 100644 .github/workflows/docker_management.prune.yml
 create mode 100644 .github/workflows/docker_management.release.yml
 create mode 100644 .github/workflows/docker_management.test-PR.yml
 create mode 100644 docker_images/mbed-os-env/Dockerfile
 create mode 100644 docker_images/mbed-os-env/README.md
 create mode 100755 docker_images/mbed-os-env/test.sh
 create mode 100644 docs/design-documents/docker_management/diagrams/docker-versioning.png
 create mode 100644 docs/design-documents/docker_management/docker_management.md

diff --git a/.github/workflows/ci_scripts/github_utils.py b/.github/workflows/ci_scripts/github_utils.py
new file mode 100644
index 00000000000..f96c3715a83
--- /dev/null
+++ b/.github/workflows/ci_scripts/github_utils.py
@@ -0,0 +1,69 @@
+import click
+import requests
+import logging
+import sys
+import time
+
+# delete images older than provided argument (number_of_days)
+@click.command()
+@click.pass_context
+@click.option("-r", "--repository", required=True)
+@click.option(
+    "-n",
+    "--number_of_days",
+    default="1",
+    help="number of days since image was created",
+    required=False,
+)
+def delete_old_images(ctx, repository, number_of_days):
+    s = requests.Session()
+    github_api_accept = "application/vnd.github.v3+json"
+    s.headers.update(
+        {"Authorization": f'token {ctx.obj["passwd"]}', "Accept": github_api_accept}
+    )
+    r = s.get(f"https://api.github.com/user/packages/container/{repository}/versions")
+    versions = r.json()
+
+    version_id = None
+    pattern = "%d.%m.%Y %H:%M:%S"
+    pattern = "%Y-%m-%dT%H:%M:%SZ"
+    current_time = time.time()
+
+    for version in versions:
+        epoch = int(time.mktime(time.strptime(version["updated_at"], pattern)))
+
+        if (current_time - epoch) / (24 * 60 * 60) > int(number_of_days):
+            version_id = version["id"]
+            logging.debug(f"deleteing image with version id {version_id}")
+
+            url = f"https://api.github.com/user/packages/container/{repository}/versions/{version_id}"
+            resp = s.delete(url)
+            resp.raise_for_status()
+
+
+@click.group()
+@click.pass_context
+@click.option("-u", "--username", required=False)
+@click.option("-p", "--passwd", required=False)
+@click.option("-v", "--verbose", is_flag=True, default=False)
+def main(ctx, username, passwd, verbose):
+    ctx.obj = {"username": username, "passwd": passwd}
+
+    if verbose:
+        logging.basicConfig(
+            stream=sys.stdout,
+            format="%(levelname)s %(asctime)s %(message)s",
+            datefmt="%m/%d/%Y %I:%M:%S %p",
+        )
+        logging.getLogger().setLevel(logging.DEBUG)
+    else:
+        logging.basicConfig(
+            format="%(levelname)s %(asctime)s %(message)s",
+            datefmt="%m/%d/%Y %I:%M:%S %p",
+        )
+        logging.getLogger().setLevel(logging.INFO)
+
+
+if __name__ == "__main__":
+    main.add_command(delete_old_images)
+    main()
diff --git a/.github/workflows/docker_management.branch.yml b/.github/workflows/docker_management.branch.yml
new file mode 100644
index 00000000000..1aa344095e1
--- /dev/null
+++ b/.github/workflows/docker_management.branch.yml
@@ -0,0 +1,256 @@
+name: Publish or Update docker image for head of branch
+# This work flow is disabled for forked repositories. 
+# If you need to enable it, find references for github.repository_owner in this file
+# and replace with ARMmbed with your organisation/account name
+# Read more details in TODO: add design link
+
+on:
+
+  schedule:
+    - cron:  '15 4 * * *'
+
+  push:
+    branches: 
+      - master
+
+    paths:
+      - requirements.txt
+      - docker_images/mbed-os-env/**
+      - .github/workflows/docker_management.branch.yml
+
+
+  workflow_dispatch: 
+
+
+jobs:
+  prepare-tags:
+    if: github.repository_owner == 'saheerb' || github.event_name != 'schedule'
+    runs-on: ubuntu-latest
+
+    steps:
+      - 
+        name: Extract branch name
+        shell: bash
+        run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})"
+        id: extract_branch
+
+      - 
+        name: Print event name
+        shell: bash
+        run: echo ${{github.event_name}}
+
+      -
+        name: Checkout
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+
+      - 
+        name: Set UUID
+        id: generate-uuid
+        uses: filipstefansson/uuid-action@v1
+
+# set docker tags we are building, and intending to publish
+# dev-tag is temporary for testing purpose. This should be considered as unstable.
+# dated-tag is created for versioning purpose
+# prod-tag-latest could be used by customers, CI etc for keeping up to date
+      - 
+        name: Get build information
+        shell: bash
+        run: |
+          mkdir -p build_info
+          date=$(date +"%Y.%m.%dT%H.%M.%S")
+          echo dev-${{ steps.extract_branch.outputs.branch }}-${date}-${{ steps.generate-uuid.outputs.uuid }} > build_info/dev_tag
+          echo ${{ steps.extract_branch.outputs.branch }}-${date} > build_info/prod_tag_dated
+          echo ${{ steps.extract_branch.outputs.branch }}-latest > build_info/prod_tag_latest
+          echo ${{ steps.extract_branch.outputs.branch }} > build_info/mbed_os_version
+          
+      # archiving and unarchiving are github actions ways to pass variables between jobs    
+      - 
+        name: Archive information 
+        uses: actions/upload-artifact@v2
+        with:
+          name: build-info
+          path: build_info
+          
+
+
+  build-container:
+    runs-on: ubuntu-latest
+    needs: prepare-tags
+    outputs:
+      DEV_DIGEST: ${{ steps.docker_info_dev.outputs.DIGEST }}
+      PROD_DIGEST: ${{ steps.docker_info_prod.outputs.DIGEST }}
+
+    steps:
+      - 
+        name: unarchive artefacts
+        uses: actions/download-artifact@v2
+        with:
+          name: build-info
+          
+      - 
+        name: Get build info from archive
+        shell: bash
+        id: build_info
+        run: |
+          value=`cat dev_tag`
+          echo "DEV TAG is $value"
+          echo "::set-output name=DOCKER_DEV_TAG::$value"
+          value=`cat prod_tag_dated`
+          echo "PROD TAG DATED is $value"
+          echo "::set-output name=DOCKER_PROD_TAG_DATED::$value"
+          value=`cat prod_tag_latest`
+          echo "::set-output name=DOCKER_PROD_TAG_LATEST::$value"
+          echo "PROD TAG is $value"
+
+      - 
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+
+      - 
+        name: Set up QEMU
+        uses: docker/setup-qemu-action@v1
+
+      - 
+        name: Login to DockerHub
+        uses: docker/login-action@v1 
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      -
+        name: Checkout
+        uses: actions/checkout@v2
+
+      -
+        name: Build with remote cache
+        uses: docker/build-push-action@v2
+        id: docker_build_dev
+        with:
+          context: .
+          platforms: linux/amd64,linux/arm64
+          # load: true - not supported for multi arch
+          push: true
+          file: ./docker_images/mbed-os-env/Dockerfile
+          tags: ghcr.io/${{ github.actor }}/mbed-os-env-tmp:${{ steps.build_info.outputs.DOCKER_DEV_TAG }}
+          cache-from: type=registry,ref=ghcr.io/${{ github.actor }}/mbed-os-env:${{ steps.build_info.outputs.DOCKER_PROD_TAG_LATEST }}
+          cache-to: type=inline
+
+      -
+        name: Find DOCKER DIGEST trying to publish (if exists in docker repository)
+        id: docker_info_prod
+        run: |
+          DIGEST=$(docker run quay.io/skopeo/stable --creds=${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} inspect docker://ghcr.io/${{ github.actor }}/mbed-os-env:${{ steps.build_info.outputs.DOCKER_PROD_TAG_LATEST }} | jq ".Digest")
+          echo "::set-output name=DIGEST::$DIGEST"
+          echo "Docker DIGEST: $DIGEST"
+
+      - 
+        name: Find DEV DOCKER DIGEST
+        id: docker_info_dev
+        run: |
+          DIGEST=$(docker run quay.io/skopeo/stable --creds=${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} inspect docker://ghcr.io/${{ github.actor }}/mbed-os-env-tmp:${{ steps.build_info.outputs.DOCKER_DEV_TAG }} | jq ".Digest")
+          echo "Docker DIGEST: $DIGEST"
+          echo "::set-output name=DIGEST::$DIGEST"
+          echo "Docker DIGEST: $DIGEST"
+
+  test-container:
+    runs-on: ubuntu-latest
+    needs: build-container
+    # no need to test (nor publish) if we already have the same image in dockerhub
+    if: needs.build-container.outputs.DEV_DIGEST != needs.build-container.outputs.PROD_DIGEST
+    outputs:
+      STATUS: ${{ steps.test.outputs.STATUS }}
+    strategy:
+      matrix:
+        platform: [linux/amd64, linux/arm64]
+        
+    steps:
+      - 
+        name: unarchive artefacts
+        uses: actions/download-artifact@v2
+        with:
+          name: build-info
+          
+      - 
+        name: Get build info from archive
+        shell: bash
+        id: build_info
+        run: |
+          value=`cat dev_tag`
+          echo "TAG is $value"
+          echo "::set-output name=DOCKER_DEV_TAG::$value"
+          value=`cat prod_tag_dated`
+          echo "TAG is $value"
+          echo "::set-output name=DOCKER_PROD_TAG_DATED::$value"
+          value=`cat prod_tag_latest`
+          echo "::set-output name=DOCKER_PROD_TAG_LATEST::$value"
+          value=`cat mbed_os_version`
+          echo "::set-output name=MBED_OS_VERSION::$value"
+
+      - 
+        name: Checkout
+        uses: actions/checkout@v2
+
+      - 
+        name: Set up QEMU
+        uses: docker/setup-qemu-action@v1
+
+      - 
+        name: test the container
+        id: test
+        uses: addnab/docker-run-action@v3
+        with:
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+          registry: ghcr.io
+          options: -v ${{ github.workspace }}:/work -w=/work
+          image: ghcr.io/${{ github.actor }}/mbed-os-env-tmp@${{ steps.docker_info_dev.outputs.DIGEST }}
+          shell: bash
+          
+          run: |
+            set -e
+            echo "::set-output name=STATUS::failed"
+            uname -m
+            ./docker_images/mbed-os-env/test.sh ${{ steps.build_info.outputs.MBED_OS_VERSION }}
+            echo "::set-output name=STATUS::passed"
+            
+      
+  deploy-container:
+    runs-on: ubuntu-latest
+    needs: test-container
+        
+    steps:
+      - 
+        name: unarchive artefacts
+        uses: actions/download-artifact@v2
+        with:
+          name: build-info
+        
+      - 
+        name: Get build info from archive
+        shell: bash
+        id: build_info
+        run: |
+          value=`cat dev_tag`
+          echo "TAG is $value"
+          echo "::set-output name=DOCKER_DEV_TAG::$value"
+          value=`cat prod_tag_dated`
+          echo "TAG is $value"
+          echo "::set-output name=DOCKER_PROD_TAG_DATED::$value"
+          value=`cat prod_tag_latest`
+          echo "::set-output name=DOCKER_PROD_TAG_LATEST::$value"
+          
+      - 
+        if: needs.test-container.outputs.STATUS == 'passed'
+        name: copy dev tag to prod
+        run: |
+          docker run quay.io/skopeo/stable --src-creds=${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} --dest-creds=${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} copy --all docker://ghcr.io/${{ github.actor }}/mbed-os-env-tmp:${{ steps.build_info.outputs.DOCKER_DEV_TAG }}  docker://ghcr.io/${{ github.actor }}/mbed-os-env:${{ steps.build_info.outputs.DOCKER_PROD_TAG_LATEST }}
+          docker run quay.io/skopeo/stable --src-creds=${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} --dest-creds=${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} copy --all docker://ghcr.io/${{ github.actor }}/mbed-os-env-tmp:${{ steps.build_info.outputs.DOCKER_DEV_TAG }}  docker://ghcr.io/${{ github.actor }}/mbed-os-env:${{ steps.build_info.outputs.DOCKER_PROD_TAG_DATED }}
+
+      # move failed images to temporary name for troubleshooting
+      - if: needs.test-container.outputs.STATUS == 'failed'
+        name: Rename Dev Tag
+        run: |
+          docker run quay.io/skopeo/stable --src-creds=${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} --dest-creds=${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} copy --all docker://ghcr.io/${{ github.actor }}/mbed-os-env-tmp:${{ steps.build_info.outputs.DOCKER_DEV_TAG }}  docker://ghcr.io/${{ github.actor }}/mbed-os-env-tmp:failed-${{ steps.build_info.outputs.DOCKER_DEV_TAG }}
diff --git a/.github/workflows/docker_management.prune.yml b/.github/workflows/docker_management.prune.yml
new file mode 100644
index 00000000000..8891531b7dd
--- /dev/null
+++ b/.github/workflows/docker_management.prune.yml
@@ -0,0 +1,27 @@
+name: Prune temporary docker images
+
+on:    
+  schedule:
+    - cron:  '15 4 * * *'
+
+  workflow_dispatch:
+
+jobs:
+  prune-images:
+    if: github.repository_owner == 'saheerb'
+    runs-on: ubuntu-latest
+
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v2
+
+      - 
+        name: Delete old temporary images
+        run: |
+          # the following command may fail because github package doesn't allow 
+          # deletion if only one image exists or if GITHUB_DELETE_IMAGE_TOKEN is not 
+          # setup. This shouldn't create any alarm as temporary image deletion is 
+          # not a critical activity.
+          python ./.github/workflows/ci_scripts/github_utils.py -u ${{ github.actor }} -p ${{ secrets.DOCKER_MANAGEMENT_TOKEN }} delete-old-images -r mbed-os-env-tmp | true
+          
\ No newline at end of file
diff --git a/.github/workflows/docker_management.release.yml b/.github/workflows/docker_management.release.yml
new file mode 100644
index 00000000000..9ced2feab27
--- /dev/null
+++ b/.github/workflows/docker_management.release.yml
@@ -0,0 +1,320 @@
+name: Release or update docker image for a released mbed-os version
+
+# Read TODO: add design link before editing this file
+
+# This work flow is disabled for forked repositories. 
+# If you need to enable it, find references for github.repository_owner in this file
+# and replace with ARMmbed with your organisation/account name
+
+
+on:    
+  push:
+    tags: 
+      - mbed-os-6.[0-9]+.[0-9]+
+
+  schedule:
+    - cron:  '15 4 * * *'
+
+  workflow_dispatch:
+    inputs:
+      mbed_os_release_version:
+        description: 'mbed-os release version for which you want to update docker image.'
+        required: true
+
+jobs:
+  # this job finds the necessary tags to be applied to docker image
+  prepare-tags:
+    if: github.repository_owner == 'saheerb'
+    runs-on: ubuntu-latest
+
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+
+      - 
+      # if manually triggered makes sure that input tag exists on the branch selected
+      # this is to avoid silly mistakes, for example: mbed-os-7.0.16-latest docker image
+      # getting released on mbed-os-6 branch
+        if: ${{ github.event_name == 'workflow_dispatch' }}
+        name: Sanity check tag of manual trigger
+        shell: bash
+        run: | 
+          if [ -z $(git tag --merged ${GITHUB_REF} ${{ github.event.inputs.mbed_os_release_version }}) ]; then
+            echo "Check the tag name ${{ github.event.inputs.mbed_os_release_version }} is not found on branch ${GITHUB_REF}"
+            exit 1
+          fi
+
+      - 
+        name: Set UUID
+        id: generate-uuid
+        uses: filipstefansson/uuid-action@v1
+
+      - 
+      # set docker tags we are building, and intending to release
+      # this workflow can be executed when a tag is pushed, scheduled, or manual trigger
+      # depending on the trigger cache source and version of mbed-os will change
+      #
+      # when trigger is due to tag pushed (ie, a new mbed-os release is made), 
+      #     we are targeting to build docker image for the tag
+      #     best bet for cache source is the image built for head of the branch
+      # when trigger is manual
+      #     we are targeting to build docker image for the input tag in workflow
+      #     best bet for cache source is input tag itself as it should already be there
+      # when trigger is scheduled
+      #     we are targeting to build docker image for the last tag on the branch
+      #     best bet for cache source is input tag itself as it should already be there
+        name: Get build information
+        shell: bash
+        run: |
+          mkdir -p build_info
+          date=$(date +"%Y.%m.%dT%H.%M.%S")
+          if [ "push" == "${{github.event_name}}" ];then
+            version=${GITHUB_REF#refs/tags/}
+            cache_source="master-latest"
+          elif [ "workflow_dispatch" == "${{github.event_name}}" ];then
+            version=${{ github.event.inputs.mbed_os_release_version }}
+            cache_source=${version}-latest
+          else
+            version=`git describe --tags --abbrev=0  --match mbed-os-[0-9]*.[0-9]*.[0-9]*`
+            cache_source=${version}-latest
+          fi
+          echo dev-${version}-${date}-${version} > build_info/dev_tag
+          echo ${version}-${date} > build_info/prod_tag_dated
+          echo ${version} > build_info/mbed_os_version
+          echo ${cache_source} > build_info/cache_source
+
+      # archiving and unarchiving are github actions ways to pass variables between jobs    
+      - 
+        name: Archive information 
+        uses: actions/upload-artifact@v2
+        with:
+          name: build-info
+          path: build_info
+          
+
+  build-container:
+    runs-on: ubuntu-latest
+    needs: prepare-tags
+    outputs:
+      DEV_DIGEST: ${{ steps.docker_info_dev.outputs.DIGEST }}
+      PROD_DIGEST: ${{ steps.docker_info_prod.outputs.DIGEST }}
+
+    steps:
+      - 
+        name: unarchive artefacts
+        uses: actions/download-artifact@v2
+        with:
+          name: build-info
+
+      # DOCKER_DEV_TAG is temporary image name.
+      # DOCKER_PROD_TAG_DATED is fixed tag
+      # prod-tag-latest could be used by customers, CI etc for keeping up to date
+      - 
+        name: Get build info from archive
+        shell: bash
+        id: build_info
+        run: |
+          value=`cat dev_tag`
+          echo "TAG is $value"
+          echo "::set-output name=DOCKER_DEV_TAG::$value"
+          value=`cat prod_tag_dated`
+          echo "TAG is $value"
+          echo "::set-output name=DOCKER_PROD_TAG_DATED::$value"
+          value=`cat mbed_os_version`
+          echo "::set-output name=MBED_OS_VERSION::$value"
+          value=`cat cache_source`
+          echo "::set-output name=CACHE_SOURCE::$value"
+
+      - 
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+
+      - 
+        name: Set up QEMU
+        uses: docker/setup-qemu-action@v1
+
+      - 
+        name: Login to DockerHub
+        uses: docker/login-action@v1 
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      -
+        name: Checkout
+        uses: actions/checkout@v2
+        with:
+          ref: refs/tags/${{ steps.build_info.outputs.MBED_OS_VERSION }}
+
+      -
+        name: Build with remote cache
+        uses: docker/build-push-action@v2
+        id: docker_build_dev
+        with:
+          context: .
+          platforms: linux/amd64,linux/arm64
+          # load: true - not supported for multi arch
+          push: true
+          file: ./docker_images/mbed-os-env/Dockerfile
+          tags: ghcr.io/${{ github.actor }}/mbed-os-env-tmp:${{ steps.build_info.outputs.DOCKER_DEV_TAG }}
+          cache-from: type=registry,ref=ghcr.io/${{ github.actor }}/mbed-os-env:${{ steps.build_info.outputs.CACHE_SOURCE }}
+          cache-to: type=inline
+
+      -
+        name: Find DOCKER DIGEST trying to publish (if exists in docker repository)
+        id: docker_info_prod
+        run: |
+          DIGEST=$(docker run quay.io/skopeo/stable --creds=${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} inspect docker://ghcr.io/${{ github.actor }}/mbed-os-env:${{ steps.build_info.outputs.CACHE_SOURCE }} | jq ".Digest")
+          echo "::set-output name=DIGEST::$DIGEST"
+          echo "Docker DIGEST: $DIGEST"
+
+      - 
+        name: Find DEV DOCKER DIGEST
+        id: docker_info_dev
+        run: |
+          DIGEST=$(docker run quay.io/skopeo/stable --creds=${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} inspect docker://ghcr.io/${{ github.actor }}/mbed-os-env-tmp:${{ steps.build_info.outputs.DOCKER_DEV_TAG }} | jq ".Digest")
+          echo "Docker DIGEST: $DIGEST"
+          echo "::set-output name=DIGEST::$DIGEST"
+          echo "Docker DIGEST: $DIGEST"
+
+  test-container:
+    runs-on: ubuntu-latest
+    needs: build-container
+    # no need to test if we already have the same image in dockerhub
+    if: needs.build-container.outputs.DEV_DIGEST != needs.build-container.outputs.PROD_DIGEST
+    outputs:
+      STATUS: ${{ steps.test.outputs.STATUS }}
+    strategy:
+      matrix:
+        platform: [linux/amd64, linux/arm64]
+        
+    steps:
+      - 
+        name: unarchive artefacts
+        uses: actions/download-artifact@v2
+        with:
+          name: build-info
+          
+      - 
+        name: Get build info from archive
+        shell: bash
+        id: build_info
+        run: |
+          value=`cat dev_tag`
+          echo "TAG is $value"
+          echo "::set-output name=DOCKER_DEV_TAG::$value"
+          value=`cat prod_tag_dated`
+          echo "TAG is $value"
+          echo "::set-output name=DOCKER_PROD_TAG_DATED::$value"
+          value=`cat mbed_os_version`
+          echo "::set-output name=MBED_OS_VERSION::$value"
+
+      - 
+        name: Checkout
+        uses: actions/checkout@v2
+        with:
+          ref: refs/tags/${{ steps.build_info.outputs.MBED_OS_VERSION }}
+
+      - 
+        name: Set up QEMU
+        uses: docker/setup-qemu-action@v1
+
+      - 
+        name: test the container
+        id: test
+        uses: addnab/docker-run-action@v3
+        with:
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+          registry: ghcr.io
+          options: -v ${{ github.workspace }}:/work -w=/work
+          image: ghcr.io/${{ github.actor }}/mbed-os-env-tmp@${{ steps.docker_info_dev.outputs.DIGEST }}
+          shell: bash
+          run: |
+            set -e
+            echo "::set-output name=STATUS::failed"
+            uname -m
+            ./docker_images/mbed-os-env/test.sh ${{ steps.build_info.outputs.MBED_OS_VERSION }}
+            echo "::set-output name=STATUS::passed"
+            
+      
+  deploy-container:
+    # this job is running always and to skip for forked repo
+    # add condition on every step.
+    env: 
+      repo-owner: saheerb
+    runs-on: ubuntu-latest
+    needs: test-container
+    if:  ${{ always() }}
+        
+    steps:
+      - 
+        if: github.repository_owner == env.repo-owner
+        name: unarchive artefacts
+        uses: actions/download-artifact@v2
+        with:
+          name: build-info
+        
+      - 
+        if: github.repository_owner == env.repo-owner
+        name: Get build info from archive
+        shell: bash
+        id: build_info
+        run: |
+          value=`cat dev_tag`
+          echo "DEV TAG is $value"
+          echo "::set-output name=DOCKER_DEV_TAG::$value"
+          value=`cat prod_tag_dated`
+          echo "DATED PROD TAG is $value"
+          echo "::set-output name=DOCKER_PROD_TAG_DATED::$value"
+          value=`cat mbed_os_version`
+          echo "MBED OS VERSION is $value"
+          echo "::set-output name=MBED_OS_VERSION::$value"
+
+      -
+        if: github.repository_owner == env.repo-owner
+        name: Checkout
+        uses: actions/checkout@v2
+        with:
+          ref: refs/tags/${{ steps.build_info.outputs.MBED_OS_VERSION }}
+
+      # even if tests skipped, as cache used is HEAD of branch, copy images to right tag
+      - 
+        if: github.repository_owner == env.repo-owner && needs.test-container.result=='skipped'
+        name: copy dev tag to prod
+        run: |
+          set -x
+          echo ${{ needs.test-container.result }}
+          upto_patch_version=${{ steps.build_info.outputs.MBED_OS_VERSION }}-latest
+          upto_min_version=${upto_patch_version%.[0-9]*}-latest
+          upto_major_version=${upto_patch_version%.[0-9]*.[0-9]*}-latest
+          docker run quay.io/skopeo/stable --src-creds=${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} --dest-creds=${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} copy --all docker://ghcr.io/${{ github.actor }}/mbed-os-env-tmp:${{ steps.build_info.outputs.DOCKER_DEV_TAG }}  docker://ghcr.io/${{ github.actor }}/mbed-os-env:${upto_patch_version}
+          docker run quay.io/skopeo/stable --src-creds=${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} --dest-creds=${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} copy --all docker://ghcr.io/${{ github.actor }}/mbed-os-env-tmp:${{ steps.build_info.outputs.DOCKER_DEV_TAG }}  docker://ghcr.io/${{ github.actor }}/mbed-os-env:${upto_min_version}
+          docker run quay.io/skopeo/stable --src-creds=${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} --dest-creds=${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} copy --all docker://ghcr.io/${{ github.actor }}/mbed-os-env-tmp:${{ steps.build_info.outputs.DOCKER_DEV_TAG }}  docker://ghcr.io/${{ github.actor }}/mbed-os-env:${upto_major_version}
+
+      # when tests succeed copy to fixed tags
+      - 
+        if: github.repository_owner == env.repo-owner && needs.test-container.outputs.STATUS == 'passed'
+        name: copy dev tag to prod dated tag
+        run: |
+          set -x
+          echo ${{ needs.test-container.result }}
+          upto_patch_version=${{ steps.build_info.outputs.MBED_OS_VERSION }}-latest
+          upto_min_version=${upto_patch_version%.[0-9]*}-latest
+          upto_major_version=${upto_patch_version%.[0-9]*.[0-9]*}-latest
+          docker run quay.io/skopeo/stable --src-creds=${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} --dest-creds=${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} copy --all docker://ghcr.io/${{ github.actor }}/mbed-os-env-tmp:${{ steps.build_info.outputs.DOCKER_DEV_TAG }}  docker://ghcr.io/${{ github.actor }}/mbed-os-env:${upto_patch_version}
+          docker run quay.io/skopeo/stable --src-creds=${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} --dest-creds=${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} copy --all docker://ghcr.io/${{ github.actor }}/mbed-os-env-tmp:${{ steps.build_info.outputs.DOCKER_DEV_TAG }}  docker://ghcr.io/${{ github.actor }}/mbed-os-env:${upto_min_version}
+          docker run quay.io/skopeo/stable --src-creds=${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} --dest-creds=${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} copy --all docker://ghcr.io/${{ github.actor }}/mbed-os-env-tmp:${{ steps.build_info.outputs.DOCKER_DEV_TAG }}  docker://ghcr.io/${{ github.actor }}/mbed-os-env:${upto_major_version}
+
+          # copy to fixed tag
+          docker run quay.io/skopeo/stable --src-creds=${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} --dest-creds=${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} copy --all docker://ghcr.io/${{ github.actor }}/mbed-os-env-tmp:${{ steps.build_info.outputs.DOCKER_DEV_TAG }}  docker://ghcr.io/${{ github.actor }}/mbed-os-env:${{ steps.build_info.outputs.DOCKER_PROD_TAG_DATED }}
+
+      # when tests fail, rename to "failed-" for easy identification
+      - if: github.repository_owner == env.repo-owner &&  needs.test-container.outputs.STATUS == 'failed'
+        name: Rename Dev Tag
+        run: |
+          docker run quay.io/skopeo/stable --src-creds=${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} --dest-creds=${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} copy --all docker://ghcr.io/${{ github.actor }}/mbed-os-env-tmp:${{ steps.build_info.outputs.DOCKER_DEV_TAG }}  docker://ghcr.io/${{ github.actor }}/mbed-os-env-tmp:failed-${{ steps.build_info.outputs.DOCKER_DEV_TAG }}
diff --git a/.github/workflows/docker_management.test-PR.yml b/.github/workflows/docker_management.test-PR.yml
new file mode 100644
index 00000000000..e6e8af5f926
--- /dev/null
+++ b/.github/workflows/docker_management.test-PR.yml
@@ -0,0 +1,62 @@
+name: Build and test image when PR is raised
+
+# This workflow is triggered when Dockerfile relatedt or github action itself changes are made in a PR
+# The workflow is quite simple - builds and test the image. Release of newer version is done only when PR is merged.
+
+on:
+  pull_request:
+    branches: [ master ]
+    paths:
+      - docker_images/mbed-os-env/**
+      - .github/workflows/docker_management.*
+      - requirements.txt
+
+jobs:
+
+  build-container:
+    runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        platform: [linux/amd64, linux/arm64]
+    steps:
+
+      - 
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+
+      - 
+        name: Set up QEMU
+        uses: docker/setup-qemu-action@v1
+        
+      -
+        name: Checkout
+        uses: actions/checkout@v2
+        
+      
+      # cache documentation: https://github.com/docker/build-push-action/blob/master/docs/advanced/cache.md
+      -
+        name: Build with remote cache
+        uses: docker/build-push-action@v2
+        id: docker_build_dev
+        with:
+          context: .
+          platforms: ${{ matrix.platform }}
+          file: ./docker_images/mbed-os-env/Dockerfile
+          load: true
+          tags: mbed-os-env:a_pr_test
+          cache-from: type=registry,ref=ghcr.io/${{ github.actor }}/mbed-os-env:master-latest
+
+
+      - 
+        name: test the container
+        id: test
+        uses: addnab/docker-run-action@v2
+        with:
+          options: -v ${{ github.workspace }}:/work -w=/work
+          image: mbed-os-env:a_pr_test
+          shell: bash
+          run: |
+            set -e
+            uname -m
+            ./docker_images/mbed-os-env/test.sh 
diff --git a/docker_images/mbed-os-env/Dockerfile b/docker_images/mbed-os-env/Dockerfile
new file mode 100644
index 00000000000..570f750e012
--- /dev/null
+++ b/docker_images/mbed-os-env/Dockerfile
@@ -0,0 +1,103 @@
+# ------------------------------------------------------------------------------
+# Pull base image
+FROM ubuntu:20.04
+
+# ------------------------------------------------------------------------------
+# Arguments
+ARG WORKDIR=/root
+
+# ------------------------------------------------------------------------------
+# Install tools via apt
+RUN ls
+
+ADD requirements.txt .
+ENV DEBIAN_FRONTEND=noninteractive
+RUN set -x \
+    && apt -y update \
+    && apt -y install \
+    git \
+    wget \
+    python3 \
+    python3-dev \
+    python3-setuptools \
+    python3-usb \
+    python3-pip \
+    software-properties-common \
+    build-essential \
+    astyle \
+    mercurial \
+    ninja-build \
+    libssl-dev \
+    cargo \
+    && apt clean && rm -rf /var/lib/apt/lists \
+    && update-alternatives --install /usr/bin/python python /usr/bin/python3.8 1 \
+    && : # last line
+
+# Cmake (Mbed OS requires >=3.19.0-rc3 version which is not available in Ubuntu 20.04 repository)
+RUN set -x \
+    && (cd /tmp \
+    && [ "$(uname -m)" = "aarch64" ] && \
+        CMAKE_SCRIPT="cmake-3.19.3-Linux-aarch64.sh" || \
+        CMAKE_SCRIPT="cmake-3.19.3-Linux-x86_64.sh" \  
+    && wget --progress=dot:giga https://github.com/Kitware/CMake/releases/download/v3.19.3/${CMAKE_SCRIPT} \
+    && sh ${CMAKE_SCRIPT} --exclude-subdir --prefix=/usr/local \
+    && rm -rf ${CMAKE_SCRIPT}) \
+    && exec bash \
+    && : # last line
+
+# ------------------------------------------------------------------------------
+# Install Python modules (which are not included in requirements.txt)
+RUN set -x \
+    && pip3 install -U \
+    mbed-cli \
+    mbed-tools \
+    && : # last line
+
+# Set up mbed environment
+WORKDIR /tmp/
+COPY requirements.txt .
+RUN set -x \
+    && pip3 install -r requirements.txt  \
+    && : # last line
+
+# ------------------------------------------------------------------------------
+# Install arm-none-eabi-gcc
+WORKDIR /opt/mbed-os-toolchain
+RUN set -x \
+    && [ "$(uname -m)" = "aarch64" ] && \
+        TARBALL="gcc-arm-none-eabi-9-2019-q4-major-aarch64-linux.tar.bz2" || \
+        TARBALL="gcc-arm-none-eabi-9-2019-q4-major-x86_64-linux.tar.bz2" \
+    && wget -q https://developer.arm.com/-/media/Files/downloads/gnu-rm/9-2019q4/RC2.1/${TARBALL} \
+    && tar -xjf ${TARBALL} \
+    && rm ${TARBALL} \
+    && : # last line
+
+# ------------------------------------------------------------------------------
+# Configure mbed build system
+RUN set -x \
+    && mbed config -G GCC_ARM_PATH /opt/mbed-os-toolchain/gcc-arm-none-eabi-9-2019-q4-major/bin/ \
+    && mbed toolchain -G -s GCC_ARM \
+    && : # last line
+
+# ------------------------------------------------------------------------------
+# Configure environment variables
+ENV MBED_GCC_ARM_PATH=/opt/mbed-os-toolchain/gcc-arm-none-eabi-9-2019-q4-major/bin/
+ENV PATH="${PATH}:${MBED_GCC_ARM_PATH}"
+
+# ------------------------------------------------------------------------------
+# Display, check and save environment settings
+# NOTE: using bash instead of Ubuntu default dash due to unsupport for pipefail
+# Pipefail is crucial here, if the tools didn't install properly, docker build should not pass because of piping 
+RUN /bin/bash -c \
+   "set -x -o pipefail \
+    && arm-none-eabi-gcc --version | grep arm-none-eabi-gcc | tee env_settings \
+    && cmake --version | grep version | tee -a env_settings \
+    && python --version 2>&1 | tee -a env_settings \
+    && (echo -n 'mbed-cli ' && mbed --version) | tee -a env_settings \
+    && (echo -n 'mbed-greentea ' && mbedgt --version | grep ^[0-9]) | tee -a env_settings \
+    && (echo -n 'mbed-host-tests ' && mbedhtrun --version) | tee -a env_settings \
+    && (echo -n 'mbed-tools ' && mbed-tools --version) | tee -a env_settings \
+    && : # LAST LINE"
+
+
+WORKDIR /root
diff --git a/docker_images/mbed-os-env/README.md b/docker_images/mbed-os-env/README.md
new file mode 100644
index 00000000000..3c492b0733e
--- /dev/null
+++ b/docker_images/mbed-os-env/README.md
@@ -0,0 +1,49 @@
+# mbed-OS development environment docker image
+
+This docker image is the official mbed-OS development environment.
+* It is based on ubuntu 20.04
+* Python and cmake are installed
+* arm-none-eabi-gcc toolchain is installed
+* Latest released version of mbed-cli and GreenTea are installed
+* All other mbed-OS dependency tools are installed.
+
+# How to use docker image:
+
+## Pull docker images
+```bash
+docker pull mbedos/mbed-os-env
+
+```
+
+## Run mbed OS environment without HW support (build mbed images only)
+launch docker by
+```bash
+docker run -it mbedos/mbed-os-env:<lable>
+```
+Then you will have the container with mbed OS development environment.
+you should be able to compile mbed commands/examples as recommenced in mbed documentations
+e.g.
+```bash
+mbed import mbed-os-example-blinky
+cd mbed-os-example-blinky
+mbed compile -m <TARGET> -t GCC_ARM
+```
+
+## Run mbed OS environment with HW support (USB pass-through)
+If you want to use this docker container connect and flash your targets. you need some extra command line option to pass-through your USB devices.
+```bash
+sudo docker run -it --privileged -v /dev/disk/by-id:/dev/disk/by-id -v /dev/serial/by-id:/dev/serial/by-id mbed-os-env:<label>
+```
+Then you will have the container with mbed OS development environment.
+To make sure your mbed targets been detected, you might want to manually run the mount command and `mbedls` to check
+```bash
+mount /dev/sdb /mnt
+mbedls
+```
+if `mbedls` detected  your connected target, then you should be able to run mbed tests/examples as recommenced in mbed documentations
+``` bash
+mbed clone https://github.com/ARMmbed/mbed-os.git
+cd mbed-os
+mbed test -t GCC_ARM -m <target> 
+```
+
diff --git a/docker_images/mbed-os-env/test.sh b/docker_images/mbed-os-env/test.sh
new file mode 100755
index 00000000000..0c2d30caecc
--- /dev/null
+++ b/docker_images/mbed-os-env/test.sh
@@ -0,0 +1,17 @@
+#!/bin/sh
+set -x
+MBED_OS_VERSION=$1
+
+# for master version of mbed-os test with development version of example application
+if [ ${MBED_OS_VERSION} = "master" ];then
+    EXAMPLE_VERSION="development"
+else
+    EXAMPLE_VERSION=${MBED_OS_VERSION}
+fi
+
+mbed import mbed-os-example-blinky
+cd mbed-os-example-blinky
+git checkout ${EXAMPLE_VERSION}
+mbed deploy 
+mbed compile -m K64F -t GCC_ARM
+mbed-tools compile -m K64F -t GCC_ARM
diff --git a/docs/design-documents/docker_management/diagrams/docker-versioning.png b/docs/design-documents/docker_management/diagrams/docker-versioning.png
new file mode 100644
index 0000000000000000000000000000000000000000..9f0a639a796eae753eb0362118d949e051885822
GIT binary patch
literal 31578
zcmeFYcT`jB*FShdARvT}(u*Pjf|5d&-dljsiwJ}kI)oZ}07Z%v#R5`oSU^Bg1VIR0
zrKwoxgsy-TL3)|v74P@Gzu!A^=Z~2+Yt4GsI)syRp6us&_SyBb_esVY>oU^w&;tO#
zsIRAG1^`ef06^U6VBnP(EYd~*K$jV;Z4>NEbocae14Pi8zt2Qa2oL|DU=g&I2nvM@
z2srKPiNgote1lH=xdnrl!27=buAc6mZmz$_pb#kJDTM4Pl#B%uDS}o<pui6_@-#vg
zVfTAH4)5l7Kv3p10wf@2gmdxq3-%B45J78z-}U{1-F(3R;AQaB#2oyv0soK)N2H9S
zoH%%@9uVN;X6@!|=n1YtM+Pl-8Z8T67BkedFv5tSG{JKpPj5HypRSvWxBsu7XnF+t
z`+`?=6u`BdmX?-7okk*l{m2~WjtlhsFJyl0$t@U%|Ggh08HBW*tf#j|um=H)M5xPZ
z;J`Ki8WZXk806{i_j?#p`n3G7&HTC%93J5I`>Ly3sHY1!DaZqDkfjH_1BZAXaLYE>
z3!`C1Fha|E1e&>`<N}bP2SogE;A;QkIu>NuDdcY=a#q2v-m?1AI#>h}8|<&+p{}6d
ztY;+~;A`hgki+>BP&hdmlx3inm5znFys1HutBs6;U9h^PwudRw&`LwjT~9;b%f&lf
z%MXn<2nuyWsk;PPD42&Bc!3-+Gu5|L@C@^^#=5Hq=(^gO%7^-(<qgBaO~Xy>P&i#(
z7b^`rPk&pzP@PZ%eUxsnrVJ5pfHC*74L9{R(a}M<d0Log+lrtx3>Ccb0oG<#p}t7N
zuuuaF9kiydv5|?F76R)E-p0$DptQmxv^<Djpit<5SG47I!`-k7-UvHwgtoj)h>yOV
zpBCOQ%+MfI(?dfZXQ^#q=W6B_MAXDvp-jwW>_Vhn6oOrY+|7LSjJ$mP)U~t}!u(|2
zQPOyK1$?kNT0RtwMj{my3_;?dK03C}7<qh<pR<9nRv0GK1Bb<G;<Rk^w6qW*{+bE|
zs{mrCb3jOhp^2%FH^^%pO*;b}Gb1CbK%#-XtZ#^Zn4W=&DFS2aWn^OQ9%ifMtc`Fs
zut1votD8&Pst4<6x`+G8xFMy@?5sUpjf{Ljfz{FX(D%^ra+TK!_I9?EHFnj)W5Tfp
z1T&<9Nw{-_x{a=^7Q$D@7bPu&_QmRBG~I#>wAGD_Z9UK)CK$X;Xixyg$kxY9*VWP}
z&^SUSOjFlX*U&VAXc8D;=B;NSYh&rJiNwq3Sb6yv`v+)-V>JR%HYNmh12ZhRX@g)q
zxCZ|aw1u&^p{1Oirm3Z&HB#Fx+|pGy!pBBhK2R3trKRB(>@Q<sB4-ui9wDb0Xyg_y
z?`MlQvJKOa@iO!_^|scQw(;?g0H2_RotB%cv8Pdpt&Xg1NMM96(#|T(8Kq;0mqY8@
znakh;<veh9&i*z5mSGlXeLO<X1)*RV8txV19<FO+{Od7z`#R&btQ5>~7Pfd(cdWUA
zmY1oKx}D80+0zRP^HO)id3ZS^rDcf$E;!pjFFg}i8_O^sWS9-nU&fgj>=mNxYhZy_
z!24O+n%U|5VZ8P91C6xJK-;9DV`fa$H8(Qxv-1k`wDrb&dg$tC8QS<-*$~`8@<d}Z
zc^5PN2ooL4051>CK+Qla8H5)mLPyry%q{@$sp~=n4Tp}u3n-pC(&|PU2GX_>(mtUE
zE>_y6vYIXi@>olZp^>`0o^*hww}}SI(gcq)CWfdZZOqIt8on|*(h>R*zTqJ_BTsKx
zT^qMh?Z9AngK(muo~gT`n}?ygw~VEppJ}j$o)1ySNJGaI9WJfw7f6tm4)MVR83$N-
z%DU+It9!XCD7b-QrEf|I2X_^MQ@21`%ewif`%3HU85#Kc5ez)_WJ0jM`Y!koJDhBg
zxw^iQ4$d6wXC4x$XN|^STu@dR3zSQ!d5|Z@#v1QxE^CJKb_>>)^$s;RBG{T38`vnI
z<b5$d0lMzinnCgbvS>}|2w9Y`nF&5zHpo|2TZ3SXl@0Xu2~*I})g;KfA!TI(ZPd}0
zrU<MJ&eI)hq7kNxLRe{qSZW0mOwcaUc3}ujEniuGe=RFt3poR8n_mwEW2=Yt3pY0K
z##kF;t%JS1J?ws2S)z{#(NY)h;~5z2i!=8L4OVc);=Ei5cG}_oXq=Zpn7pr!Nw5sc
z%}+C2TGl(lM9$cUs9>aru|?`=n*<wSA|l*<QF2!1L?Q+h;9vINf~XJ#PUzz*W9DrI
zewV{Wco_$n$)bI9(F)qKW`?HjVV)Km?gX^HG&oLO!$U4q*1*p_+(q8Ug`nx?5^8A)
z{>)O>SPLcV>ZhQKKwF^QbWjnX0%=GiBXH6dW;SRUbvgY2SvP+pT?Kz*Yj;nquUD{~
zyP2=7l^G_$*2gc%g5YhaYvvw-4b=9Rk<}*nc-pua1X|ey1UnOqQF>UMrHm;dLS9bO
z4})}-Hx1X-)U@>XLLi7i1aNkLOH*@a6Fr6SAblS*>p%@#v=vrCM*-_A2i~-{A<FA|
zqvTD%b2}o|9|wxGhOE1fe;9!%ZEj_PGtwj&%9(rW5!7`EzgF$;8-_zz%6SreOk`z(
z4fGAH++^_teH$IDnE}GjJ=6jlY7%a!WoV#h?THUI^taQN(Uq3<mzMGH@J9t|T5EZO
zu2;jtN<+`h3Y=8K&_d6}6z#5oLK3X3jjYW)%#gtm9^h(l0mfb$9<DklR0zh_%F<5P
z04WbTYz<JEG|VjBQ2rq<UizMLp}&TrtkJ(VBZtuNl9Sg6`{mt!9iX??`QsV?a+Bcq
zgWv<Ltr~=>1OOpGUrXJB=rEsuD4U~ovu*U1O=uhqbp{vKw2tMnmYR0mQX7#vjgx*n
zZ9L9{X<}5uA^8{=YaQ0qRK4Zw9io=D#XD+NQ)=z=#M|UR$qtA88U9Dlx!v9IkuUF;
z;71|^1Vh4J&X$Z?D{sHDbhJFIrcJG-_FoPmsY4u-ZsngmSy>?e_0WTRuq2V_{&T1m
zuw`<+Hg7K(JSIf-`><jYgJ9W<+*$!IXz6I;qm^43^@QtOON{qUvi%|U+MKEv7-FD6
zfCgFwFL}oEsTd6cAiGSjlt6qKoNzaLR$R_PztT{ar3)TXS1^;9dpCSe2zs8ph#3e}
z9Xw3dCF}G{`E`5mcu8{3UgmmDBlU>+U<H}lR6z@^Bdr(Qp!BH*Ol9Q{XZzk^&F!#Q
zvvXMcs=K%9r>6$C9vwQ@(=uo)Ek0iy1Erh=Mze*sUrIxR23{Q^2|{*w$bo=E3;8mj
z1L-@>$kNXS<={0M%S`;{8GSs5D<Ej^%;TFsCN<fh;o}}5<_DZZi6CZ-=dH{>y9eV;
z^<Px+XOxKfk22hQT&0a8Fns({rt|ZyRE7IDxa3)-ny2+;?x9AXe%w0O!x#m-IednR
z{1X@evgs%pz-KCXdU6_YhKk5Y#sY>w9@L2z$fc48$j5=j>@zl_B0zy$<*p+j&!R?a
z&WRuEp{}4K3sq7D(2_WT`9l=?-Zm#d6{zMTj{zz`z-dxAA%@6L-gB3UQ&*mQ#Y0{O
zZbCP5Z3z??T__imlP(|y-9VGv0S9EsArr16%jl^W+}kx<0V1RYooB}<CSnRCn0!`T
z06b(vfV>He&|s-4Qi-D9vjIwZagQI<vmWt>vlDn@C<3l#2r%dFp&xrP0Q0oArXD+o
z$gxKER#m@0K*vlkj=R{)%_IQNXb~{-0-z$}JDo+^?LW!}&51$Jh9Ah<YbaIFVk4Q#
zX~+FsqDz*ssLa4b;SrUT#hG+9DB?kfEwSP~ZCxxm=TJQhIf@;DBJE`ya#C>V7TVaq
zWaE?qPw<7cez{5B^<$rOpr$yn2LxWv|E3z5ODTj%x3-)G{E+IZ(4C{xK@$K*?zU6i
zA?ZSzB^XH*Vh=AmOd4$s`N;xELB2ARAaf|7Fo$wo<ASdlhcsa0;}gS7W-N|{*L%v%
z-T&&;Fnr;g!KB9ahQiv#=&^cg*hcb3#i{#<fC8^AG9_nz7BcVM(n#kbVICv~%RbpE
zR51Q}tU|hL%R{yBj+81SK$R4ENyw?NCh!NdaJSg`0V)qhiXpHs9Y5y|<chFB{kl0s
zgN)9wDhPP>1<Ov5w>>UVve=-k!8b8Serr>l4_gt7*l9n7D$Vl2j*fwao1wjy9V$&%
zxH(H7K0YUNTuq&v6AP<`8{2Z#`O%Q#_!GXp>g)+aK~CV;dJqsd!Ij!Y%u-BRj(E&y
zXEj<LPk9Ywhws2kYYfPiFxY6`Lp(1BBfN^c?q#pb#->~sMq%Zn!W~s%Ca2rdN9ozB
zI@E4Jmby>qO_gqNRNhucHm@FEJ8FCL-I|U~0L^)bf~v_AHDrJWy^5m<-H5oW6-2(X
z^sYsAJ@z%$<4Hj4<jG35EJ>r+tenZSk!`D4KP&S5tN>$}T469MPIbb%*e#!y6#9;{
zHU}?O;AbKP8_KJN5Z^1+eo$&(6))pbzPSeUTxK?aPbLX}VmuHbx_H1mAteRjJvXv`
zM_hya<U+jD`_;w=C7SCbv&8HpEg!EjjBoW6?)Ti?S+aHmxH8uf-!wUBF#0&$EEE2w
zLW0TjW=8Uk5;PF+vUI(;zRM`mo|V$(2%C7*0$gYob}x=N0i-Y%3)UDOLz0DJ;`Ezw
zpx}iSKSlgZtlWm*%~@!<dfUR8bo-*XImb~+%p76XWy=huV!s?fpAgo)Q8_C4Dy}bv
zr7aU)WJ0s_Y?FW6(0%9JNn~cJ%2wRBvkOg5`MXXht)p%+i&2Yb^X)I<%(8!}4?ab-
zOl5xjQKm|skCg$N^tD>mD_pP7jXuKvv4F_9@QJ~?PxUL@(I4~~4L)<3Ctg3zCFk3&
z-jQ>AB5Vx4=?~#^Il18ZV}koDGRa*<A(ed+J(U=Tkefe)eh1gc!S7j6Ap`E~M-o~9
zb8Izd5fVwZT{wM0%>5+$%DkuWx<GXXlhO0IKK{BOxA+n&4s>Owq%6MEJUOl&aG)Vi
z7>HAek+RJ+Ps5Y4mLG;HBs-HN1ct&I$B#hm6>vb8GP|T}(<invfxB$bH?tG<jK!A7
z=+q0IYC{t5y6>7TH{|C;J-x>@J_}eY@$H)zA&tbZaZw(<4=RpXKvVG6T(vo~*Q~Xj
zh02E>cc=VzNorfvL@%u8ijm{jp>^$IXIG0Ob)iJJp96whGy!i}5?qSEBS!NoXNGJ#
zq*=Qc_IcG*(Lp`I$LOj3Zcf3YvCgE**`WmTP<RT=uY%$QBzVDA;2y)eX9IiD>xZz2
zC3(|zPYpki6Jgz%X#Pa1c+b;w7@m);zydltaP%nI=oN<f_Qu$vc%E2<7?n*JO2yCd
zJ{#2jp3_qFZQF;GN5J;$Xga2gwc{}3M_bij5_s=_L&J6_ZQR^<-~2#T%8@)R;L~p|
zNyx9NYSXQs3J^(b$jBfJ=hcWNh{``vDGpm+vDZKL#l9f{cW2$kS?Er=tg_^R->osE
z^lraxdp5f8?CAF@Jp88ZCSgxra(5^0iDJG(YmU9D;jKeo^R5c|4Y;Yj>Gy>t!Y#OM
zP!A@3<b&4OlOe^uh~d^(@nqYd8`mJB`vsL0_-c)HV{{K7clU=Y?|@n(^26Q3NDnvO
zQmJ}*-fIdjU8_Pf1rS|07C=0hnRct{Y3e5y%OZR7<B%qwaW5}ru}wZ}T;=vFbHhb2
zuT0h4q)>M!Z`_rDiTPCHNg+=Whf{d(=2T5hQ|kAHu5me$yV);S-yZweevN+tM-iZ%
zISt!Or@Ba$v4^LB|74nbE3-++^wL~Fu_KYW$pbB$9onjH+;}w%l!8V3GN#l6DTtt+
zR>nRla_JeYT6t<MRDYq*eSBTYuA;ffV7i&sG~1x*Dl@EQp=nhB7CF?J``Fg88-f0Q
zer>5Cho`02+w6JIRjx9YyC*LV65q0#N8519aRr5tG%mhaFbk0PlwOD+UOJ)L;bJx{
zO0$g4`Eko>tj%Gdu{V9_XRX5BxuCVn-!OH@FQGRUw(PR2s=pj9_#`_mZ|f&%Y&n!C
zuJV;P@XcWA>*KHw{5QAq4nnC(?l_ahQ?|9cN6WAN5QxJtEFR6?|Dpa#G2ga1FZwWO
z(+uhK;5OrQIY$qkb`|T!q=58%FtthW>iwv#DCYSntEN@PSRU*t&<Yrx5JJ9lb&dEF
z)BQ*wS;2lZ_sqJ*u!HfM|9;8(A6s#ijGvI04*N<ti*HziOBRH`pHVEZdSmqTWGE{o
zCc)?X{fd&Ar#glqJkW!m2vH>;(wdY$dUm+I*Na#uE_Zs+o~R^ha^wd}eSRpjGp#Aj
zH^%s)dX0kJr<&kX`S{fw_#q-8D$!_`@F$pz6JtqwtqiTYjS2mB-FI#4D2#Ze*F+`w
zQv3NIedc}^Zw7m#qbPlMPacQeJZ~uY$JOl|V~OKU`j)u|?0Kd4P2RJP%ntgtsW_tg
zE9?kDpOUI_w(HCVh(|w*0K_KNp3;Ud#21{Tvz<A+O1gzTD_0&hPJ0*@nD;#6DOm1N
zq%lT@{0KxkxQ57(Bs#V2qY`frM4k$($XxvS#82Q;cv4NZcV<o9CH&SX%qcdgR!WL_
zVwkE<CP!}TM^yAkWWZ4pv=f;-KiU8&am#syhpK*`et*BNA~ghgViI|4N8vl=f*ZTN
zefWNpP0)Q{do#A}w7`@Bk{mngbK26yakElu?MIc<)~s@KT9}yph4y4)8glNn@JVs*
zA3snd99@cVVh;DB6y+^s(YSg<>2)McB5&;S2ZfOa@`P@`;E1l;ew6d9Q=va9^u$xC
z28VzQLyd4+ef~fEiuxUqTAa5%yIwEou*S3$6Q|uvd#8+PxVC_y`}+1dVxo%w{izEM
zb=j$L0zHE>kKfc?+n`|=LUXyki^@2(8s00_^JM0peVx#y8^+5D#q~?25hKn@{U1AC
z5^J~;`sO;d&&JAqN4`@Xy!&P;@NrOAK9x_H5(x=JoOm)ZAkS3?PkTY_=r&7fb>6v1
zmDq@eF2n*9-xfGA+<lKOs7+N$-DRm;EyAB&t6b*BgD%4JX7o<D2_(T2HUOu{p^;;@
z#VYhv#Y|6BM(%bNMP9BMy0mZ7*qqwRMe04VMe^ALie9j)znQ=Hpom2{vg$h>;^x=8
zhrT;4@Dw2^BCd7(*_`L!cc&UTiowtDC=weWwoi>xE@Y&UCPaefq0zNjn{cVycjWcl
z9e0!u$7EQ~&Gx<}g`B>uejx5noN+blPEG_u#}odDVTTb8b(UHWpEeqAFK=tcZ-GYy
z;18_p)NeHM``5eSNN=5PLUzz6Y$iKV9pBuK<W=@^K<mD(g#?M)ijeXleD1S-Z|#Y#
zywR#OOA_oBfz$c>=loTANO^H0QsuX~D5VMs5n(s6D8+GqhUuWZPxqIca84bRU8}4!
z&4;0|AD2eOY>2r*$(|V@(ReBXtgg;CyM)HxG{AAF^%_0wWA~*UtZ<Z#s6T$%fDXTF
z`#MchJXFk&I7ZzY=0O{)GuBGUd2x~%P%9e}eiBI^DSk{0#`c{-?>H<^wml~&wwM)}
zpM>7oh7`RU^EzaGo~Vd!<@ipSslI|7U2=&fnxmx>3|q6th09Y~)EsKg<{v)D>HMk1
z=;%qyxgp%?MrV+`A|aceV|O-U7U*<tB~WotNyn=nv!>3TZF-t<=(RX(8bXn*tX)cU
zfW78`E|9K5g2LDVv|74U-h1~m2Au30Ki2bdrb{;;mgUAOm<vk5uJo((4qxaoJ&$n0
z;|jBXtcsEJ5BZFH0lnwzA>@xIV72zhqWs=YpK9UrdF_HIh?2FIjm>_ojuV#Ui4+H`
zq<tLaEv>a;w((&phdjm><6(OUu3pue?n-}$Z6tm1Mtx;E5%lc4T}D&(4{>&f&8uuY
z=8!t8i2Sd|glDg3Tf$QyDZ=z>Rqaim7`8Gxuk`EUvi_F<gcL@F;XWzujec42;O^PM
z^mfauFBUI+uo{e)<5)=?o4w}f)b)YerivKo7JaU3{^p}8O{f85U|77TJjNXNh?!w!
zY!Tf!tq6=Dz8&4+$1jUhXQQ-`6{koSrWJJIOPiWqKIquioG`zqZrx{kU51>Uj+2xj
z0U`08(r^U#d|PUqYbe5~{oDrMI$R!7Ck*2%3T!K=GViQ-$5i!(L%d8Q;AeazYF(nj
zAq7$_j%;l^C*RwX69oGpnfE@nF9}k11tF92P+yXRm*WT~d3=QGsS|JKjOvl3$7=y@
zMHg8aFs--5ZYAltOQ~j+aXHy>(r_}gs-<~e++R$B(6g1%ze}`rZ-AQL6N6P7s1w?d
z;~yKdGG2=u?vZz`*==Bh)_iyTX?&0`M~RZn6H^#EU>qFR`95IJe!6w*R`Ii<qPs6E
z?)nfw4t@Ncr(e4F(DhEhiQGns-pG1H+zI@S!b+!oWXk!N6G`=hJ}7sla1@f9;{i*-
zs1vBkn<w<}0SiZ<dCB*)DU#d%kexxFK(|Nq(7>v8qq;ZqNsi9?Ct%rEnu`jZ&)4kH
z=2`+N94XAj?8u(NM#T$Id`pg_$ufCAloQqkpXZ(oas<p%Yy@32y35S@utNcf`6X2F
zXWSUY5-IpyZl|DF8r4M~q3KeUpmk3ujW#Nh`_i^Jtoo*AEb4o5NQ1{3cHYe@t@?IQ
z{3d^EcV*jxg;FKb@3E(*GnvQwHOn8D2w|osqF78W;mF-UcAOHvp8MkqBrmo`j&z|>
z8NbKfcY+NH7YmmI63!L3Rv_B*)fJ&0Rn5^f972*x%NOIM7!nMpKcQQbASa<%*jEnW
zZk;}&VtvY-KbW6<<Q?eT5(tVes9K^vend3C{YfEutu}jTmw31H#SA?Rzh;}wriCMC
zXO741ysRM-q+r|uLCDs$=F6h6<raYy2pH)Vi@h)V-WhXAYYh~tJhOX;OgnvDWTWoe
zaTg6^8Y4R9Ig5Nb5}zfA9z!nON4VT%-zM)ucP@I`JS4WEJHGAT;Ck)3{wU~A<gr4X
z-QLak3X=*-J~RX`L(0dOHXBtdRb3J7tCs66j&JUIz`?=LiOhea(h-p(+nn~QG`DBD
zGukh}EwhucWXHcew0dyL-Og{sjiun5h$Flze1JvnSS>@wge&h{C#E5n6ThExy;+(5
z8;9z5qfY|;W~6tt7?;~=&k9RqI3!ka&lR|ndDFvvBn_+P4KG@H6kg_{V|>MP;65R&
zOK||yx|nwPwMq9zko%SyFeFxTWt2L5p=H7_94>C1oc+0F^=PrxLoO;dC=dPL0g|aG
z*@9<8oSfrbys|VdewfwCfMY#%>8okk-K8Y!g)A(AHIwUIz(2sXI3*DwWaj;J>lfO8
z!nVIKIcGJOe|)F@ah24fR&d5)`0r)@MJE}O_6J`3O&0{&KzwSJ7;^SN-+n`U$6?a2
ze}a7`hxFi+4<|nP{w<2XPQV3n{m%mb-{l}#B2FN3p)xG>$2depgof7I@>59Z!-rC*
z#KlYf9IT$*ttuXy`sD2;TDQM&)<5#GV^1=P&NTyk{%bZRA_tEvNjlEq)z<vyh^!Cq
zyA0@Se=atJXqOj!f9IKN<?;SDSBdo(=dq@1*~@zw*(f*Dsh2mm`Xyo>37m0hd&Vq0
z?8z-frC_Y)EY!|lx&V^@3)~f?j`;q3QLPBKQ;}LrX_-)zv72(qI^sO}pa!6abrEN}
zXnCX61VQ<ry8y06tnbr<gH%TAB5*-XyJY-{u<okl;=ps?fyADiN_cZ(kG*-#)6gVp
z^?|-sb=KD>A<1#2<5n&QI>T~`3d5*j+E_{mTh}o^PwF+Kk4JYGFnyE>wtkC!7A57q
zk^oK=vtj#+<3P+!sF_se$uEorhiXjDJXC+f<Mj4j^tx2G>`%w?g^4#wL(vbY)zUJC
zS87#Wc!Fp&x<aOR2JK;&QG84YS+x8olRB1}379YrMD<QfDXn+L9nLwnHEddL6|>$v
z5Tg+A_MJ4aPDKRBi;zy(Quxg%0|*>g%HG`Z0tTsUvZq&e`aS~@5TepT4ij($Dh92n
zI`s1#qZ2QH=fOQ?2Z7g~Fq$P+Ig<1(hjm?ac)bj13Xp|Vbh>OWw7-R9Zm$7HHn5J9
zB}=m(Ux(TA|E+O)Mota&w3oPvv!R;Cs*i)(9xOyUK?I_{t~~LtTiXifwm#xV(*RjI
zMe+xh?%thaqn>^v>8iFZOmfTxzNB)=vysJs!Oi2aYTmqK7vhlC;-RpmhZmfS_(_FP
z0ntZED!>SBMcc)#V~!VE)F#h8U^+nc)ezK7O3xPKO<$}Ib$2+#5mTq5_y#d`lxsH}
zCNBA$n34y+Ks}&N$4II-bC&J^Lv%&Lq%Q!Rrh=NR0E7Y+;v^`5p;}6Rm=J1DMF~d_
z?$eN<kbvv?A%r6Z=;>4dj*<Yv03w830F)to;jkqrsRP2tM1cY`C$e#|f8*3sojZSU
z>Y{W14NeURG2EAzfPT4IrI5SF377+`vOQU>9V0+u&P)$bK|^Y2PlkN%nwf+5sODUQ
zEC}825~Z^7nvIr?)67zKbe+BD*jIQ6*rP9^Czk<jRA1ere#9n9Y-{|Lpv^0H?aa$I
zUv0W13lgW{or_{7ivyuS{kmi5!{j$Wm9)y;hOaX@Iv&GLR!n=}ctn$TmQ{gy=H2d4
z6=X<ezfoJa)|wk?FFMxBnH+Za5%$0g2PTk5wijNk-Q#3BJ*7;Qb7Vv_z@y>eC;x^`
zSb{@&tG-+fh-w4yXIyIgwB+^^nJ)B933@3s3#Lw#2oV7GhJ!W?3c~Q(0F!LoaeRNy
zUb9e+IxbB3#0XVDs)Q4tvx*!OIarv!4ax;2L6&)e0_p%H$qI<!{PJECsG}}Y1?Zv0
zucF-JUFZ+fbN%o{h^s!!ft*S(U(0};{_eiZ!9O2X$K|AE_#_w(z&i6bXM9w*jc&CB
zQUkD;^XoFx==-%T0CYvF3(qBn21YxR;tU~tu09H#rI+4Kd)+w2Vfv;(m4Qsxi!T;1
zg(Id?WX<`&7-k<eAxeKNg|t@OrOHLnbiBeCyUr{;E|x83C3bQ|+Q(C|_hsJr-9x5A
zAB^dt^b+(P?~4m3JDLu2p(cnpdaF8Bu?J$aeY7bji*1(C8C-<SPL%;4qsv?sZHG}>
z2kf0c_RhOJnr9@pyZU|MQ{BZG<V5}pRI;-C*&b4~qYG=ohsOXSBe`+aVR{DsR^G6~
zDMOtHzn#O=^dtY!2sibj-v@1Z%`Qq_<pKwD=fsQ(pwbS);1~0_-9Z?f1G?UR@6hrJ
zTus5SbCtdOYfqB!4Kbsn`19Y-)GWh?xT6AT;wrc7-xp<%`N(a*v$>gRF4&9X3Pw5Y
zz63!~zJ5GjC;!+~s4%P=)nv(9b`@LnPLM-n;VN(0)#H%`7_lU=J{z(6GOB<oR_jxk
za~#MWZhT*VhGJI?L!gj%d)N-&1={w*y)Uv8bz)YvZ%0FtTfjtk*P!7tdXtbCs|o~}
zZ6ru=a}>Y0xrgm6MeO%j+|^n$jj}OEg&%$V?L3_IPnfV&NV*^a&3olm6sB(PzZq2Q
zgP6K_A=iUDZw(-S<VvCHzET+wB#F;dNa*2q^#i77xHA=b6LM6Vwq)hL6SPUZvE0W`
zutPbR@>r+gXYe!Pve_|{r@{5GSD=Q^-~Sn48LzO7Q6E1ESaZoUbla{3x2PFbs$c((
zdX=<04zG)JBQ+&9dOy7eDN{oLVe*R*$~pD`G=Fl56bA%T!sF@wad<aMtaarYU<@MU
z;iMrC;oe7IRbdkg<4MP7@XBBkPY*G#A7_ZxzO1p9EL-263hAEh?UCeAT7}SXF!)Z<
zcMOW}s1x2;9&Z2Q`h|vUE<S&!;z=<GrcKauA3FfkLRsa%zN=r+P5;_oGk5x%qxAJs
z+B$#AxFJ4fZ`QEf?I~{#da^+V!jtRl^qLaP$*!fSuxgyyvwFDuV^H&He330!+&SCr
zbjksa(2MMwykZVVRLnS#+FHoy6M*Z;8S|WOIoS`g>+f$plx3-H1*}h0pHxGlJLV&u
z(j(6}lRQsxFiXNMOc2f&AIclQ>kukLuY+ZV!ZElK6nBLFXdrIr_1^NT@br?o1!6d<
zQOepmuPJBGwI_(i9R(WEip*1UV+Ay2O-n=z*d&K*I~C>oCyo=Y>QBg)f(6A|tc{0Z
z3t={%v$y#<jCL?DK`>s)c#ESI*qur;00G?0<14h*;@N907RV!?)m72ak~z_Q=ASu|
zA>Q^!H4mai@@c9g1t(fanGoTXDTT=H9DkT&-tfL0DaL)e;F}f)o&90TUnu(KY90Y!
z)CDXaXFrdMPHq&2T83@G*O38*BzA1A3435F1ojf+?|hR9+QA7aMSEg92VeHAzKLFF
zsEo_rT;VX{VBX=gR?ZeQxz%*_Mvc2a^nw|f;eDbBbkFRzq$wjJc9RIg+8p6Q<uL10
z#4~I(JaP+XT9?gl&(sX46B-#`bDXk2EF=Nz9m>SqYE!!jk@cOK$!BcI`-ERmp`oUs
z$qDj@&>Z^ilETz~C8yAtR3h_cr}5*l6a#v(D#ItuyTZ>DbE55QD*iV?saPt2OcT%>
zfo3sW!OO=5{2biKZ-K1JmLZ^HC}R4)C>vBMF3I!c!r}AQMh-7Q3E$j;W4WVH?`9lm
z)|H_{eI4v!9#9%ubNB4F7NP6D#|>x+vL}NsoNo_5119axBr1|`;0kIGKbGx9Q}L%4
zK=O=vE|H2E>Hr&oXAX<Yq;nOCjmJQbOmD5&E&wxN0H6KlVw}qMLK0-=<MHm4Agg?Z
zB~0U3rxJrLvI0N!I+{IdBqwcVCeM-+5A>S6DY&mTeo4Uu?u;`yEN7R+E5~VWub_Ir
zutsB|9#7({9?%@ze!1X7LGLJB5VFShjaqnWV0y-P>C+y=D@N^&45pdW)l;O36`nA=
zw#Qcc$5S=dm^b+rT1vfaAz3bDBL7CuAcp=z?kV(gVQqzPn?AC2TcJaQvjzim$Emwv
zLCs>{$70c9GxL#;)^fr=_0iZ}de5~K7$iC8{D|I~RxFrn$UHzE5?=QT6N%d`8INgH
z%ftVyEC{AgaC2~KORHIE63T55#+UgWmjL&)G}dM}(3lfbP%z2Sy;oUY*M2m=sjHzh
z_4X}f@wbmR=F#9|wq#A$q*qKaD`O)xBTa5OzquY=uzdna;m#L02rc7=MBkNI7Y<`B
z5Z*(>ug0e8Aq$7)C+5GYozq<BMi(P3wY8}OlL6~H#3=EMqi#H0y$M8~EX#*#4@rjb
z$qxY*jt4p;1W>(N8whjy6A=5S2o<q#$wp1ze0%M=rhDDW3Ay-3Nor+(C5Vp@GN}^m
zLzwR9BbUY5pqB~P;0Neh+!7s@1z?=Gcy5SBRG_Ey(#NSM`V7cGj!HLrm_D7fj$s2Q
zI7SbCzTM%}pE}50I)vMUpC|6!$-TxAIyV|Sm*Sv2aLfF@6@{_24o4ijA%S$6{%1<?
z=wp#yjZNG1Q7|}H3V!+WPi-lOg(9wb>TN15#|;j?r&W*2G>wd+J@xf*A-1;f$8X+D
zd|2}3qcL%R_yy54D+SC1rl^m@B*QX0+5h;OUvX_*5x7EXZL6OL^}2&x<A28fPM!Wg
z<%3!oo4i2e9WE%Alwf)>-9t^B9-F2i30XpUAt6~yp=F_tyKHgxVCIx*IPxFy)}s=2
zlH<Thr@UkQZW>1qbU`>E51<uC)I>=49%%8q-(k{3vI@dHugrpA#p_F82Is!B`s^T8
zoTQCoN3f8I!PFJDJm>ZV$m4x8Fx)W#%*3H+Fq#vh2JwrdYSvkQQbchON7m*_{cf6m
z#Hb=lhO}vua0Y%^$b(8Q+JgG29+<+WR(!hpCl5^r8vsbQeTO`*umqejP+#(#k9{fO
zCKfnyqcL0!9Lt<ndiswb;;BR@PWdFOc;17Fc%K*7badenXjB1H=!6=rA}%%G(;;GS
zqc3wMJzaOLJ)lpmPr47gHcm6oGk7x3c9ZVf107XC6YdCZaw9>fi#kAoWX*%TUf9n~
zewY*TcBS{Pb|ylP%=vvMaS{X&fL0VAnhpk2L!h<Dh;(F9cPdHf+atd}IXx;a3kl10
zp^KT)6s?CW@wbh$=FMpOmX3e2*<xD?GZzd)4^dNyz!dPv?AeMna1Mi*%Th3UG_42R
z0ersPy+6OTbOMN>UYhHBX|e@YNTaQ6H}AHnSs_YT|I8s2m-Pe~bWt>kq#3X6cm-vs
z0N5*DnH(2`fr-TPlKNdp9TS+yrgqM6p8`Uum)J<S6Qq#TxKqFojMVdk>!T`Uqx|8D
z2hiNLVxJ855A8!dya$w#p_#K=g{s~K3SG~7*~rbn-jN$@y>CkGeHbW*fOd%9XC`Lf
zsgrHufC_|sjagva;QdM@z)97|Pc{b<Zzh}@Cg!9E(U6X|bw2@gpj>cLC?XU8vReVT
z(!YDw1!`W`r_#z<lZDRdf(2wMILUJBt}RQot$l&Jv=*tnqRX)o)^#<&_WZGfpk%Xp
zKjAfSS*LTg<7$dY@=`idn?ue3)4U?ERNZm?#FAS;C--_6B#MC&3S>ccSd;E4erF)F
zLg7zGp%r{&Re;ZfDiXGhi5?q!@a1OD5I}KZ|LW*P<@7m-i!|4n#t;pubBYg!Ev`eW
z+dq!2=9C=agj92Z-B;6hJuXVnu>*OKma2f>>$;sQs@ayAZh%fpdNhq+8ni=b-yIO;
zhODpvDVbSmT^xGwg>PA|p*_$g|6b-4!GX^H=wgrM&An+``tw?RXQ3NxWK~F%)BM=j
zvlR7RB16;z&GaS6?MDZ|L0sPP04g5mmF}3siSg{w3{>JUuBdiSSbe7pzM{)^_c0)y
z-5*`x-EvnH_65W4ytGrFBZ4Qttxlqfe~9VsT;~8A&8peR{=g~(>?Tuo2@@;jq>F@Z
zWO&{fyw@YGlkex=Sc4iny&!$GcrYMQ*;Fy_P2nQ_k3wigQ|Hs5sR=588F1nUJ8G(H
zJK#W6;<5NCdmt#TPsgw9WTv(<2@f2v%%vh}#KCLg)zurT#JuvPkABX&Buv8<-Dv*M
zraE3du9)j%`TEJ`h{+^4<nN;KYg?+da(F-wsS-sdWmhhNPvb2BHHH-|yIHe;G=n2v
zxtqoJARZ@HZegB`NybP3hL~B_RyA7o4Rh)!h|^vD1{|VZ(>_|FD@6+oC)29m3~Vw1
zG_5PsxUdNJ3ryxkHXD(}YNqnl42ucHOUa`T_!{uXt_^eOSm%^X_gR-owxmJ=_1Z2s
zOr$_AFmwn2BiFbpX3l~@zJTLvwga`QNF@WEy7=HV-yU*QRJ!iF{`<x!2G9ZLa}MDv
z-jdd_=(+9_hL{M3l@Tel1Qhca_lRMg5#fQqrAH}MOo-|JypG_#mJ`^#%Cnc}iDG~}
zLpQ~XBcc{m0RL+D@f^RFmo+D@VBm;#Ra?cvT#h2-G>)DxMWB1O(yti#6BdxR>0hug
zaoYc8^r6lvJkFrUIx#g8`cqMV-kqg^TuMUp-G4V$pF%{c3A~X9n|ZaTxLlyVlMeL%
zC)!i7FMVr+v1MrfExGnpzfA`aqFT9pjfxUg8Avv2f+s4>^$bPsr9+fgC^=TmV6R+!
z<t)Y@2kadqg#c?P3Hl-Vj;=;~8K;-<LHCNT-b-8D1i}l2Pe~6A7c|~$jFBzju(dY>
z+_WSKZc#4Y?3XQRZ-<1*N_z|LZt>2fL+2V&y)Tx~3~>@lYf$Oi>|F19bzX2esj~HV
z9cEs5Sd>36-1^$KxXc}>c8n{nj=y|K_ySap5v+vhrUdpt6(nHKCnGh}D_U4lng<v`
zsjw3mi`#QkI_03a`%CBfz^<*H=-Y>GN+BCujg=AtVZ{rPFfNavj5za+THdZi*A&JD
zPNy*yNC8jFVXESZ3IV)KT;((vC$@FAC`NKu(>G=X%kwUt9-8m$>d6aNCFgZ#J>ZA!
z4V94XV+VRdH<?YK&bhG&RlM>}|7vw;wdsvxi5eHG0xwYZ!9FzIEB#&9Xb04mo0=xD
zHD{V4`Q)2byXJ2c*-%tKwP#3s%yC@Ogcn!D_3;X)!$0?OoMo3ciQ9F>^=NTzsZmpQ
z7zb8wsSn#7s(69Gwk`;kaWW{AZ{+RyDg3Y@t`1>L&fDe$^WmN)GvorzMyF4m(MQRQ
z-AS<Wyz2TLkrZYY@~F!l*S(+^Nz=!K|2nZw-}0henTdn_nX>II#y9f|bQIBElLDod
zSPxEy-fMjBZ{&XjxoYnX6+L!lg(O2#^NyPTNg2;jiMD)jb#G;=a((dSV-q3=zk#^t
z<}5jCFA_~<KSp_9ly`Y%Ub**Xc5w^)B?~PwC+PF*oh(ESe12v#wJ}+Z11DLf8=gfC
zxj>F8Rp(E1IwsJG(@+md6PF!|CEw9i*zOiq%Lyw#MpX}%E&fZVaU9<Xu=_FfaW<j}
zv)V?VWtL6ouG|oz=DBlkG*!(53{o{T%M%akEke#<wbkPMdoc~UXS&*w-Ua;=b+@wR
z;Ar7I(LpI~ky!+92p1S3CvDnHPxFHja$Qi(nLiOSHyaosw?650Wl~o@Qv|surY4h8
z!Nr)JVuv9gugk|tMA(B74FfpiQ^3~fKMmBsV&F9Js?TbQ&)@CQe+A2uEMTV&)g+Kx
z%>(S4zVWBxp{@BIyJ@}G<x4f2PnV?j;Mek73keg9FS`|85^Jz=ZR)3q$Z)|)$4$8x
zhaQB1JiG<AXVV>yZA+8Td(DM2wkRTGvio5M4*hpz3<UqLhm^PdqcA0;1U{;<C)OPY
zkLq{-H_I<vAG?ens{TNW(#d8&?7=sAo;NF0WA9pQP%bG#l<L@jhR7aqzl0Dy`A+`z
zA-NOZ&+ka=Ps>7nm4}5aK-#y)d#VXEhq#41lj)_I0-Mr)RgZNx<xF-<{8C9j!QGdJ
znHoT^sj&F&Z@Rr|i*r2wy;OJad9PHAt;qhCw%JdR%|tL_r5wr?_$P0_f?ZHa^~|53
z2R8e+^IXzWb0)LPdJBB`@l>Xa?h{K|0(O~pq<V)}ejLl28LQd)7YmNVZY#r{5u^w9
zRyrcmpbdHhwi!F#_Z@eh8tnZ{y*mryYyY7n$m(s+`sgSR?X7X<I>M%0K+7#zq5Z@Z
z$22fJ(SvJ6!ac$j{+*KY@dK#pH?!Z13L#md1s~D=gZGqVQVU7c=d;q?DYt)}b;9=9
z?#zv!JhU;FpH&KMelc#?aJ#lM$Ep8GnCjSnD5)O%Tz$+!Q<_PmRggIG!=I9*>8rNK
zc({Rw^H+&5X^rdMkHCMY6rp!ud4C&*+a_QDzNKQpd|)Sj7dXl6p!G26D-GA{==j%J
z+bTV_d!*)Mn0AhN;+21t=f^B}oZS2(b>)#Rwbp+q#cGujv>zmT@SRUlU22;eC9_@}
zAnov;jFCAFaumt(9a%Ir_3xBcGY`W4-<qpc2xc;?(GLXvsmP+B)D~3Ou4G=n@%Z0n
zO~b!mD|Gzq&9|Zbp*v#IQE_+thUJfP$K#e6;8cH8+Do#TNWn6`mj|_&lGf1>C(QI5
zvMFb=;|1Cikck5>Y8@T_PU+jxe@J?g3aF)Dx3S6xQ6rd~|2j-Sol?S8P9Hrbb@tz8
z<?XrsUA3X~i~LgR-Ta@g8$!2QrAj6p8}uFt{8vi5tWVkw-{QGVU^%%*=DiUM)#dYo
z{_uaW@u?czW{cXhcGC45cm9=9ujW4_oh2IN^!xQ&5r1Af`F*zl)F@(;dzYr2L)E{{
zDqEmE7#m|-PM~n=E6!bx{l1#&X!WKc=CXw{NbGM)Tf)w15*jjE6G9d{adM~kVd?T8
zVUwfS<&s~$jLC5x8IV&_y8lY4_~Jh#U1$sB^zB8>pZ~1vEB*3b=eurRd{*c4Z?pO;
zrB?0lJaw2LOI->5EWAJPjkBTjO6=~jhY{dZe^Xl3ZQ-##@0HZ1{$K;@Z@<ULM|i;a
zy5ZKi^#r(0kck3NJBRdtrDVkXr!xGP9;mH?h@;l%#o4%jsKtS?m0|V_@Bg=12Z%@h
z-E7M+f6GYvS5sWa_wSVcpLYPulK*bDL09rW4&X1R^#4BxAmv=tUa&nse7laQrmx@F
zXlWV3@9i~fXlOuRl6&LusfUj}iQzwQ4jfu+*#12DzWsSU?f=d9(zLo)zxX%wclU&D
z@2p*1{K=p3%JdRMjNJG@Q&+l(gXV$G(dz(_`*}7=f2~1~hqgWgZplSMrSM}<2lCv9
z19Fzm^*Aiz=WONKIU@sIISKLk&kg&Z55J12(!B3$cS}3fxzyoY>IDXC=eBKC=eJk2
zug!VQ;>$N4Mtr@*-K+BK-ipz4m+t(&$9GG+zBb*y;^(U<U~M{5&uMVhH??W}$b<58
zY5!d>V{JjI&^GVGDK~~qUj((!3#nG(a~Hlm(lGWQsHQmyNYi4ei<roEz%}6dZMKl?
zv@`J57PZlg;`;Hq*7}hklcCj2JXJ)j@}1rU&_KnoEJ?!t*H#p-j{mI{h5VGc^A#<W
z;ZFl<{>KL)s;8njMtk_<U{2T@l`Iyq!j;RNW-+SU??bnFxC6#A68;7s@08OnDU({C
z^e{HHkVi74;r&a(*V7Z0b_ZRrL=+vOZd&(GuWK-JD$4)?!)iJr_%<Nb;m0ZM>3r`i
z>%6~Ic|!Bic<w~T!kXehx9^!^hp1q5t*xipL%)VZhT9IF>s|2w^faTw^`L3^kRHqV
zecj`XJV#biZT)MbJ%yOU_z;<5O*TFmfzR}s?Pi2aAf4?zA8|>H@#Jv=OId6##Vq<G
zdtAV7uJB^H=#O98B&1XH#+md`UF>AG%)-KmM+!>-(VQiZuohfYb}Nzte8~xgJ!t$k
zVx=;U6{kC5BzWoNnP6rix7X=YQyfxRQ#;P$M~`gF4VOP$YJ>a-E@g-}aoO)x?!0=m
zqg|c2XB0*~8<fLB*V6!sm^+nYPl{R#T^@`g4s`53t9|24p)@l^&8;@(Z{N-0x!Q>>
zh7X7B$9tOZ|D08c2|bbYayrd_#cI17zp5`PBWAme;kJ9}H1v$0_SB2|h8Xm-{KD^R
zo8Os7=M=g9afYk<65yZ-4EGjK?-HFxq^dMilpyyb1U+@&<Zc?3SHBpQ3TqJ;*C8hk
z(%=pojS*OJlkr$F%57L0LemC%J2m~-T`vh3@XT=eF=>u<aJcepu|aY6)7!-uo57xG
z^F-oJy@PjzTF>uB@AO+EHaD$Jt*tL+r7OU9nTB}Xx(wOZ!W+FWT3eOx-f~pQM_o;E
z)YOEwr59d`eYM9V>pd#lRu<b(uitLSvct1d?s92jCOK>*+j2W<Yn-l(r{IiP3TK74
zPstMOUN|8ria3xMIU|^}O;?r^W8@sEq9O9=z0@W1L>^w+{d_d@y7HFvbmumoa_wTg
z#OX88!;jf!G-;5=2|-0(-QHB<Bcoxkx&))Qvi)>Ddl?HE{#LP-$SRi6(Ym!;X9~-y
z>!~ZAvr^S3#h*xy+uagCxKkbuGAiso>*iH(>bl8;$wARFt855j^3Mo%+;B|${5bro
z-gw|BlwpaYS(p($@%&3q<)_@j5o_7v-O&4to-cN}d2=>)Bzl)><2Wa-1i>gTY8TE+
z_}8<G3Pg*Q?FWr7?8wLRU60u#_vIUx|EO#jJ0*30?3u+*o6?eeS<O!Y`-lZ`kI^zl
zW5Li<4v{;?d=+6C=VfRcrLIM%vobVn@eD46bA<MVN_6JRig=bMR7f$lbn7;8(~7#l
zW!qVHyj%>|zf~}g$bVzRWGjx%IMy$<G7wj@blJmFms`WQQgtaa+n0|tSxiuJ7q2_F
zM{l*a?A_X4O!n3pN^r^enkpfsAmKg1p(ej)lv<!N35^Tb$sON)wO$eVM1RGxg<Q|S
zrd{IxxT2pw7pMI*C9Rfke0vTWYk8E)RG9oJZu^`L+D%N@^xbh}0OeLR=cSkTW<rzK
z=%aQ+L=qVznL4gp-V=fSr!Q)7#7e3&vdCGzz2JrK4UckiMTuYQ%bPqygyur$=~2S|
zaeKud4pDO3Q|E`1eNV*f-=<N7KUxJD=cnY|LU_2rFY}dc^?NUrvoIvE^tz_8lHhRd
zLQ<?f0rz?1-qQ@7kDou|_Fa0~uAlWuVOHIfyvIfNy5U<r&)B7ezcBn-E%4Qlb-r|o
zNXO*QFP<BhGY?_v00smkre4tVdA=8)edL_-Mvrdc_`_}8mf0=WJ&jJsYA#*=r~aSY
z#L1d(Zq_$QJno*;lx3l7ZxA1Gl)GB?y|&G2Go3h2x8pt5z_voay!*T{?x{Mph7hHc
zsXBK}lAaIjx=t?PnZsOsT=i%>c%fgrPFKiw^Xnb|_m2l3=vc#u%#Ft97Rt{4_++hg
zVdyPtyPIwP!{W6*WvXSj1-xU?ZA-)8jZa%a944<Q1{URKFY1R4U#*a;yGWVfWYTyM
z<Xt-N&7yN}+}heYqp68Xaw8BqQm}j!##{?C7fo+e-(G#o(_pdoK50%TEtMuV@6cWc
z;~n#qxTsaBm$#XqSdLm<p)#euMfJRAEBX%}J=TEoEK%}kmv6k-i?^J!5)tsKyXZtU
zix4&SRln5jIIFbyy6NTMBJq{j`^fI~o1Q+ZJJs<0?KRrG!1*!xu?L!1hwH>oSre37
zu>v+h1E-$L9k19L1vX5g`UQdgWU20%iG<cRmC=t|KQ}+_urK#Z#WjrRjg49q-jB_i
z?4glgs~t~qT`aHt<lnP>#PRVC{VM^3ongLh$<a~U2d!H6f<>*5?5MRUoK(XQzI<xE
zEN%6y7IL|wvf{IhKfM4x7erFc%g66a!205t_}eM5hV@TB*Axyx=Yw0e#lM%>*YMl`
zLGCuts*J=;tE?`(KlN=!HM*WQ)Hv^))2Rdu-0<QknW4NzGs{t}<oZ<h+Nyl;pu%QL
z#psS%|M~*0;Mmv3X5@NW`*NG2p!7-D>o@+}C|uz+d|2`@TV_RF<lEY>HQFXaKgZ5}
z{rHld>3gu4dkmUAQmIZiu(u7mAun;=|K00NU8*~a20I1ovvMqGd{^tc#`ZhICwv3u
z&M{B;$MVIec4K0`ynYuHK}pB6uO&bPMIFWspT6OmSy}cxo)%sI@aNo0vS@SNR>?yp
z@h!IG3r>!S9E;_>OW$e>(g_#Sn$y=8l6tO3Umqx71~Bl?uAjh+{@rn^)J`pSYgV)C
zCz2tL;Xbdg@G>wfZpQb`lFuuaH5=!@(5F`v#HaJ-hKD&3K8KJut&57Qj+C3!OB`($
z+7PMC$jwz;SApsB_0cw{?f`Y03$Y0I9akmUHQ4I6Py8Yxyycf@aE>lg{$CqRo}k{9
zmGaYLN%t%bUEGZY5&V%mUd$ZBS6q+2`*1C8m|2;|*X~7ANmg6i7GWmAq(!zqcEfA@
z6?56OI4$&D2YmX(xyRSyernZ~J?m@hwY@eo>ViL<wC_&X(-GYYcmJmCSqhH|@4jJE
z<0lgOs^Ri>NQ^Cab$9dnmEJ{*jF$?>xAPRg_m6Sz_hVGEzOAGyfBQJG=ks*0<;#uk
z8Mf$Reenr_s8Zb>(M&Hl5^rSnMbiG=5NgjX7+L+|TE1$aR!{f2F#VYKHZLWh|E1%}
zw~n_z)}z2{$0w?Fhe_FQF3+Qf+`dvzcF-+I+^^lh*avoti=8})>4ycq<?N~Zy25W#
z@~o<%K<FM(>~O=YbiPXs`#-7XYiImjWQKme<FJ>Tb&%YnTsSWSYm~}~#^7c{DaopX
zPgd_wZNz*t`TDfE3KYXv9)l4R&G+Ifdi-NI97g{tqZmKKQ`(~aTS`(LS|w5)l4Z7+
zSeYmK_|vufUq5YeFKr;r2PwsuHV8g!^V~<DZZ7^lFkTjGFHjlzmZ2Q?y3oJrg<$>p
z`1rI2m6brg4V4NDoE6<&Vr>5&lW!Qg4m~rLccZ6qSa2kN;4bJ=ODoKTk2wj(X+^?r
zN>Z^s?A58gIV*j1W-Pc>?V}0%neC@@%irRq2tB8)cRJJJi&kX$*#qHUpXCG?-|`5)
zTe`3I$lR{GdeUxZX(DiE<)xviz5ONjo?V8mwQtGZQi^ikJ0BE`lG>CMe;V0GbcyAk
z;8@JzxPQ4$bt!uOgCD0)O#5_SP>1sJB+|rrV83|mT|2XpQiO(5+VM~FPFtfDB|4Ne
z@%0uffc9MQ;n2CKP`|n;kI!unjoA%W7(`zRGR#COwQd_;{qjAC|Mcie;MF0s_?Ix_
z-TPuk>l@yO)Jk$fdZ@=u*ndb;DJ91RFK}n0XB6jO&gqrf5ExIMWGk%cX}c5CLr#z0
zny8eL9a<#Ut-tLV!F(Mibqn_R<n*n`V-_1NW?rnEzuru1&y`ESZ#G}19lI_e)n?T&
za?E>&N6~Qvd7K}~k{R0z<^Sx77Vj2ce4@>~v)vMVNBhlI*LsP!)t&Y8BiXyn^DWWz
z%XvR6CP<=*j4zi?Dy^+<nKuzz<~uTm;~py>mp8dadyFQiFzM4`_{#)~LPG-~zWrii
ztmijcsH)mUD}Lwr`uA+(+k+2$w@7r80ua2VkP9nCAHH;SSZ!$4^e~07Wo(DllPcaq
zt`_xfTw$+apfvh}VP2mFX(v-yt|w8BiKnJ<RW5h;gltK+1@*f|*6O(Ib;i<%cB#f^
zeUqD-TEycZ>Ag!kgXhD}{U61Bbx@q!vhNs9@F0Pp2@*UcNU(t*A^1*kcY;fT%MgNV
zLa?AokOX&^!3h$G-~<K>?k+R)KG^%5bMHO3_B(&Ps#ir#6|laqd#&zXtGm~)dzcPY
zm?f}lxaLD@KzKq%0WKjFJqLfEp&U*rR-F_=_FYC@^pS+tF^!EP6u(4<b%Uq5UAiZJ
z1T}<i30bR5?L>a>W+a(AcHioBl9x}ZezAT2+IAam!7do)^;dg>lI8YoOlW1(v~Ipp
zYi&9c5J##0oQnyjEHl{9Xv;vz`QqKE&Z_Uu>XsV0N$DRbeZz6)6tT1bFqWsP!8Cw?
zdtnA&AB#Ybe4fHSC?L#HpP!51=1<kLM+K!YkK4}%{WEmodWn!V9p6c{zoRoslDhjf
zjWo~Ray%=|mlT(prj}vq{n+M`Dmkn?>XWr$Sze9DNIahn%U$$gTJ7eAL+zhNN<bUV
z8r^lo>HLOSw{_L!+L{22vLo<+aoTGrc5dM^$bjxeGkLhuq<i`0E1VyX=Y-IT+3~4A
zrl-2if_feuBnuV@sO0M?SIS?si5AbY=|dj7EAFJ%$(-`QKD4W291pImp~1LRNG})c
z#hLHPA2fNmys`e4@z-RT?<`aa7M(Q%IsbSdO3H6pX8|xr10{7feH#BG5UzTduU3qt
zkM!=?X$P>B-2+U5R(&7(Ufe&d)VX*nd5;h%C+Nm`Lh!h6GMbO)&gy8*g6s9AP2cxb
zBQ@o~V=Z3)TPGKA4sQJ*k+b(iN52J2>op&<Mt`pODM6AHw|@q}UJ!2nwWSe=M6@L@
z;xR~BGvdL3!p+do)Eha+(;do1iZ7Y7k45kc3V@z6%#M&u9o%W&owx6)m%5;l%7i3(
z23lk9^YU7%a&pQVii&JqRaHBF{<A(L-!XBCX>pb9s`U+_GRd<~#cRX=XnmvmM@=2j
za>mZlf8<q(4J$qRn)8Alu2e<1NxSj5lL_SG<_$cF+#Fgch~cHrb2#*|Cc=)&Oz?)l
z^~*eip11T}+FXSE0+J7FEvH4gjvl!z4l0X5@S7uR)RtaL5>o8-PH;68xW-Q{!2h?)
zo}2ysbe<2dTRws>Fh4{jN%LX#x3Y-`69R=`pL&3srMqkZwunwzk{8I!|Lf;9P!vU`
zH}=Kl&kXfnpMN2V+5`0a`^|iju}AkwHg+CrX!o|tysrLed^$!V-AhQ`YjBz1^k^2Q
zR`|arXn~~h|JPLSt!UR_LL?f53)Q8w+jei=6}U({f4aH)z8Eti?leUE`Zg;WCy;N3
z@8TNQ3uofQic(yAB}n1~6JS8%g90O9xhps5LIXc4bNeJst(i10e4|&c(EV2)*a6LE
zel1%<@Yd7<LMT)k#EGME&Gbnz3GBi5ip^QL_{TmGR@0Axhq3nAk#NS#o1L1<QizLc
zRU`AdKXd%1E0V558FUX?MuIHXzq!*E^`)@4CJ?$AeP<T9zyx?K3AzLEzPyo$OD`^o
zM3BO!g+kR{07Jn=05(M#f8}QF)dhToJTS%}XCxMX5f^+M{r(4AG09@6^9T_+Gq`!-
z1|DntO~{{3p(dX3d2>@h&3u_Fj~pdKSSyWJSMw-(M@3Q5b8(<GP!YH+;uPx!>H<wZ
z+lD_eN*-OVT$-(l{ubuPVVVF;<$TLnixZ+m;D?WT0E!D6d}Pk-Kx#SK5<@?9cl~wd
zku0;p0wN!8H)?$d<OD@k`H~~jK!#>&G<)CiBoor%H5c4WuO1@Vv1>O;ZHPZ<`4U_<
zVsh8$27}naUU<mEZp*DK-<b;$^-=LImDpXI<kT-hB_Kn5Q%{gOnAR?!r!`f1fc#e}
zNc0*~0K^NHAVxX=-sYL2Cqn%J>H(!}i||E&TO+J%rP46rmbJ@vgR0C$u4LMcr@#GO
zzdFWEZJ4Av_HSywpP7(FgjE?5p!6y0X0M@qLFq7YS|kQk11;kQ;U3sPb*-(>hj4b1
z#Qe9t_T3qKBxmr$X$Au0z{8XvY}SW4O82-SNstpr!$SL)vmm7__eCh1AWG!h#;DDY
zJvR^ElF?~c`wcuostO^Jjy-1&pL}hHqtY4Im?1w7pmz^5LJGIj6GYpzzns1rIGbKH
zMh7<lZG%@#J3%^lUSi9vAR3StGG{CaoPvkUU_Xc^r?YwIp@z4^0cxZbL=s7z`Z3F!
zGm{k+JcaGOL_k8CTq+-=_P`Eem&^A@4r#%-XoEB=MvQc@S6-jgGi_)cIHgT;d&+EW
z_;X3KyCDv0U!`@SNQwvt@+2r_ZGjqEl)U<AtKxe&UJ3DYL2lfjy1#jSRu{4qEGl$F
zJSk=|G#!|SD`t+!ciALB$yHJyn{k++w2s=u)X){jPB7LNo=%HuL5Qe4prHSKr-S;p
z5EWD$dUB65>k_*vEPgoI)RcY`Vi)p{^}@9OkM%;PqMvsnEkQ)84~Bu_V|pYf+l`ai
zUtqtv$NXnE5u_j&(sm>3N`d3+2SVIL7v70_&w!i$W6kkL*hBeZuq?zZCb(>JP^2`<
z-N|>_8awG=;1oxA_>~$G(TQXNOKj@X*^-z_gQ#FU(kX*TiTmNKs8SHd^a#cyl8>h<
zk{0X@A(ux!1*wBp?AKBVP@*7{G)bs<DpfAL&ejSLf?nZMlb?DI9bY`WB2_&}2d3rt
z3WisIdYp!~uXLoY*T@TpN5i=gykNg)?5lNgC=T}~&f}Z+lwEi@x7X)Z;Z3b!f@0D=
zK2kz2EO8u#yFl*wb>Mccjg^nq9XQGGr|;B|zn7Nsj;+y@Y+%C;pA<!}X3MW*OMziV
z!b0L_pU1s-ldjzcl-)AhbYB!jOo}$KZ0Yb~U`TckzGHSO@(J^4<{H8HhDqz}ZuSC#
z0#rFb9xJg|KAQcTZWBF-JNP`-YO%8C-CNQggMqo<ny-DqDfYsz_(n{rgAAGDRRxi%
zG!h1f#+8EeFwip8>sz(5I890cX(~C&N_#3zu#Mm2_mJ!7m}D0X6>S^s=H-0vem-mp
z@jV-&T0y%R_Ykq2?Af4~^by4iD16Wmxb8YKaKO5>XW*_2N!?Q;vY>1DC+JukHj?o{
ze2DQ$C#4~YkSp%ct7WmB&xCQWB>K`Z?axUVZ+>aljo@M^I==%7gRT%F>gUqGX^{s#
zqU^1qJ>fuz8+MWiR<=yNi=k0WOLhU;u%#`eiJteRn$19tP4+i7LDVVzH0f(~MePhF
zI^b!CB)ht_v`W4hf3VzSgqXENFfx{X$D^U!s)}h);l@l~4?n6Oya7dczX-$==;?8-
zh^apb79n~Nq8ylB{Ck58`w7tEMxC}%SEL{^*I3Q6Y-hG9-g=+GmvrPNIdc$mC)~mn
z{=vZT_&z;Ps(LdCh$GS%4>`2=NB&9s4`VOx2R0{kcp7E<Z#X^8F3J;Av!4fi-Cy*6
zMzvpAUw{e+cXMVzQM0(2bh9KN9h?&p+jpUn_;MNWadSi(UtQDJ2@~9138#qKrrqzj
zGY#Fh<uiNwfC4If+Hv>L6r0k$Tz}rL;3nKN7I#=e<!W%+12?UD_t2N<f!sHo_?Fm{
zkbZvufKzvmh{k<yai+LkH|uA0EIo0q?b09>^dl;im}11lEnHwL3&11Xa&=f2MXf!}
zt&ezfw09m#Nj?pteoD~aDs!lK==2C_jXguh?l+1X6W1*uZYw#tTA_vvj7aa6w}XFg
z2ZpSxc#4de?~9l_C-|b%V9zpC6qh<FbbJ^3$=u)O0KFBQcMQF2mZ<_rcWTCwd@sL8
zu|g(T$!Y*-+No8?0a0e@<LlC0hBL?s;TB}mVazjDKQV90DM1k9JsQCsEEkEc)Lj!o
z74i9@`e~Y#t#t=6E_v~QKuv?;+qZ}yVtk@(4_zODkw6!)WjhM!UE{MhcLbW2Lz5B;
zSS|BZwLgOZr)j}39f;ONBOF)j<s!q|!2%I~i17KC^Atq{*pmV2{*&_8e4i5k@hqst
z_kup~E<%#nZgMSvG-CwJxZT@IznjZtj;L+j`@m(*3-q6nouNtIjBgn`R3a}62V|Dr
zEcP;@w!|L?MOgWEtZ$%6@Z=*cN_j{N`uoj(c%GKE1*wU`9bf8zEyw+^)XLrk!(=(#
zSJOIAE-)XCMnvNhZxcc4A9r4;8*ln&ewkXdHqM;tzik)^j?Gu;CP+@Gf796@ikoq*
z-!KN1EEN^Q{nymI8C>4XoBS4!r0IcqkVkX(e);WL-2)^6y>F2%`YwLU$zs}{s*y8C
z-oz_Xb&cXargPJ36Dtk@OFco<o1>_l)=Ke)zg#$?Tw_$$Ez^<rEb?ev4})%Fd@~D4
z(w|yJn9!kMR73urrNm|YDz}$nD(<k7J%dbKKoeG!5i&QA$y}7;(mXz0_@)d>PqV>C
zhM2Q}mpl6bz)yaAFG^4{4bkBC>FsuYa6qVc2=VWe5F}fsTlKgfVTjJ}h?hvG-_%lH
z$M<jHZ_&_My2)_e^3D}$9T&sBOUJ?BtAd@|Aa$l(jJ!@%dM#hTs$7%!6@X(Qp_;bn
z1`IRtQ64X5u!z`_4M&g%>*F7GX!ryF&z-P)9;9}1tD!5A8%o@HiXKW20Fux&I#ARc
ziP{|F!|wZ31Q%lNXZ4W-41p!gJN{OEq(tgC>kcjJr&u8sLS`(W>jETZ@9rFzYWkHq
z)eJ7zCj-4dSyh>*%n>wq1-ioMcSNE6F-X7Ft$T!N%3IULLo~6gQq!EB7ES5N?$N2m
zO9Su^((UPDC<T^0Ji)AV6XF4mWtw-7@8JvJFLGU@ilp)}y!L^=UJ+3#BsrK#F@xW$
z+QsnD25f6~F}VA7RWw5XorZ4ap}0mk4OBQ5ipz2lFqh&^*c!#Dp(V#WcDb!SA<l_}
zdi|jT>_cJ%z3n3gxVv#6RDt1#_UD?IK~(28(j?R@8Kc$Ls1IIs;ZNSZVeh<-gK3@v
zL#TMDT&6#!@KArLcFo2tiUv7E2A%AO%;E@qGaOSH@caC!$y*6Zq(hwYvFADj1K2s%
zMh)L|Qo+wGlf}mQw8DMV$;O>}=QGF)5(CVsGmC%dUbc-2A)Sr6sC5<&l8sR>g|zSb
zt*@}%xL~G*TR__~L|^XWXo+5qZT#Wv<5nn6ZAc9;Eg{1gHyTD;lp51cR+Sx9kjv%7
zM5yt0US(O<*16%N*kJdMC7!>c4BhQI#VkLDKt1vWa8g}^eA$6|wAzl$q-@3+4wnZA
z<C0miw4_tEmi;Oj4uTLNzLA0<SOpjEcfpJ!2b({9y^3g{d?h41oh-|o{1_JN$<V&D
z{aE+Sd+(p4`xX?vE17U0Ke|pxheE#gxKfOY?uctV8av(^TIvwR?{77}cy9xo)z;Y1
z-Pn9Uu@d0ZtzC&`%d+Kpl*brY<&8SU815jms_kEHl3Wlj{Bd^NH>rKoj(liM+MRnW
ziHETElMgki{w=WyW!*Bmo5I4l?v4!Oef5IUE61zkWfQH!6WxOi15~t*-yi<?Sf~!*
zNbWsmzGIH)QQYeU|0Z(tRs%e@Z?wH*0CP+mWs{B@=%H#?Q|{&Ni|pBaMS!(QOZqO*
zj{~pdXzQgP^af{d@pI&XH!v4}U7QPZkP2ZX{Y9>y+;Ia>7>DqE+mLJr;6D%<J)vZ;
z{gpB6L`l`WAng6HCL9h2KsOLbp`AQ4DL$u0FO;J&%3Bq_?Pc6(k}-4%JUyL%cK8H#
z!I2Gb3(PCfggLNgdrq@E_fnHzVU^&fl~0QY^EE69g5C+%3Wm8ByoH2p5KA{NPs}lB
za|@sAY<uZ`l--PkQv>iAOL7m8>T1*j&?oYuyH{R4`EyML_9%CSlcK=!OSdlVFg7uW
zmFzk|S#$TPx%i>{%}XGQzwQEakq3I7I?<<7>`vyMb^aixdP3N_>JX@HK`LA#ha@?l
z_dU8o-I>KeaR>vv1zt!3lNN7&a>YemcRv0i7>E`nTq+tkAz*TiY%(%kEpA8>*|4}%
z1e;|jK1>M+!yYvh7{J`p0C#-)s1$%^`t;n#l>-(B!1hdi5zdk&cdYnUAywp>4QCNw
zxW$9D&iAzIvIfGTu@kBw31%QNcjQ=)dT@z@IlGenSr_k}!*KVf5=(<>SDxgI?K&5b
zgo(L=I%=%^2V()Q8R($^@z)lginr8s7vMp%9-;EOm_fDepOJ%?k>)NJ1gPNQhI*qc
zUueQ0tN?q=Wd+(W9u`1c6pFpX<oIs@Xj%Moty=s=VK5HipG}7jV(p2;;fw&RHoPXm
z5m1{+%a50feMz8O>E8(e;5xNYniqd9GvJaRMj1R^BVYdH)t8n59J1C^P2WbJ0Lcpa
zD<EX{@P9Iv0xBkqd#STM8V0{I%DRItH7Kg=A}wR)^Yt`zp{L=(6WAW&vRxnY%i0Hg
z0OS`W3pdp&#@CgFZ`a+9ji+NJy9F%LRk2X7BZQF3ZK@T(1Fzg1qb2)?P^SC{<*U9Z
zTuSAVKy<>t69Axh8AbeSSI|embj+&PX=*?HWc#YQ`&LBU@u+mL#`|M&J^&>XzJf{0
zy#G(e-okZrAO;RW`Plb04dPe2IYCGL@0wXmycm=)B7bRCkPrm2K%czq6=KF!nSn(}
zj`<N_4>I4iezC?+!KgSFYXV2a$%n;D1eq_TekqiiQ>sYYgqWnmzX)*rI{^TgC$4Am
z^9mRlcAuo(Zj9ea^Rr_5$9XPikIBohdSAidaxZeY0#OFb{wHIBE;-}0WdLyoAawHl
zD_rLJZ{eRhIncXUpYCdJVI?C2bPpV)Rn2Nj0OU53L}jhR;qid|zRW3XkVmpZZko(7
zc_ccJ>H5XD7*w{2WliEQppAB!hkZ<?G>vC<np;no_a(N=F{bjqpvz^wlIcM=I5^^$
zXPoxX2ir|Nrjwg0Im@%06>kP_#b*W{VytbdPOup39;a$n2;C)y9F&O@XGbsw;m|de
z^;v+o$$1zq1q!^*46OViUOg`zbZ}94JQlbYVRwK<561qolZV{}OgkPdLBy!K9T$!h
z+V=`hkRw7O0i%=;fxD7x7$u~l2bBrSYS`5)-d>Qhf8Teu=KKC*j{MP3t50C%0t<F_
zc4NF)TaFnDh>{LjiPB6{e_sYtpGk?I5#1qEnf9=z!##EkjZDz7gjEJSrcZb2x08^P
ze5m!hGm`S`EvmHVzGBZ&ND5X}G9d7W-Nkm#*{iIr@8$T;hGP`sCK?gBiS&eTYj}xv
zR#yn8?^*FGNIhx(wm;>d9o`uF)}q!ia%buIkk)I;&hO}jp*RMQa`jY%jdXR6j38&(
zq`6g)=C)6uvuLhZ?61NJT)t^<+uLgkznNrx0v|Hy+v&r;U*;kiIs6~PKBzM*21hte
zQJIYv7Yl5!KafBh^YT5Ypqn|ZBJnRZtPUEQ)S*H-bBOfp`igY0^AZj34m{?Gpd`jN
zS6^@Nywg6YuC)-iP$=xxQU=n!TLRhSCUo8YX?HNy3`?u!f_Eu#Ydl##`-BAm(H82G
zz3GUV*_`cd8;d(gt%237QOv;UPfhy+jJ4F-(}$Ut@}yKOOk)M<2nenqtWVC7cl|1I
zNc=tcx=9lc>&)Eli*}5D@CF;F8ASz`8sn4@r@KGmYQcPFOxH4~t^r@LogYLW3SAth
z>%=}e;+N4h1J7jCV(9XyZvHBS9h+z{7OpoB*_Ep&n==Hu&nJR$SCVi3U>J-H+SdNL
z(7Ud)fW~>TQsvE(dErj9(eQ%Y&MqiWqMlkus=<RzvBkqtd1Jbqto4Q=-TBSngJut&
zcC2K@oDJQgw7YjyifROqFQVp?E}^>Jg+qI|(QS_K_u4;8T0t*sdD$5AKEM``?e{!I
zH8mCp9GR48!6LxT4l-oJ=V=G%V!xah8~&}E^)Wj83_2_5YvvjSUkzC<4<Yru+9rlg
zslK!BOFcDg>&)$WJO5k8s+>7+zUqeIb4xDKee`1Edho^Uw%*Ik<l@fH=OP^;if_%o
zksf-j%&xn9+kUL6{|6#6A-M<Qg}bNT^n{Y=1W*uS=fUEb!QRreY1~Bn8#_q*b(bTS
z!Qp};=J&Ls=EoEgp7KNk`nojd57mPH7$vq9GR4VkX~H?0ET^TJF}SX*^}x2)yo#}m
zRlBs2r>PJkU2F%RqQ<fP@d2dXqC=TBf_1f;mn7`j(4?TG+e!rIG5S3>;AS{K9!c?f
z7L~%g%MI;_Gaf1`!|r9J*_{2T(;1zMuNbKXfhf!_zayYXute_>whQiqar8@Hq4c1*
zGC_+O<pa!~<f132)#kUKR#-n%NxL!@ZIy@^3OT_{imh2D0x-7A>I2c7S^&rD|MoD3
z@{u#cEqr$2n^mkyB12Y3yeWHbdy(UAzMGVeE^U%p;{pBcDYPpt)>b@tt=P=lUi0d_
zF5}gO0+@Dc-SRxJcxG#W0;c8t5^b4@5QFQlJ1Wf$RvXI$`8HBmiw=X%PNYcxjo}xC
zAI6ul`|`XB8Jg5-r_L|FpGgvgq4Qw;#uE@<%(L5DlC2C=PR8L0&PKsDHlwKYhsuJh
zn=e)x?FA>R??n4!CXVd|oSzqtJ75)~*37|eEk=>MKYj17V2?)#zI5SHQpuRij@@7i
z&<lH5su!}>Gj)p!x)7SQ@D}~<{Q+rfc+f~(b@x8g&+fA$_gxcWVC(GeiI6hmxY`Cq
z-qViT{gCBpXk@MFJ1xcjG)I94hfB1;K86hxOnw+;jB)sOX~su2ZJ^Ww{xv%20298b
z;yLpA7VJAco@*P-W-e-g=XgW2SVM>O;`f`xa(2-l!WTgWx^}~>c*5smy8OK0Q8l|@
zp>5q@!R5C-fA~)4z6aA{&mN>VZS%{xE0LRX;}EBWG5uoj-6%6AZjvaZ7Wd?gj(9yw
zVlvAovV%F$uqURi$IbFL!pj4>*2IaOs<-L{OHVi5AV&5pj}2K6*H;p<;floNvOBu1
z`N#;G>583gYrU*kpmg?$rGa{;8-=ojCC=}KjdiO@%x_?)vPS0{ddB7xNdr@jEc<@q
zpdX9q(q+5UVRozQJl=5MRx*e4+x@^_K@XzPxhb<AQL;QI)@X%*JemMk8=S3-hPg<i
z@NMTG3c*sm5EioGJ~;lczr)?;B`YTSr&`(+fMRt<1ktN=J^bRjZd1>NYq!4Rt^qV?
zBz~KgI&`zl-jxTw90~d1E`=#zY;6ocEBq=J;q8oV<%@JIXnx^B_l~Jmf;vZN#O6$u
z*8*tLy|R?MPFGSO%OfBD5;bO1WMbq3d65UbIb1DT!xA63lKSTPhVgCD`Gyg%^9233
zwB!{IT2Sg)19F4+<K8PiGOj;9Th(nG=W>d9oGRo;)J?g3f5q5P#}K%J?pL}+B_R>A
zxTJSq^kUM)`r?b(fSA?Fb2Y1tTP$Ct`25T6AGMlapE(&%e1mGG1*}b*M3pWP_ey&_
zgSYXQ(M!gNk3LDLyOncU38aFrrMx$B&qHPX0)Nm#&cg9uDFZHyA;!)KR-uTr5NNyi
zo<2)AYAVYlEV<Mvh*yM5uJMVE>0}J=w@P<Gl6s%(0iPU@g=00yh8w2IL^?0&&+3v*
zdyVXOrcDgGwV@P_%u>&?tjkj`_P32&363*bYvu9>Bg?u_*H3<9BF7zO-;Wi=<_h=+
z*x;x!ls~BHX)~(ROr`&z-tgkSl%Z~1t&?p8&g`gJsdRB<F3TXcfzh++q`$jePON9^
ztbn~b_At>Gmy<YU{`tDlNcr1ft+<-*Ds?;8c3yjP+0e8%X;`y*HOjsj&abmc2N-rL
zsEYVv0Mpify?OiOcpFa7A)m~75VtuVBcMLBItr5Nmz6VTMF&dc;le@exRlA$Cf5zz
zmZNVRle>szK7&h0E`LofXfrfoT>bKsF=@n}-UX#qxHDt(BITlox;)h{DN*a1?L-rE
z()`096kkySH*rza3n7#FgQ>C3KVtZ#DyZ1h`J>S3A;);4=akbg%C_RL6L+-n`Wy5+
zt=GNhN#(yxcO8~X;;YRmDXOD$yN1r0=QGx*p=y&9>UYd0<1Hw&-W$b+Ph^u|b%01~
z%d%M-c7W*?W%mipLfaGV2)u+)ev`Q9ZW#Y;;}eLc^C`G}d|3@K)uRKhW1lpNKa?T^
zRNhN8f4V%z9HAKh)lehs{zz;3_YPBFg1qn8l1#Q+7Hz_KiFONXLdq#a=lQV_+d?+u
zsm2H0=?&MM?qFUt%5Ky@B%isc6RtUnFW6}TXL5F?`fdf{7ijp!cdfhIQOpi(T<M?8
z3*AFpRc1--8d`M~Z;NfM(p}Tx?#pMvUmoLcI}a}?9!9~t0iW}(0<9g+s-pzah}`{5
z9LQ=+F!9R>o&y%ocRN?R;518$v!v3M11H3H5g1r$QL9fLL=2n~mY|`Ria*ZT%!A(F
zWzhhhgyK*JJ(yeWLtnXmmv=<~zUb2RJX4p_jKQ?FPLvxIhr@9%sUmFJKCWiSn*FzD
zS>S@e`2X&HQa~rn3bc!W!Zy?9D9dd86FGR>D|Kf2&k90O6Laa##ef3E_5ki}Sfze>
zBv4au)ntZ@8QlMpAoGuVXB#GbQbc9T6UF*~gX_JlY=7yAK5K5Bm@CpQ0zw$mMDceH
zDn9ud_v-Z}$pkN_(f=}HpOn9A(<af;<)d?F9f$B3)|6Ee`y1BOv?1q%897hOXq&^H
zr`>EEiNv?O3_hS<)DrJzx`l{{6A6MYcQ#9w6x3!`KciDjg!7mwvSrY`mNKxh2+V(B
zLbQ`Iyi`c<GGk<KP7~G@73BMsyNByMIr~!?X!~nnSDQ|0<jr4SqP{qZ6^qr_8ieO2
zUaRw%pUmPX_ucKI297+X4HDQ4WPoVcE1HX+<$O8S%2rPsAwN5|5O1&D#V64Jcvm{*
z1beh4snE9;y>L<~Ub#_5Lrqz(@PX`m<Y8oFx52&0-ItH)DIZ^Vys!F9l@lg#gE9m(
z!)AAHyi<9E)9zlU?Yo-CG0C4IUXn*UmfbcMP?h-!@(s$!&>J{+(*0=eCApvOp2;?Q
z+Mgo1EU~@pY5d#&D8n;fw?&2|R$c<1sy}&u42ovV`zamR@pJGF{yk>6&@d=7=zZ6W
z95K~n0%M%W&0r7><%G!5mY>gaOo(A=lSu+M(BvR+c8Uvq|4VC^=s9ae0ts(_o!->a
zhcCPxp137h#;<dewfFdM`>sphuRpDLeR@opUR|bmmPN<Q<W$nHI&`pXa+c`7U^^9E
zyq6}V*!!?@%5v1--)-RJ%|Pbl9i5q}<UktPquZ9-{)WkT+FDDYCR#b)S-;<RPa7i(
z<rr&C;Y@N)`Dk(7Kgj&l4YSt2{Y(M9FQW3R=p`Hqxd*+5qNCN{DAl0ld`r<pNHv8A
z=4WR#)JmM49pgyOl#<mRuuu3=vi@3RbZl=HMOwtb+n>2U6ll?UZXuh-xYgInX?rX}
zjJ5Je8<4PgRi!rj4jYQCu{pPL(XgD0);?XRFTU&ZTUhVjN7ntk>c>Z_Uji|{T6v5n
zN!QYFt#(Vf-R2gP{2V-zQRzxn-e#I%4EJjdW@dGdZ^%j2W4h$Z{m@Kw+$ZFmN&L&s
z1<R#bMjb`?oP@)~oaT3d3UwTav5KLKMd`(62DpA9@^uA@rg+xOd%n7$slG*On%J@x
z&7_I>9cSf9^NxS!jykVx@@hVbKb37Z-y44_E_>VxXIbM`zqcwUO6~z1^UdmOcdg9g
znwqK}#@^65`}(f6DOV@c*B2QmcQ%N?zSC=K0WI?{m!gdxheQBO+`7SF#kLcC$whi=
zjt*vb3t{N%S~%@<`bf-Nt=6x`aYg8S`Q{X>z3@+~zHdu&*4gJ@_)f>V+b-yWH|{&B
zRH`r-yutbla+XeyvmCeTCfYOpdL5_d?dUs0%n;zB)Zn@CCNraPFAm?zlR&#kKal`W
zxIbt2HXSx>^VBdgDepq9ZJ|_qKkE?lfo?~wNu3XQ+JD-p?&L@E;1y^Pj&BucPu1AG
z;p}f+!=mB9Bv+RrdXQ~>YI@3fy8aGaZ>g6xkTrTIivM$ORhsWoJUT5bEojVnHJ&m+
z|0@${rounDsVc{)0Ln^~HO&<_@GQY%*|R?^4R2|4O5AFG+?sBG%Fzw0<>+=sZk6iy
zqSo*1G~4e~H@Qe(Ct-x%&KtUykLS@FIaW}y_s&CXq1O$QE^`F0I8F`_(%>=K#_NV;
z!XlUYPt(>;*Pl%Z@Irh5rSwS>w7zqM(u?lX70Q8^`;+aM&o|wc+-q;Fo<?oW#=Nbk
z2|#PUrx_bvobHl*<3EJl(|Z`Ge-JM?SaI}KZKBj-B`aqpqtUYO1EU^#w&4Oh$0wF;
zzk)4Af8tY&<6ok|K1n|6YiN9sYxw5ELUzI#%`r%CcVk9xl&eRT_Ux0!(KK=-ZX>=i
zbDK0F;*!-_0mYs>XOOPFrHhf|S)jSYvU5s<9!?N0%og_sQb?d`JS{v(maDDsl3kSf
z{CTX~z$bRGr7|~6Jtj_g`&8Y}dI**-QO>h@{dHhT;S$YmqX`G5=xtp8){W=Y_my;f
z6C9@Ra(<kAw^)^xypP2kb+m=W@Gg0hSG3x_l}u;Y$PE<K<e4?a>y_=h;zP?Co4I;0
zG%N6;k`QtYf0+0l!p79Le5xOpFc($|={l0>j3Ovibar$@M@5*Q>bqxWez<y&cWq*P
zXf>-fW~9Rw1_2&~!L12kD)=sf<m|Y7?Cql4_JuB(P^I*Jk!Yd96pCy*f$Ml(%qUIf
z#uU_b1=Nqq)7tyd2Q8I^%g%L0Vu2lcm2U{ZGi55BC__1b{?{Ku0_5N$8CDswB&C*E
zmk46ES-F=VRA2!`fN-C27;LmvR>i$uJLW@5jW=rcNz1fw<<}lhe(~H^xBwXPqROV*
z38y!;n~{SsbCki(nS<hQaK84VM=G0gp0bls+-BXepw6ayByQxypP!MXeYgSTRZ82B
zFC8?jDquC?Rr)Oh0&{@hfjNY6Sr8xyKJ(Q_d<$R^XLN3`zka{`qbR{Jv1oZJUFW8i
zkft2(D}S=Y+4K3u^$gK9$Rd4WRu?%OVa>cLi43-Rww$jec@9_p{##<vUWlf+pjSuv
zjW-z_sf4gbMhp%x&&UnPkyn!)$vh3%j!G!?oc}}=@BB1?S`h?(7gTi&s!jg!RlU&X
zC@3js(7SicnonQrb!pPAeP#qA0W^r9qz@*8gTSyqKOUI?bkW3OkiUMv{7*WdZ0X|z
z#QL{bqXwToWGRP@<CQOV6e+iurCSuswv;dG(STuYm()Zcq?x&YzcfO@UX+5A@;_zA
z@ib4H`PEuxB0loLTQpDg7{CCb?=#Sg>ycIaKMFGavu{6hXWXk!jndXyEWG_i0-qUm
z3oeA}>}LKi+<m73L?Zn#_McM#SpHK8Lcw*-4(ySiLdr-#?D?9c`!!Q48X^2X?p2Cj
zs$Whsp4Se~=0#P34U?_XWO|sN<L?hz*H7(~?vnl&38jUna(<w0mkRIO_IKSoRAYDn
z-izrQn#Tu@;`k#*)REid=`*b%so^(OVx*^&1M-D;_D0@VGQ!AQ02OvIw;=n6A^?J4
zB?9PXu_*paJN^<vTB^*nvGCt6i-cE_M}YoFC27?y$FC1tgx$XtMEX_VO2zw^gyvN{
zRj4$H%$Vesj$1@eeK=wpK&J{zHm)!-V3B-DU3|s<e!hbE|4;-tDChtO5XVqF+rPBq
zUrOi1pBBMt$FdRp>0*Y4!(_WtlZJWr(*;i~=+f4<!Hg2h;?l)y6L|V>gqK-N(&}xs
z<XiOL3<QH9YQP9J2W#A2cJsd#PF-{Q-_Mu!)jw?v0Y3xYx@yx){-@1dt?!@8Vr@-U
yn>_fp7V`f<XQz$T{(ip1vj0+0X8)j4P?8eQ%crj@4uS8?1}Vv_$(6{OzWhIqaocYI

literal 0
HcmV?d00001

diff --git a/docs/design-documents/docker_management/docker_management.md b/docs/design-documents/docker_management/docker_management.md
new file mode 100644
index 00000000000..85cb468d8c0
--- /dev/null
+++ b/docs/design-documents/docker_management/docker_management.md
@@ -0,0 +1,135 @@
+# mbed-os-env docker management
+
+
+### Overview and background
+
+docker image mbed-os-env bundles all the necessary tools to provide a minimal environment to build and test mbed-os applications. This docker image shall be used in Continuous Integration pipelines or in other use cases where mbed-os tools and dependencies are required. This document explains versioning strategy of the docker image and github action workflows that creates these docker images.
+
+
+### Types of docker images
+
+**Production docker image**
+These are docker images compatible with a released version of mbed-os. For example when `mbed-os-6.14.0` is released, a docker image with tag `mbed-os-6.14-latest` is available.
+
+**Development docker image**
+These are docker images compatible with a `HEAD` of the mbed-os branch. For example when master-latest docker image is available which is compatible with `HEAD` of `master` branch.
+
+
+### Type of docker image updates
+
+There are two type of docker image updates. 
+
+**Active Updates** 
+Typically these type of changes that involve modifications in Dockerfile or changes in the requirements.txt. Examples: mbed-os adds support for new compiler version and hence needs Dockerfile update.
+
+**Passive updates** 
+These are scheduled updates on existing mbed-os-env images to provide security and bug fixes of dependent packages. In updates like this, there will be no change in Dockerfile but rebuilding the Dockerfile provides a new docker image with updated tools and packages. 
+
+### Type of docker tags
+For the purpose of mbed-os-env docker management we will need to apply a few docker tags on the image. 
+
+**latest tags**
+These tags have the format `<name>-latest`, for example `mbed-os-6-latest`. The `-latest` at the end indicates that the same tag may be reapplied to another image, when a docker image is updated. This obviously means, a user pulling the image with same tag name may get different images at different point of time. 
+
+**fixed tags**
+using latest tags, user can retrieve an updated version of docker image. Troubleshooting could become tricky if docker images are updated and new images are retrieved in the middle of troubleshooting session. Also, some user could decide not to get updated version and would want to stick to a fixed version.
+
+For reasons stated above, all the docker images are also applied a fixed tag. These tags are only applied to one image and never reused. Tags are of the format `mbed-os-<version>-<date>`, example `mbed-os-6.14.0-2021.06.19T04.43.51`, `main-2021.06.19T04.43.51` etc
+
+### Dockerfile versioning
+mbed-os-env image is created with dockerfile stored in this repository itself. This provides easy versioning of Dockerfile as it will follows the same versioning strategy of mbed-os. 
+
+### Docker image versioning
+
+The picture below illustrates a typical situation where mbed-os accepts changes to master branch on daily basis and makes releases on regular basis.
+
+![Docker Versioning](./diagrams/docker-versioning.png)
+
+**On Day-X** There are some changes for [active updates](#Type-of-docker-image-updates) (for example dockerfile has been changed), so these are the docker images created or updated
+
+* master-latest 
+* master-day-x - This is a fixed tag
+
+:information_source: At night, master-latest tag is checked for [passive updates](#Type-of-docker-image-updates)
+
+**On Day-X+1** Though there are commits to mbed-os source repository. These do not involve changes to Dockerfile or dependencies like requirements.txt. Hence, no docker image is created at the time of merging the commit. At night, master-latest tag is checked for Passive Update.
+
+**On Day-X+2** A new mbed-os release `mbed-os-6.14.0` is created. This creates an image with following docker tag.
+
+* mbed-os-6-latest - This docker tag could be used to get a compatible image for latest mbed-os-6 release.
+* mbed-os-6.14-latest - This docker tag  could be used to work with updated mbed-os-6.14 release. This image is passively updated till next mbed-os release on the branch (typically till mbed-os-6.15.0)
+* mbed-os-6.14-day-x - A fixed docker tag 
+
+:information_source: mbed-os-6.14-latest, and mbed-os-6-latest will be passively updated every night from now on.
+
+**On Day X+10** Another new release mbed-os-6.15.0 is made. This creates an image with following docker tag.
+
+* mbed-os-6-latest
+* mbed-os-6.15-latest
+* mbed-os-6.15-day-x
+
+:information_source: From this point, mbed-os-6.14-latest will no longer be passively updated. From this point, only mbed-os-6.15-latest is selected for passive update. Only last release version is passively updated on a branch. 
+
+## GitHub Action Workflows
+
+### Goals of docker management workflows
+
+* Distribution of docker image that is compatible with released version of mbed-os. 
+* Providing docker image that is compatible with HEAD of "main" branch. 
+* Keeping the released and development docker image up to date.
+
+There are 4 main workflows
+
+**PR check**
+The purpose of this workflow is to make sure build, and test of mbed-os-env docker image works as expected. Hence this workflow is triggered when mbed-os PR is created with changes in Dockerfile, test files, or workflow files itself has some modifications. Since most of the mbed-os PR doesn't contain docker image related changes, this workflow is not expected to be triggered often.
+
+**Publish docker image for the HEAD of mbed-os branch**
+The purpose of this workflow is to update development docker image either when there is an active update or at nightly for passive update.
+
+:bulb: This workflow can also be triggered manually to update the development image (during the day if needed for example)
+
+**Production Docker image Creation/Update**
+This workflow will create a new docker image with versioning strategy describe above. Also, triggered nightly for passive update.
+
+:bulb: This workflow can also be triggered manually to update an old version of released docker image. For example, this workflow could be manually triggered to update mbed-os-6.14-latest after mbed-os-6.15.0 is released
+
+**Prune docker image**
+docker image in temporary area is pruned by this workflow. Number of dates since updated is used as criteria for pruning.
+
+### Pipeline
+
+docker image management follows typically CI pipeline of build, test, release follows.
+
+There are some details worth mentioning though.
+
+**Build**
+
+docker buildx command is used for creating multi architecture docker image. To build docker image using buildx, one needs to push the image to a remote repository while building it. Since, we need to "test" before release, the resulting images are pushed to a temporary docker repository just after building.
+
+github container registry doesn't implement yet all the docker manifest APIs. Hence, a few features like deleting tag from an image is not available yet. Once these are implemented, we may remove temporary repository and add temporary tags to the image and delete the temporary tags after workflow.
+
+**Test**
+Once temporary images are built, we need to verify whether image built is same as the image already available as our intended docker image version. This is achieved by comparing the docker digest of two images. Obviously, if digest is same, there is no need to make another release as docker image available as released version is already up to date.
+
+If the digest is different, (means, new version of docker image is built), test.sh script takes care of all the testing.
+
+**Deploy**
+In Deploy job, depending on the result of test job, temporary images are moved to production repository.
+
+### Docker repository
+github provides free docker image storage for public repositories in github packages. The workflows make use of {{ secrets.GITHUB_TOKEN }}  https://docs.github.com/en/actions/reference/authentication-in-a-workflow 
+
+The packages are directly visible in mbed-os repository.
+
+For deleting images from temporary repository, a new token GITHUB_DELETE_IMAGE_TOKEN needs to be added with package delete permissions.
+
+There are two repositories being created or used for managing docker image 
+
+**mbed-os-env** This is the public repositories user can pull the images from. 
+
+**mbed-os-env-tmp** This is a private repositories created for temporary management of docker images while docker images are being tested. This is a staging area. Unfortunately, github container registry do no support renaming docker tags, hence the need for a temporary repository.
+
+### Workflow for forks
+
+As there is a scheduled trigger of workflow for development and release images, which inturn creates and updated docker images in github container registries, workflows are enabled only when "ARMMbed" repository owner criteria is met. For development, one can change this, make necessary development and put this back to "ARMMbed" when creating pull request to "ARMMbed/mbed-os".
+

From 13ab9cdf370e9ea1fc15763503a8026e27003f46 Mon Sep 17 00:00:00 2001
From: Saheer Babu <saheer.babu@arm.com>
Date: Fri, 9 Jul 2021 15:26:48 +0100
Subject: [PATCH 02/17] Update docker_images/mbed-os-env/README.md

Co-authored-by: Vincent Coubard <vincent.coubard@arm.com>
---
 docker_images/mbed-os-env/README.md | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/docker_images/mbed-os-env/README.md b/docker_images/mbed-os-env/README.md
index 3c492b0733e..c811bfb1856 100644
--- a/docker_images/mbed-os-env/README.md
+++ b/docker_images/mbed-os-env/README.md
@@ -18,7 +18,7 @@ docker pull mbedos/mbed-os-env
 ## Run mbed OS environment without HW support (build mbed images only)
 launch docker by
 ```bash
-docker run -it mbedos/mbed-os-env:<lable>
+docker run -it mbedos/mbed-os-env:<label>
 ```
 Then you will have the container with mbed OS development environment.
 you should be able to compile mbed commands/examples as recommenced in mbed documentations
@@ -46,4 +46,3 @@ mbed clone https://github.com/ARMmbed/mbed-os.git
 cd mbed-os
 mbed test -t GCC_ARM -m <target> 
 ```
-

From e5c1088ffcf96334f81aefaf538772268f3927df Mon Sep 17 00:00:00 2001
From: saheerb <saheer.babu@arm.com>
Date: Mon, 12 Jul 2021 12:34:16 +0100
Subject: [PATCH 03/17] remove cache for docker images

---
 .../workflows/docker_management.branch.yml    |  43 ++------
 .../workflows/docker_management.release.yml   | 101 ++++++------------
 .../workflows/docker_management.test-PR.yml   |   1 -
 docker_images/mbed-os-env/Dockerfile          |  19 ++--
 docker_images/mbed-os-env/test.sh             |   1 +
 requirements.txt                              |   1 -
 6 files changed, 50 insertions(+), 116 deletions(-)

diff --git a/.github/workflows/docker_management.branch.yml b/.github/workflows/docker_management.branch.yml
index 1aa344095e1..3668fe7f364 100644
--- a/.github/workflows/docker_management.branch.yml
+++ b/.github/workflows/docker_management.branch.yml
@@ -125,46 +125,24 @@ jobs:
         uses: actions/checkout@v2
 
       -
-        name: Build with remote cache
+        name: Build docker containers
         uses: docker/build-push-action@v2
         id: docker_build_dev
         with:
           context: .
-          platforms: linux/amd64,linux/arm64
-          # load: true - not supported for multi arch
+          # platforms: linux/amd64,linux/arm64
+          platforms: linux/amd64
           push: true
           file: ./docker_images/mbed-os-env/Dockerfile
           tags: ghcr.io/${{ github.actor }}/mbed-os-env-tmp:${{ steps.build_info.outputs.DOCKER_DEV_TAG }}
-          cache-from: type=registry,ref=ghcr.io/${{ github.actor }}/mbed-os-env:${{ steps.build_info.outputs.DOCKER_PROD_TAG_LATEST }}
-          cache-to: type=inline
-
-      -
-        name: Find DOCKER DIGEST trying to publish (if exists in docker repository)
-        id: docker_info_prod
-        run: |
-          DIGEST=$(docker run quay.io/skopeo/stable --creds=${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} inspect docker://ghcr.io/${{ github.actor }}/mbed-os-env:${{ steps.build_info.outputs.DOCKER_PROD_TAG_LATEST }} | jq ".Digest")
-          echo "::set-output name=DIGEST::$DIGEST"
-          echo "Docker DIGEST: $DIGEST"
-
-      - 
-        name: Find DEV DOCKER DIGEST
-        id: docker_info_dev
-        run: |
-          DIGEST=$(docker run quay.io/skopeo/stable --creds=${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} inspect docker://ghcr.io/${{ github.actor }}/mbed-os-env-tmp:${{ steps.build_info.outputs.DOCKER_DEV_TAG }} | jq ".Digest")
-          echo "Docker DIGEST: $DIGEST"
-          echo "::set-output name=DIGEST::$DIGEST"
-          echo "Docker DIGEST: $DIGEST"
 
   test-container:
     runs-on: ubuntu-latest
     needs: build-container
-    # no need to test (nor publish) if we already have the same image in dockerhub
-    if: needs.build-container.outputs.DEV_DIGEST != needs.build-container.outputs.PROD_DIGEST
-    outputs:
-      STATUS: ${{ steps.test.outputs.STATUS }}
     strategy:
       matrix:
-        platform: [linux/amd64, linux/arm64]
+        # platform: [linux/amd64, linux/arm64]
+        platform: [linux/amd64]
         
     steps:
       - 
@@ -211,16 +189,14 @@ jobs:
           
           run: |
             set -e
-            echo "::set-output name=STATUS::failed"
             uname -m
             ./docker_images/mbed-os-env/test.sh ${{ steps.build_info.outputs.MBED_OS_VERSION }}
-            echo "::set-output name=STATUS::passed"
             
       
   deploy-container:
     runs-on: ubuntu-latest
     needs: test-container
-        
+
     steps:
       - 
         name: unarchive artefacts
@@ -243,14 +219,7 @@ jobs:
           echo "::set-output name=DOCKER_PROD_TAG_LATEST::$value"
           
       - 
-        if: needs.test-container.outputs.STATUS == 'passed'
         name: copy dev tag to prod
         run: |
           docker run quay.io/skopeo/stable --src-creds=${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} --dest-creds=${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} copy --all docker://ghcr.io/${{ github.actor }}/mbed-os-env-tmp:${{ steps.build_info.outputs.DOCKER_DEV_TAG }}  docker://ghcr.io/${{ github.actor }}/mbed-os-env:${{ steps.build_info.outputs.DOCKER_PROD_TAG_LATEST }}
           docker run quay.io/skopeo/stable --src-creds=${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} --dest-creds=${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} copy --all docker://ghcr.io/${{ github.actor }}/mbed-os-env-tmp:${{ steps.build_info.outputs.DOCKER_DEV_TAG }}  docker://ghcr.io/${{ github.actor }}/mbed-os-env:${{ steps.build_info.outputs.DOCKER_PROD_TAG_DATED }}
-
-      # move failed images to temporary name for troubleshooting
-      - if: needs.test-container.outputs.STATUS == 'failed'
-        name: Rename Dev Tag
-        run: |
-          docker run quay.io/skopeo/stable --src-creds=${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} --dest-creds=${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} copy --all docker://ghcr.io/${{ github.actor }}/mbed-os-env-tmp:${{ steps.build_info.outputs.DOCKER_DEV_TAG }}  docker://ghcr.io/${{ github.actor }}/mbed-os-env-tmp:failed-${{ steps.build_info.outputs.DOCKER_DEV_TAG }}
diff --git a/.github/workflows/docker_management.release.yml b/.github/workflows/docker_management.release.yml
index 9ced2feab27..28f64eff247 100644
--- a/.github/workflows/docker_management.release.yml
+++ b/.github/workflows/docker_management.release.yml
@@ -59,13 +59,10 @@ jobs:
       #
       # when trigger is due to tag pushed (ie, a new mbed-os release is made), 
       #     we are targeting to build docker image for the tag
-      #     best bet for cache source is the image built for head of the branch
       # when trigger is manual
       #     we are targeting to build docker image for the input tag in workflow
-      #     best bet for cache source is input tag itself as it should already be there
       # when trigger is scheduled
       #     we are targeting to build docker image for the last tag on the branch
-      #     best bet for cache source is input tag itself as it should already be there
         name: Get build information
         shell: bash
         run: |
@@ -73,18 +70,14 @@ jobs:
           date=$(date +"%Y.%m.%dT%H.%M.%S")
           if [ "push" == "${{github.event_name}}" ];then
             version=${GITHUB_REF#refs/tags/}
-            cache_source="master-latest"
           elif [ "workflow_dispatch" == "${{github.event_name}}" ];then
             version=${{ github.event.inputs.mbed_os_release_version }}
-            cache_source=${version}-latest
           else
             version=`git describe --tags --abbrev=0  --match mbed-os-[0-9]*.[0-9]*.[0-9]*`
-            cache_source=${version}-latest
           fi
           echo dev-${version}-${date}-${version} > build_info/dev_tag
           echo ${version}-${date} > build_info/prod_tag_dated
           echo ${version} > build_info/mbed_os_version
-          echo ${cache_source} > build_info/cache_source
 
       # archiving and unarchiving are github actions ways to pass variables between jobs    
       - 
@@ -125,8 +118,6 @@ jobs:
           echo "::set-output name=DOCKER_PROD_TAG_DATED::$value"
           value=`cat mbed_os_version`
           echo "::set-output name=MBED_OS_VERSION::$value"
-          value=`cat cache_source`
-          echo "::set-output name=CACHE_SOURCE::$value"
 
       - 
         name: Set up Docker Buildx
@@ -151,46 +142,24 @@ jobs:
           ref: refs/tags/${{ steps.build_info.outputs.MBED_OS_VERSION }}
 
       -
-        name: Build with remote cache
+        name: Build docker containers
         uses: docker/build-push-action@v2
         id: docker_build_dev
         with:
           context: .
-          platforms: linux/amd64,linux/arm64
-          # load: true - not supported for multi arch
+          # platforms: linux/amd64,linux/arm64
+          platforms: linux/amd64
           push: true
           file: ./docker_images/mbed-os-env/Dockerfile
           tags: ghcr.io/${{ github.actor }}/mbed-os-env-tmp:${{ steps.build_info.outputs.DOCKER_DEV_TAG }}
-          cache-from: type=registry,ref=ghcr.io/${{ github.actor }}/mbed-os-env:${{ steps.build_info.outputs.CACHE_SOURCE }}
-          cache-to: type=inline
-
-      -
-        name: Find DOCKER DIGEST trying to publish (if exists in docker repository)
-        id: docker_info_prod
-        run: |
-          DIGEST=$(docker run quay.io/skopeo/stable --creds=${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} inspect docker://ghcr.io/${{ github.actor }}/mbed-os-env:${{ steps.build_info.outputs.CACHE_SOURCE }} | jq ".Digest")
-          echo "::set-output name=DIGEST::$DIGEST"
-          echo "Docker DIGEST: $DIGEST"
-
-      - 
-        name: Find DEV DOCKER DIGEST
-        id: docker_info_dev
-        run: |
-          DIGEST=$(docker run quay.io/skopeo/stable --creds=${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} inspect docker://ghcr.io/${{ github.actor }}/mbed-os-env-tmp:${{ steps.build_info.outputs.DOCKER_DEV_TAG }} | jq ".Digest")
-          echo "Docker DIGEST: $DIGEST"
-          echo "::set-output name=DIGEST::$DIGEST"
-          echo "Docker DIGEST: $DIGEST"
 
   test-container:
     runs-on: ubuntu-latest
     needs: build-container
-    # no need to test if we already have the same image in dockerhub
-    if: needs.build-container.outputs.DEV_DIGEST != needs.build-container.outputs.PROD_DIGEST
-    outputs:
-      STATUS: ${{ steps.test.outputs.STATUS }}
     strategy:
       matrix:
-        platform: [linux/amd64, linux/arm64]
+        # platform: [linux/amd64, linux/arm64]
+        platform: [linux/amd64]
         
     steps:
       - 
@@ -235,32 +204,21 @@ jobs:
           image: ghcr.io/${{ github.actor }}/mbed-os-env-tmp@${{ steps.docker_info_dev.outputs.DIGEST }}
           shell: bash
           run: |
-            set -e
-            echo "::set-output name=STATUS::failed"
             uname -m
             ./docker_images/mbed-os-env/test.sh ${{ steps.build_info.outputs.MBED_OS_VERSION }}
-            echo "::set-output name=STATUS::passed"
             
       
   deploy-container:
-    # this job is running always and to skip for forked repo
-    # add condition on every step.
-    env: 
-      repo-owner: saheerb
     runs-on: ubuntu-latest
     needs: test-container
-    if:  ${{ always() }}
-        
     steps:
       - 
-        if: github.repository_owner == env.repo-owner
         name: unarchive artefacts
         uses: actions/download-artifact@v2
         with:
           name: build-info
         
       - 
-        if: github.repository_owner == env.repo-owner
         name: Get build info from archive
         shell: bash
         id: build_info
@@ -276,29 +234,13 @@ jobs:
           echo "::set-output name=MBED_OS_VERSION::$value"
 
       -
-        if: github.repository_owner == env.repo-owner
         name: Checkout
         uses: actions/checkout@v2
         with:
           ref: refs/tags/${{ steps.build_info.outputs.MBED_OS_VERSION }}
 
-      # even if tests skipped, as cache used is HEAD of branch, copy images to right tag
-      - 
-        if: github.repository_owner == env.repo-owner && needs.test-container.result=='skipped'
-        name: copy dev tag to prod
-        run: |
-          set -x
-          echo ${{ needs.test-container.result }}
-          upto_patch_version=${{ steps.build_info.outputs.MBED_OS_VERSION }}-latest
-          upto_min_version=${upto_patch_version%.[0-9]*}-latest
-          upto_major_version=${upto_patch_version%.[0-9]*.[0-9]*}-latest
-          docker run quay.io/skopeo/stable --src-creds=${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} --dest-creds=${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} copy --all docker://ghcr.io/${{ github.actor }}/mbed-os-env-tmp:${{ steps.build_info.outputs.DOCKER_DEV_TAG }}  docker://ghcr.io/${{ github.actor }}/mbed-os-env:${upto_patch_version}
-          docker run quay.io/skopeo/stable --src-creds=${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} --dest-creds=${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} copy --all docker://ghcr.io/${{ github.actor }}/mbed-os-env-tmp:${{ steps.build_info.outputs.DOCKER_DEV_TAG }}  docker://ghcr.io/${{ github.actor }}/mbed-os-env:${upto_min_version}
-          docker run quay.io/skopeo/stable --src-creds=${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} --dest-creds=${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} copy --all docker://ghcr.io/${{ github.actor }}/mbed-os-env-tmp:${{ steps.build_info.outputs.DOCKER_DEV_TAG }}  docker://ghcr.io/${{ github.actor }}/mbed-os-env:${upto_major_version}
-
       # when tests succeed copy to fixed tags
       - 
-        if: github.repository_owner == env.repo-owner && needs.test-container.outputs.STATUS == 'passed'
         name: copy dev tag to prod dated tag
         run: |
           set -x
@@ -308,13 +250,40 @@ jobs:
           upto_major_version=${upto_patch_version%.[0-9]*.[0-9]*}-latest
           docker run quay.io/skopeo/stable --src-creds=${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} --dest-creds=${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} copy --all docker://ghcr.io/${{ github.actor }}/mbed-os-env-tmp:${{ steps.build_info.outputs.DOCKER_DEV_TAG }}  docker://ghcr.io/${{ github.actor }}/mbed-os-env:${upto_patch_version}
           docker run quay.io/skopeo/stable --src-creds=${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} --dest-creds=${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} copy --all docker://ghcr.io/${{ github.actor }}/mbed-os-env-tmp:${{ steps.build_info.outputs.DOCKER_DEV_TAG }}  docker://ghcr.io/${{ github.actor }}/mbed-os-env:${upto_min_version}
-          docker run quay.io/skopeo/stable --src-creds=${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} --dest-creds=${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} copy --all docker://ghcr.io/${{ github.actor }}/mbed-os-env-tmp:${{ steps.build_info.outputs.DOCKER_DEV_TAG }}  docker://ghcr.io/${{ github.actor }}/mbed-os-env:${upto_major_version}
-
+          if [ "workflow_dispatch" != "${{github.event_name}}" ];then
+            docker run quay.io/skopeo/stable --src-creds=${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} --dest-creds=${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} copy --all docker://ghcr.io/${{ github.actor }}/mbed-os-env-tmp:${{ steps.build_info.outputs.DOCKER_DEV_TAG }}  docker://ghcr.io/${{ github.actor }}/mbed-os-env:${upto_major_version}
+          fi
           # copy to fixed tag
           docker run quay.io/skopeo/stable --src-creds=${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} --dest-creds=${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} copy --all docker://ghcr.io/${{ github.actor }}/mbed-os-env-tmp:${{ steps.build_info.outputs.DOCKER_DEV_TAG }}  docker://ghcr.io/${{ github.actor }}/mbed-os-env:${{ steps.build_info.outputs.DOCKER_PROD_TAG_DATED }}
 
+
+  move-failed-container:
+    runs-on: ubuntu-latest
+    needs: test-container
+    if:  ${{ failure() }}
+      - 
+        name: unarchive artefacts
+        uses: actions/download-artifact@v2
+        with:
+          name: build-info
+        
+      - 
+        name: Get build info from archive
+        shell: bash
+        id: build_info
+        run: |
+          value=`cat dev_tag`
+          echo "DEV TAG is $value"
+          echo "::set-output name=DOCKER_DEV_TAG::$value"
+          value=`cat prod_tag_dated`
+          echo "DATED PROD TAG is $value"
+          echo "::set-output name=DOCKER_PROD_TAG_DATED::$value"
+          value=`cat mbed_os_version`
+          echo "MBED OS VERSION is $value"
+          echo "::set-output name=MBED_OS_VERSION::$value"
+
       # when tests fail, rename to "failed-" for easy identification
-      - if: github.repository_owner == env.repo-owner &&  needs.test-container.outputs.STATUS == 'failed'
+      - 
         name: Rename Dev Tag
         run: |
           docker run quay.io/skopeo/stable --src-creds=${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} --dest-creds=${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} copy --all docker://ghcr.io/${{ github.actor }}/mbed-os-env-tmp:${{ steps.build_info.outputs.DOCKER_DEV_TAG }}  docker://ghcr.io/${{ github.actor }}/mbed-os-env-tmp:failed-${{ steps.build_info.outputs.DOCKER_DEV_TAG }}
diff --git a/.github/workflows/docker_management.test-PR.yml b/.github/workflows/docker_management.test-PR.yml
index e6e8af5f926..2f634545034 100644
--- a/.github/workflows/docker_management.test-PR.yml
+++ b/.github/workflows/docker_management.test-PR.yml
@@ -57,6 +57,5 @@ jobs:
           image: mbed-os-env:a_pr_test
           shell: bash
           run: |
-            set -e
             uname -m
             ./docker_images/mbed-os-env/test.sh 
diff --git a/docker_images/mbed-os-env/Dockerfile b/docker_images/mbed-os-env/Dockerfile
index 570f750e012..cdff7e7370d 100644
--- a/docker_images/mbed-os-env/Dockerfile
+++ b/docker_images/mbed-os-env/Dockerfile
@@ -8,9 +8,6 @@ ARG WORKDIR=/root
 
 # ------------------------------------------------------------------------------
 # Install tools via apt
-RUN ls
-
-ADD requirements.txt .
 ENV DEBIAN_FRONTEND=noninteractive
 RUN set -x \
     && apt -y update \
@@ -45,6 +42,13 @@ RUN set -x \
     && exec bash \
     && : # last line
 
+# Set up mbed environment
+WORKDIR /tmp/
+COPY requirements.txt .
+RUN set -x \
+    && pip3 install -r requirements.txt  \
+    && : # last line
+
 # ------------------------------------------------------------------------------
 # Install Python modules (which are not included in requirements.txt)
 RUN set -x \
@@ -53,13 +57,6 @@ RUN set -x \
     mbed-tools \
     && : # last line
 
-# Set up mbed environment
-WORKDIR /tmp/
-COPY requirements.txt .
-RUN set -x \
-    && pip3 install -r requirements.txt  \
-    && : # last line
-
 # ------------------------------------------------------------------------------
 # Install arm-none-eabi-gcc
 WORKDIR /opt/mbed-os-toolchain
@@ -86,7 +83,7 @@ ENV PATH="${PATH}:${MBED_GCC_ARM_PATH}"
 
 # ------------------------------------------------------------------------------
 # Display, check and save environment settings
-# NOTE: using bash instead of Ubuntu default dash due to unsupport for pipefail
+# NOTE: using bash instead of Ubuntu default bash due to unsupport for pipefail
 # Pipefail is crucial here, if the tools didn't install properly, docker build should not pass because of piping 
 RUN /bin/bash -c \
    "set -x -o pipefail \
diff --git a/docker_images/mbed-os-env/test.sh b/docker_images/mbed-os-env/test.sh
index 0c2d30caecc..a318ed2db9c 100755
--- a/docker_images/mbed-os-env/test.sh
+++ b/docker_images/mbed-os-env/test.sh
@@ -13,5 +13,6 @@ mbed import mbed-os-example-blinky
 cd mbed-os-example-blinky
 git checkout ${EXAMPLE_VERSION}
 mbed deploy 
+
 mbed compile -m K64F -t GCC_ARM
 mbed-tools compile -m K64F -t GCC_ARM
diff --git a/requirements.txt b/requirements.txt
index cc9199aa14e..335dcc26a9c 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -18,7 +18,6 @@ mbed-greentea>=0.2.24,<2.0
 beautifulsoup4>=4,<=4.6.3
 pyelftools>=0.24,<=0.25
 manifest-tool==1.5.2
-icetea>=1.2.1,<1.3
 pycryptodome>=3.9.3,<4
 pyusb>=1.0.0,<2.0.0
 hidapi>=0.7.99,<0.8.0;platform_system!="Linux"

From a1114d5c6d70ae5b79e3e17db4c8db2e7953b3f2 Mon Sep 17 00:00:00 2001
From: saheerb <saheer.babu@arm.com>
Date: Mon, 12 Jul 2021 12:37:37 +0100
Subject: [PATCH 04/17] fix workflow

---
 .github/workflows/docker_management.release.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/docker_management.release.yml b/.github/workflows/docker_management.release.yml
index 28f64eff247..b2e95348ad8 100644
--- a/.github/workflows/docker_management.release.yml
+++ b/.github/workflows/docker_management.release.yml
@@ -261,6 +261,7 @@ jobs:
     runs-on: ubuntu-latest
     needs: test-container
     if:  ${{ failure() }}
+    steps:
       - 
         name: unarchive artefacts
         uses: actions/download-artifact@v2

From 0d3b88403d5dd3cd2144530b243061c9f09c3716 Mon Sep 17 00:00:00 2001
From: saheerb <saheer.babu@arm.com>
Date: Mon, 12 Jul 2021 12:47:46 +0100
Subject: [PATCH 05/17] fix workflow

---
 .github/workflows/docker_management.branch.yml | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/docker_management.branch.yml b/.github/workflows/docker_management.branch.yml
index 3668fe7f364..7750afab103 100644
--- a/.github/workflows/docker_management.branch.yml
+++ b/.github/workflows/docker_management.branch.yml
@@ -170,6 +170,7 @@ jobs:
       - 
         name: Checkout
         uses: actions/checkout@v2
+        path: mbed-os
 
       - 
         name: Set up QEMU
@@ -184,13 +185,16 @@ jobs:
           password: ${{ secrets.GITHUB_TOKEN }}
           registry: ghcr.io
           options: -v ${{ github.workspace }}:/work -w=/work
-          image: ghcr.io/${{ github.actor }}/mbed-os-env-tmp@${{ steps.docker_info_dev.outputs.DIGEST }}
+          # TODO: set this back to run test against multiple arch
+          # image: ghcr.io/${{ github.actor }}/mbed-os-env-tmp@${{ steps.docker_info_dev.outputs.DIGEST }}
+          image: ghcr.io/${{ github.actor }}/mbed-os-env-tmp:${{ steps.build_info.outputs.DOCKER_DEV_TAG }}
           shell: bash
           
           run: |
             set -e
             uname -m
-            ./docker_images/mbed-os-env/test.sh ${{ steps.build_info.outputs.MBED_OS_VERSION }}
+            ls
+            ./mbed-os/docker_images/mbed-os-env/test.sh ${{ steps.build_info.outputs.MBED_OS_VERSION }}
             
       
   deploy-container:
@@ -221,5 +225,6 @@ jobs:
       - 
         name: copy dev tag to prod
         run: |
+          ls 
           docker run quay.io/skopeo/stable --src-creds=${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} --dest-creds=${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} copy --all docker://ghcr.io/${{ github.actor }}/mbed-os-env-tmp:${{ steps.build_info.outputs.DOCKER_DEV_TAG }}  docker://ghcr.io/${{ github.actor }}/mbed-os-env:${{ steps.build_info.outputs.DOCKER_PROD_TAG_LATEST }}
           docker run quay.io/skopeo/stable --src-creds=${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} --dest-creds=${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} copy --all docker://ghcr.io/${{ github.actor }}/mbed-os-env-tmp:${{ steps.build_info.outputs.DOCKER_DEV_TAG }}  docker://ghcr.io/${{ github.actor }}/mbed-os-env:${{ steps.build_info.outputs.DOCKER_PROD_TAG_DATED }}

From cfa62d1029af903a1f889f57529cfc549921b50d Mon Sep 17 00:00:00 2001
From: saheerb <saheer.babu@arm.com>
Date: Mon, 12 Jul 2021 12:49:01 +0100
Subject: [PATCH 06/17] fix workflow

---
 .github/workflows/docker_management.branch.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/docker_management.branch.yml b/.github/workflows/docker_management.branch.yml
index 7750afab103..e46f3a2623a 100644
--- a/.github/workflows/docker_management.branch.yml
+++ b/.github/workflows/docker_management.branch.yml
@@ -170,7 +170,8 @@ jobs:
       - 
         name: Checkout
         uses: actions/checkout@v2
-        path: mbed-os
+        with:
+          path: mbed-os
 
       - 
         name: Set up QEMU
@@ -191,7 +192,6 @@ jobs:
           shell: bash
           
           run: |
-            set -e
             uname -m
             ls
             ./mbed-os/docker_images/mbed-os-env/test.sh ${{ steps.build_info.outputs.MBED_OS_VERSION }}

From 51e1c5fdfc2269b67e8357278a8b40b2e4f0aab0 Mon Sep 17 00:00:00 2001
From: saheerb <saheer.babu@arm.com>
Date: Mon, 12 Jul 2021 14:45:26 +0100
Subject: [PATCH 07/17] .

---
 .../workflows/docker_management.branch.yml    |  2 +-
 .../workflows/docker_management.release.yml   |  3 +-
 .../workflows/docker_management.test-PR.yml   |  2 +-
 docker_images/mbed-os-env/test.sh             | 44 ++++++++++++++-----
 4 files changed, 38 insertions(+), 13 deletions(-)

diff --git a/.github/workflows/docker_management.branch.yml b/.github/workflows/docker_management.branch.yml
index e46f3a2623a..4ba8fdcd0d8 100644
--- a/.github/workflows/docker_management.branch.yml
+++ b/.github/workflows/docker_management.branch.yml
@@ -194,7 +194,7 @@ jobs:
           run: |
             uname -m
             ls
-            ./mbed-os/docker_images/mbed-os-env/test.sh ${{ steps.build_info.outputs.MBED_OS_VERSION }}
+            ./mbed-os/docker_images/mbed-os-env/test.sh DEVELOPMENT ${{ steps.build_info.outputs.MBED_OS_VERSION }}
             
       
   deploy-container:
diff --git a/.github/workflows/docker_management.release.yml b/.github/workflows/docker_management.release.yml
index b2e95348ad8..87979f390b1 100644
--- a/.github/workflows/docker_management.release.yml
+++ b/.github/workflows/docker_management.release.yml
@@ -187,6 +187,7 @@ jobs:
         uses: actions/checkout@v2
         with:
           ref: refs/tags/${{ steps.build_info.outputs.MBED_OS_VERSION }}
+          path: mbed-os
 
       - 
         name: Set up QEMU
@@ -205,7 +206,7 @@ jobs:
           shell: bash
           run: |
             uname -m
-            ./docker_images/mbed-os-env/test.sh ${{ steps.build_info.outputs.MBED_OS_VERSION }}
+            ./mbed-os/docker_images/mbed-os-env/test.sh RELEASE ${{ steps.build_info.outputs.MBED_OS_VERSION }}
             
       
   deploy-container:
diff --git a/.github/workflows/docker_management.test-PR.yml b/.github/workflows/docker_management.test-PR.yml
index 2f634545034..1de89db844c 100644
--- a/.github/workflows/docker_management.test-PR.yml
+++ b/.github/workflows/docker_management.test-PR.yml
@@ -58,4 +58,4 @@ jobs:
           shell: bash
           run: |
             uname -m
-            ./docker_images/mbed-os-env/test.sh 
+            ./docker_images/mbed-os-env/test.sh PR
diff --git a/docker_images/mbed-os-env/test.sh b/docker_images/mbed-os-env/test.sh
index a318ed2db9c..c08e42196f6 100755
--- a/docker_images/mbed-os-env/test.sh
+++ b/docker_images/mbed-os-env/test.sh
@@ -1,18 +1,42 @@
 #!/bin/sh
 set -x
-MBED_OS_VERSION=$1
-
-# for master version of mbed-os test with development version of example application
-if [ ${MBED_OS_VERSION} = "master" ];then
-    EXAMPLE_VERSION="development"
-else
-    EXAMPLE_VERSION=${MBED_OS_VERSION}
-fi
+IMAGE_RELEASE_TYPE=$1
+MBED_OS_VERSION=$2
 
+# 
 mbed import mbed-os-example-blinky
 cd mbed-os-example-blinky
+
+# when development images or PR checks are getting tested, use "development" version of example application
+# development versions and PR should only happen to master branch, if it is happening to other branch extend the if conditions
+if [ ${IMAGE_RELEASE_TYPE} == "DEVELOPMENT" ] || [ ${IMAGE_RELEASE_TYPE} == "PR" ];then
+    if [ ${MBED_OS_VERSION} == "master" ];then
+        EXAMPLE_VERSION="development"
+    else
+        echo "Not implemented"
+        exit 1
+    fi
+# When mbed-os tag is applied, and workflow is triggered to build RELEASE image, example application with same tag will be available yet.
+# use release candidate branch to test the image in that case.
+# When RELEASE image is passively checked, tag should be available in example application repo, then use it.
+elif [ ${IMAGE_RELEASE_TYPE} == "RELEASE" ] ; then
+    if git rev-parse "$MBED_OS_VERSION" >/dev/null 2>&1; then
+        EXAMPLE_VERSION=$MBED_OS_VERSION
+    else
+        EXAMPLE_VERSION="release_candidate"
+    fi
+fi
+
+
+echo ${EXAMPLE_VERSION}
 git checkout ${EXAMPLE_VERSION}
-mbed deploy 
 
+# regardless of example version, use the version of mbed-os getting built in the workflow.
+rm -rf mbed-os
+ln -s ../mbed-os mbed-os
+
+# build using CLI1
 mbed compile -m K64F -t GCC_ARM
-mbed-tools compile -m K64F -t GCC_ARM
+
+# build using CLI2
+mbed-tools compile -m K64F -t GCC_ARM                                                                                                                                                                                                                                                    

From 3af2bf01623a66cfdd2a8659177fdabc5beae612 Mon Sep 17 00:00:00 2001
From: saheerb <saheer.babu@arm.com>
Date: Mon, 12 Jul 2021 15:20:26 +0100
Subject: [PATCH 08/17] .

---
 .../workflows/docker_management.branch.yml    | 24 +++++++++++++++++--
 1 file changed, 22 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/docker_management.branch.yml b/.github/workflows/docker_management.branch.yml
index 4ba8fdcd0d8..3b1a377c1c9 100644
--- a/.github/workflows/docker_management.branch.yml
+++ b/.github/workflows/docker_management.branch.yml
@@ -171,7 +171,21 @@ jobs:
         name: Checkout
         uses: actions/checkout@v2
         with:
-          path: mbed-os
+          repository: ARMmbed/mbed-os-example-blinky
+          path: mbed-os-example-blinky
+          ref: development
+
+      - 
+        name: Remove mbed-os
+        shell: bash
+        run: |
+          rm -rf mbed-os
+
+      - 
+        name: Checkout
+        uses: actions/checkout@v2
+        with:
+          path: mbed-os-example-blinky/mbed-os
 
       - 
         name: Set up QEMU
@@ -194,7 +208,13 @@ jobs:
           run: |
             uname -m
             ls
-            ./mbed-os/docker_images/mbed-os-env/test.sh DEVELOPMENT ${{ steps.build_info.outputs.MBED_OS_VERSION }}
+            #./mbed-os/docker_images/mbed-os-env/test.sh DEVELOPMENT ${{ steps.build_info.outputs.MBED_OS_VERSION }}
+            cd mbed-os-example-blinky
+            # build using CLI1
+            mbed compile -m K64F -t GCC_ARM
+
+            # build using CLI2
+            mbed-tools compile -m K64F -t GCC_ARM         
             
       
   deploy-container:

From 9730e935cc595bf39fcb2630f548e0ecc1dc9406 Mon Sep 17 00:00:00 2001
From: saheerb <saheer.babu@arm.com>
Date: Mon, 12 Jul 2021 15:42:42 +0100
Subject: [PATCH 09/17] update versions

---
 .../workflows/docker_management.branch.yml    | 15 +---
 .../workflows/docker_management.release.yml   | 70 +++++++++----------
 .../workflows/docker_management.test-PR.yml   | 40 ++++++++---
 3 files changed, 68 insertions(+), 57 deletions(-)

diff --git a/.github/workflows/docker_management.branch.yml b/.github/workflows/docker_management.branch.yml
index 3b1a377c1c9..31c73881c60 100644
--- a/.github/workflows/docker_management.branch.yml
+++ b/.github/workflows/docker_management.branch.yml
@@ -167,6 +167,8 @@ jobs:
           value=`cat mbed_os_version`
           echo "::set-output name=MBED_OS_VERSION::$value"
 
+      # as the dev images are created only for master branch, run test against
+      # development branch of blinky
       - 
         name: Checkout
         uses: actions/checkout@v2
@@ -174,19 +176,6 @@ jobs:
           repository: ARMmbed/mbed-os-example-blinky
           path: mbed-os-example-blinky
           ref: development
-
-      - 
-        name: Remove mbed-os
-        shell: bash
-        run: |
-          rm -rf mbed-os
-
-      - 
-        name: Checkout
-        uses: actions/checkout@v2
-        with:
-          path: mbed-os-example-blinky/mbed-os
-
       - 
         name: Set up QEMU
         uses: docker/setup-qemu-action@v1
diff --git a/.github/workflows/docker_management.release.yml b/.github/workflows/docker_management.release.yml
index 87979f390b1..9bb0706a187 100644
--- a/.github/workflows/docker_management.release.yml
+++ b/.github/workflows/docker_management.release.yml
@@ -182,12 +182,35 @@ jobs:
           value=`cat mbed_os_version`
           echo "::set-output name=MBED_OS_VERSION::$value"
 
+      # as the dev images are created only for master branch, run test against
+      # development branch of blinky
+      - 
+        name: Checkout example blinky
+        uses: actions/checkout@v2
+        with:
+          repository: ARMmbed/mbed-os-example-blinky
+          path: mbed-os-example-blinky
+
+      - 
+        name: update the example application version to test against correct version
+        shell: bash
+        id: example_app_info
+        run: |
+          cd mbed-os-example-blinky
+          EXAMPLE_VERSION="release_candidate"
+          MBED_OS_VERSION=${{ steps.build_info.outputs.MBED_OS_VERSION }}
+          if git rev-parse "$MBED_OS_VERSION" >/dev/null 2>&1; then
+            EXAMPLE_VERSION=$MBED_OS_VERSION
+          fi
+          echo "::set-output VERSION=MBED_OS_VERSION::$value"
+          git checkout $EXAMPLE_VERSION
+
       - 
         name: Checkout
         uses: actions/checkout@v2
         with:
           ref: refs/tags/${{ steps.build_info.outputs.MBED_OS_VERSION }}
-          path: mbed-os
+          path: mbed-os-example-blinky/mbed-os
 
       - 
         name: Set up QEMU
@@ -202,11 +225,18 @@ jobs:
           password: ${{ secrets.GITHUB_TOKEN }}
           registry: ghcr.io
           options: -v ${{ github.workspace }}:/work -w=/work
-          image: ghcr.io/${{ github.actor }}/mbed-os-env-tmp@${{ steps.docker_info_dev.outputs.DIGEST }}
+          image: ghcr.io/${{ github.actor }}/mbed-os-env-tmp:${{ steps.build_info.outputs.DOCKER_DEV_TAG }}
+          # image: ghcr.io/${{ github.actor }}/mbed-os-env-tmp@${{ steps.docker_info_dev.outputs.DIGEST }}
           shell: bash
           run: |
             uname -m
-            ./mbed-os/docker_images/mbed-os-env/test.sh RELEASE ${{ steps.build_info.outputs.MBED_OS_VERSION }}
+            cd mbed-os-example-blinky
+            # build using CLI1
+            mbed compile -m K64F -t GCC_ARM
+
+            # build using CLI2
+            mbed-tools compile -m K64F -t GCC_ARM
+            
             
       
   deploy-container:
@@ -234,6 +264,7 @@ jobs:
           echo "MBED OS VERSION is $value"
           echo "::set-output name=MBED_OS_VERSION::$value"
 
+
       -
         name: Checkout
         uses: actions/checkout@v2
@@ -256,36 +287,3 @@ jobs:
           fi
           # copy to fixed tag
           docker run quay.io/skopeo/stable --src-creds=${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} --dest-creds=${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} copy --all docker://ghcr.io/${{ github.actor }}/mbed-os-env-tmp:${{ steps.build_info.outputs.DOCKER_DEV_TAG }}  docker://ghcr.io/${{ github.actor }}/mbed-os-env:${{ steps.build_info.outputs.DOCKER_PROD_TAG_DATED }}
-
-
-  move-failed-container:
-    runs-on: ubuntu-latest
-    needs: test-container
-    if:  ${{ failure() }}
-    steps:
-      - 
-        name: unarchive artefacts
-        uses: actions/download-artifact@v2
-        with:
-          name: build-info
-        
-      - 
-        name: Get build info from archive
-        shell: bash
-        id: build_info
-        run: |
-          value=`cat dev_tag`
-          echo "DEV TAG is $value"
-          echo "::set-output name=DOCKER_DEV_TAG::$value"
-          value=`cat prod_tag_dated`
-          echo "DATED PROD TAG is $value"
-          echo "::set-output name=DOCKER_PROD_TAG_DATED::$value"
-          value=`cat mbed_os_version`
-          echo "MBED OS VERSION is $value"
-          echo "::set-output name=MBED_OS_VERSION::$value"
-
-      # when tests fail, rename to "failed-" for easy identification
-      - 
-        name: Rename Dev Tag
-        run: |
-          docker run quay.io/skopeo/stable --src-creds=${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} --dest-creds=${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} copy --all docker://ghcr.io/${{ github.actor }}/mbed-os-env-tmp:${{ steps.build_info.outputs.DOCKER_DEV_TAG }}  docker://ghcr.io/${{ github.actor }}/mbed-os-env-tmp:failed-${{ steps.build_info.outputs.DOCKER_DEV_TAG }}
diff --git a/.github/workflows/docker_management.test-PR.yml b/.github/workflows/docker_management.test-PR.yml
index 1de89db844c..32a800fc44a 100644
--- a/.github/workflows/docker_management.test-PR.yml
+++ b/.github/workflows/docker_management.test-PR.yml
@@ -18,7 +18,8 @@ jobs:
 
     strategy:
       matrix:
-        platform: [linux/amd64, linux/arm64]
+        # platform: [linux/amd64, linux/arm64]
+        platform: [linux/amd64]
     steps:
 
       - 
@@ -28,10 +29,29 @@ jobs:
       - 
         name: Set up QEMU
         uses: docker/setup-qemu-action@v1
-        
+
+      # as the dev images are created only for master branch, run test against
+      # development branch of blinky
+      - 
+        name: Checkout
+        uses: actions/checkout@v2
+        with:
+          repository: ARMmbed/mbed-os-example-blinky
+          path: mbed-os-example-blinky
+          ref: development
+
+      -
+        name: Remove mbed-os from example-application
+        shell: bash
+        run: |
+          cd mbed-os-example-blinky
+          rm -rf mbed-os
+
       -
         name: Checkout
         uses: actions/checkout@v2
+        with:
+          path: mbed-os-example-blinky/mbed-os
         
       
       # cache documentation: https://github.com/docker/build-push-action/blob/master/docs/advanced/cache.md
@@ -40,12 +60,11 @@ jobs:
         uses: docker/build-push-action@v2
         id: docker_build_dev
         with:
-          context: .
+          context: ./mbed-os-example-blinky/mbed-os
           platforms: ${{ matrix.platform }}
-          file: ./docker_images/mbed-os-env/Dockerfile
+          file: ./mbed-os-example-blinky/mbed-os/docker_images/mbed-os-env/Dockerfile
           load: true
-          tags: mbed-os-env:a_pr_test
-          cache-from: type=registry,ref=ghcr.io/${{ github.actor }}/mbed-os-env:master-latest
+          tags: mbed-os-env:a_pr_test_${{ matrix.platform }}
 
 
       - 
@@ -54,8 +73,13 @@ jobs:
         uses: addnab/docker-run-action@v2
         with:
           options: -v ${{ github.workspace }}:/work -w=/work
-          image: mbed-os-env:a_pr_test
+          image: mbed-os-env:a_pr_test_${{ matrix.platform }}
           shell: bash
           run: |
             uname -m
-            ./docker_images/mbed-os-env/test.sh PR
+            cd mbed-os-example-blinky
+            # build using CLI1
+            mbed compile -m K64F -t GCC_ARM
+
+            # build using CLI2
+            mbed-tools compile -m K64F -t GCC_ARM   

From 071c5a46ca8e365d3a282887875efa7058a0fcf4 Mon Sep 17 00:00:00 2001
From: Saheer Babu <saheer.babu@arm.com>
Date: Mon, 12 Jul 2021 16:23:20 +0100
Subject: [PATCH 10/17] Update docker_management.branch.yml

---
 .github/workflows/docker_management.branch.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/docker_management.branch.yml b/.github/workflows/docker_management.branch.yml
index 31c73881c60..406830dcb1b 100644
--- a/.github/workflows/docker_management.branch.yml
+++ b/.github/workflows/docker_management.branch.yml
@@ -199,6 +199,7 @@ jobs:
             ls
             #./mbed-os/docker_images/mbed-os-env/test.sh DEVELOPMENT ${{ steps.build_info.outputs.MBED_OS_VERSION }}
             cd mbed-os-example-blinky
+            mbed deploy
             # build using CLI1
             mbed compile -m K64F -t GCC_ARM
 

From 391599a3e6c4a5aa05bd3bb3e3e106e2448e9886 Mon Sep 17 00:00:00 2001
From: saheerb <saheer.babu@arm.com>
Date: Mon, 12 Jul 2021 17:31:31 +0100
Subject: [PATCH 11/17] update versions

---
 .../workflows/docker_management.release.yml   | 10 ++++-
 docker_images/mbed-os-env/test.sh             | 42 -------------------
 2 files changed, 8 insertions(+), 44 deletions(-)
 delete mode 100755 docker_images/mbed-os-env/test.sh

diff --git a/.github/workflows/docker_management.release.yml b/.github/workflows/docker_management.release.yml
index 9bb0706a187..11ce0245826 100644
--- a/.github/workflows/docker_management.release.yml
+++ b/.github/workflows/docker_management.release.yml
@@ -11,6 +11,7 @@ on:
   push:
     tags: 
       - mbed-os-6.[0-9]+.[0-9]+
+      - mbed-os-6.[0-9]+.[0-9]+-rc.*
 
   schedule:
     - cron:  '15 4 * * *'
@@ -191,19 +192,24 @@ jobs:
           repository: ARMmbed/mbed-os-example-blinky
           path: mbed-os-example-blinky
 
+
       - 
         name: update the example application version to test against correct version
+        # When mbed-os tag is applied, and workflow is triggered to build RELEASE image, example application with same tag will be available yet.
+        # use release candidate branch to test the image in that case.
+        # When RELEASE image is passively checked, tag should be available in example application repo, then use it.
         shell: bash
         id: example_app_info
         run: |
           cd mbed-os-example-blinky
           EXAMPLE_VERSION="release_candidate"
           MBED_OS_VERSION=${{ steps.build_info.outputs.MBED_OS_VERSION }}
+          # if tag is present in example repo, use the tag 
           if git rev-parse "$MBED_OS_VERSION" >/dev/null 2>&1; then
             EXAMPLE_VERSION=$MBED_OS_VERSION
           fi
-          echo "::set-output VERSION=MBED_OS_VERSION::$value"
-          git checkout $EXAMPLE_VERSION
+          # echo "::set-output VERSION=MBED_OS_VERSION::$EXAMPLE_VERSION"
+          git checkout ${EXAMPLE_VERSION}
 
       - 
         name: Checkout
diff --git a/docker_images/mbed-os-env/test.sh b/docker_images/mbed-os-env/test.sh
deleted file mode 100755
index c08e42196f6..00000000000
--- a/docker_images/mbed-os-env/test.sh
+++ /dev/null
@@ -1,42 +0,0 @@
-#!/bin/sh
-set -x
-IMAGE_RELEASE_TYPE=$1
-MBED_OS_VERSION=$2
-
-# 
-mbed import mbed-os-example-blinky
-cd mbed-os-example-blinky
-
-# when development images or PR checks are getting tested, use "development" version of example application
-# development versions and PR should only happen to master branch, if it is happening to other branch extend the if conditions
-if [ ${IMAGE_RELEASE_TYPE} == "DEVELOPMENT" ] || [ ${IMAGE_RELEASE_TYPE} == "PR" ];then
-    if [ ${MBED_OS_VERSION} == "master" ];then
-        EXAMPLE_VERSION="development"
-    else
-        echo "Not implemented"
-        exit 1
-    fi
-# When mbed-os tag is applied, and workflow is triggered to build RELEASE image, example application with same tag will be available yet.
-# use release candidate branch to test the image in that case.
-# When RELEASE image is passively checked, tag should be available in example application repo, then use it.
-elif [ ${IMAGE_RELEASE_TYPE} == "RELEASE" ] ; then
-    if git rev-parse "$MBED_OS_VERSION" >/dev/null 2>&1; then
-        EXAMPLE_VERSION=$MBED_OS_VERSION
-    else
-        EXAMPLE_VERSION="release_candidate"
-    fi
-fi
-
-
-echo ${EXAMPLE_VERSION}
-git checkout ${EXAMPLE_VERSION}
-
-# regardless of example version, use the version of mbed-os getting built in the workflow.
-rm -rf mbed-os
-ln -s ../mbed-os mbed-os
-
-# build using CLI1
-mbed compile -m K64F -t GCC_ARM
-
-# build using CLI2
-mbed-tools compile -m K64F -t GCC_ARM                                                                                                                                                                                                                                                    

From 279d4b547fbc19f043d410eec0c0931a896e7482 Mon Sep 17 00:00:00 2001
From: saheerb <saheer.babu@arm.com>
Date: Mon, 12 Jul 2021 17:44:45 +0100
Subject: [PATCH 12/17] update versions

---
 .github/workflows/docker_management.release.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/docker_management.release.yml b/.github/workflows/docker_management.release.yml
index 11ce0245826..473ba7d6d17 100644
--- a/.github/workflows/docker_management.release.yml
+++ b/.github/workflows/docker_management.release.yml
@@ -191,6 +191,7 @@ jobs:
         with:
           repository: ARMmbed/mbed-os-example-blinky
           path: mbed-os-example-blinky
+          fetch-depth: 0
 
 
       - 

From 4f0c48a9ab850417a9813d293c8e942c14aa259d Mon Sep 17 00:00:00 2001
From: saheerb <saheer.babu@arm.com>
Date: Mon, 12 Jul 2021 21:52:31 +0100
Subject: [PATCH 13/17] update versions

---
 .github/workflows/docker_management.test-PR.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/docker_management.test-PR.yml b/.github/workflows/docker_management.test-PR.yml
index 32a800fc44a..f79223315e0 100644
--- a/.github/workflows/docker_management.test-PR.yml
+++ b/.github/workflows/docker_management.test-PR.yml
@@ -64,7 +64,7 @@ jobs:
           platforms: ${{ matrix.platform }}
           file: ./mbed-os-example-blinky/mbed-os/docker_images/mbed-os-env/Dockerfile
           load: true
-          tags: mbed-os-env:a_pr_test_${{ matrix.platform }}
+          tags: mbed-os-env:a_pr_test
 
 
       - 

From d2f6c79f99bc54da74c26583dc34177746e1ee68 Mon Sep 17 00:00:00 2001
From: saheerb <saheer.babu@arm.com>
Date: Mon, 12 Jul 2021 21:59:13 +0100
Subject: [PATCH 14/17] update versions

---
 .github/workflows/docker_management.test-PR.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/docker_management.test-PR.yml b/.github/workflows/docker_management.test-PR.yml
index f79223315e0..6cdab905994 100644
--- a/.github/workflows/docker_management.test-PR.yml
+++ b/.github/workflows/docker_management.test-PR.yml
@@ -73,7 +73,7 @@ jobs:
         uses: addnab/docker-run-action@v2
         with:
           options: -v ${{ github.workspace }}:/work -w=/work
-          image: mbed-os-env:a_pr_test_${{ matrix.platform }}
+          image: mbed-os-env:a_pr_test
           shell: bash
           run: |
             uname -m

From abfeca78437a72c3633d128866a092fc89e15d38 Mon Sep 17 00:00:00 2001
From: Saheer <saheerb@gmail.com>
Date: Tue, 13 Jul 2021 14:26:38 +0100
Subject: [PATCH 15/17] pr test

---
 .../workflows/docker_management.branch.yml    |  15 +-
 .github/workflows/docker_management.prune.yml |   2 +-
 .../workflows/docker_management.release.yml   |   6 +-
 .../workflows/docker_management.test-PR.yml   | 159 ++++++++++++------
 docker_images/mbed-os-env/Dockerfile          |  25 +--
 5 files changed, 133 insertions(+), 74 deletions(-)

diff --git a/.github/workflows/docker_management.branch.yml b/.github/workflows/docker_management.branch.yml
index 406830dcb1b..6956a7e417a 100644
--- a/.github/workflows/docker_management.branch.yml
+++ b/.github/workflows/docker_management.branch.yml
@@ -6,9 +6,11 @@ name: Publish or Update docker image for head of branch
 
 on:
 
+  # passive update once a week
   schedule:
-    - cron:  '15 4 * * *'
+    - cron:  '15 4 * * 7'
 
+  # build on master branch when there is changes for active update
   push:
     branches: 
       - master
@@ -19,6 +21,7 @@ on:
       - .github/workflows/docker_management.branch.yml
 
 
+  # manual trigger when needed 
   workflow_dispatch: 
 
 
@@ -34,11 +37,6 @@ jobs:
         run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})"
         id: extract_branch
 
-      - 
-        name: Print event name
-        shell: bash
-        run: echo ${{github.event_name}}
-
       -
         name: Checkout
         uses: actions/checkout@v2
@@ -65,16 +63,14 @@ jobs:
           echo ${{ steps.extract_branch.outputs.branch }}-latest > build_info/prod_tag_latest
           echo ${{ steps.extract_branch.outputs.branch }} > build_info/mbed_os_version
           
-      # archiving and unarchiving are github actions ways to pass variables between jobs    
       - 
         name: Archive information 
         uses: actions/upload-artifact@v2
         with:
           name: build-info
           path: build_info
-          
-
 
+          
   build-container:
     runs-on: ubuntu-latest
     needs: prepare-tags
@@ -235,6 +231,5 @@ jobs:
       - 
         name: copy dev tag to prod
         run: |
-          ls 
           docker run quay.io/skopeo/stable --src-creds=${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} --dest-creds=${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} copy --all docker://ghcr.io/${{ github.actor }}/mbed-os-env-tmp:${{ steps.build_info.outputs.DOCKER_DEV_TAG }}  docker://ghcr.io/${{ github.actor }}/mbed-os-env:${{ steps.build_info.outputs.DOCKER_PROD_TAG_LATEST }}
           docker run quay.io/skopeo/stable --src-creds=${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} --dest-creds=${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} copy --all docker://ghcr.io/${{ github.actor }}/mbed-os-env-tmp:${{ steps.build_info.outputs.DOCKER_DEV_TAG }}  docker://ghcr.io/${{ github.actor }}/mbed-os-env:${{ steps.build_info.outputs.DOCKER_PROD_TAG_DATED }}
diff --git a/.github/workflows/docker_management.prune.yml b/.github/workflows/docker_management.prune.yml
index 8891531b7dd..839d42badea 100644
--- a/.github/workflows/docker_management.prune.yml
+++ b/.github/workflows/docker_management.prune.yml
@@ -20,7 +20,7 @@ jobs:
         name: Delete old temporary images
         run: |
           # the following command may fail because github package doesn't allow 
-          # deletion if only one image exists or if GITHUB_DELETE_IMAGE_TOKEN is not 
+          # deletion if only one image exists or if DOCKER_MANAGEMENT_TOKEN is not 
           # setup. This shouldn't create any alarm as temporary image deletion is 
           # not a critical activity.
           python ./.github/workflows/ci_scripts/github_utils.py -u ${{ github.actor }} -p ${{ secrets.DOCKER_MANAGEMENT_TOKEN }} delete-old-images -r mbed-os-env-tmp | true
diff --git a/.github/workflows/docker_management.release.yml b/.github/workflows/docker_management.release.yml
index 473ba7d6d17..c9d72d92441 100644
--- a/.github/workflows/docker_management.release.yml
+++ b/.github/workflows/docker_management.release.yml
@@ -1,6 +1,6 @@
 name: Release or update docker image for a released mbed-os version
 
-# Read TODO: add design link before editing this file
+# Design details: [TODO: add design link] 
 
 # This work flow is disabled for forked repositories. 
 # If you need to enable it, find references for github.repository_owner in this file
@@ -14,7 +14,7 @@ on:
       - mbed-os-6.[0-9]+.[0-9]+-rc.*
 
   schedule:
-    - cron:  '15 4 * * *'
+    - cron:  '15 4 * * 7'
 
   workflow_dispatch:
     inputs:
@@ -271,14 +271,12 @@ jobs:
           echo "MBED OS VERSION is $value"
           echo "::set-output name=MBED_OS_VERSION::$value"
 
-
       -
         name: Checkout
         uses: actions/checkout@v2
         with:
           ref: refs/tags/${{ steps.build_info.outputs.MBED_OS_VERSION }}
 
-      # when tests succeed copy to fixed tags
       - 
         name: copy dev tag to prod dated tag
         run: |
diff --git a/.github/workflows/docker_management.test-PR.yml b/.github/workflows/docker_management.test-PR.yml
index 6cdab905994..9a292a98ea9 100644
--- a/.github/workflows/docker_management.test-PR.yml
+++ b/.github/workflows/docker_management.test-PR.yml
@@ -1,6 +1,6 @@
 name: Build and test image when PR is raised
 
-# This workflow is triggered when Dockerfile relatedt or github action itself changes are made in a PR
+# This workflow is triggered when Dockerfile related or github action itself changes are made in a PR
 # The workflow is quite simple - builds and test the image. Release of newer version is done only when PR is merged.
 
 on:
@@ -12,16 +12,11 @@ on:
       - requirements.txt
 
 jobs:
-
   build-container:
     runs-on: ubuntu-latest
-
-    strategy:
-      matrix:
-        # platform: [linux/amd64, linux/arm64]
-        platform: [linux/amd64]
+    needs: prepare-tags
+    
     steps:
-
       - 
         name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v1
@@ -30,56 +25,124 @@ jobs:
         name: Set up QEMU
         uses: docker/setup-qemu-action@v1
 
-      # as the dev images are created only for master branch, run test against
-      # development branch of blinky
       - 
-        name: Checkout
-        uses: actions/checkout@v2
+        name: Login to DockerHub
+        uses: docker/login-action@v1 
         with:
-          repository: ARMmbed/mbed-os-example-blinky
-          path: mbed-os-example-blinky
-          ref: development
-
-      -
-        name: Remove mbed-os from example-application
-        shell: bash
-        run: |
-          cd mbed-os-example-blinky
-          rm -rf mbed-os
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
 
       -
         name: Checkout
         uses: actions/checkout@v2
-        with:
-          path: mbed-os-example-blinky/mbed-os
-        
-      
-      # cache documentation: https://github.com/docker/build-push-action/blob/master/docs/advanced/cache.md
+
       -
-        name: Build with remote cache
+        name: Build docker containers
         uses: docker/build-push-action@v2
         id: docker_build_dev
         with:
-          context: ./mbed-os-example-blinky/mbed-os
-          platforms: ${{ matrix.platform }}
-          file: ./mbed-os-example-blinky/mbed-os/docker_images/mbed-os-env/Dockerfile
-          load: true
-          tags: mbed-os-env:a_pr_test
+          context: .
+          platforms: linux/amd64,linux/arm64
+          # platforms: linux/amd64
+          push: true
+          file: ./docker_images/mbed-os-env/Dockerfile
+          tags: ghcr.io/${{ github.actor }}/mbed-os-env-tmp:${{ GITHUB_SHA }}
 
+  # test-container:
+  #   runs-on: ubuntu-latest
+  #   needs: build-container
+  #   strategy:
+  #     matrix:
+  #       # platform: [linux/amd64, linux/arm64]
+  #       platform: [linux/amd64]
+        
+  #   steps:
+  #     # as the dev images are created only for master branch, run test against
+  #     # development branch of blinky
+  #     - 
+  #       name: Checkout example blinky
+  #       uses: actions/checkout@v2
+  #       with:
+  #         repository: ARMmbed/mbed-os-example-blinky
+  #         path: mbed-os-example-blinky
+  #         ref: development
+  #         fetch-depth: 0
 
-      - 
-        name: test the container
-        id: test
-        uses: addnab/docker-run-action@v2
-        with:
-          options: -v ${{ github.workspace }}:/work -w=/work
-          image: mbed-os-env:a_pr_test
-          shell: bash
-          run: |
-            uname -m
-            cd mbed-os-example-blinky
-            # build using CLI1
-            mbed compile -m K64F -t GCC_ARM
+  #     - 
+  #       name: Checkout
+  #       uses: actions/checkout@v2
+  #       with:
+  #         path: mbed-os-example-blinky/mbed-os
+
+  #     - 
+  #       name: Set up QEMU
+  #       uses: docker/setup-qemu-action@v1
+
+  #     - 
+  #       name: test the container
+  #       id: test
+  #       uses: addnab/docker-run-action@v3
+  #       with:
+  #         username: ${{ github.actor }}
+  #         password: ${{ secrets.GITHUB_TOKEN }}
+  #         registry: ghcr.io
+  #         options: -v ${{ github.workspace }}:/work -w=/work
+  #         image: ghcr.io/${{ github.actor }}/mbed-os-env-tmp:${{ steps.build_info.outputs.DOCKER_DEV_TAG }}
+  #         # image: ghcr.io/${{ github.actor }}/mbed-os-env-tmp@${{ steps.docker_info_dev.outputs.DIGEST }}
+  #         shell: bash
+  #         run: |
+  #           uname -m
+  #           cd mbed-os-example-blinky
+  #           # build using CLI1
+  #           mbed compile -m K64F -t GCC_ARM
+
+  #           # build using CLI2
+  #           mbed-tools compile -m K64F -t GCC_ARM
+            
+  # deploy-container:
+  #   runs-on: ubuntu-latest
+  #   needs: test-container
+  #   steps:
+  #     - 
+  #       name: unarchive artefacts
+  #       uses: actions/download-artifact@v2
+  #       with:
+  #         name: build-info
+        
+  #     - 
+  #       name: Get build info from archive
+  #       shell: bash
+  #       id: build_info
+  #       run: |
+  #         value=`cat dev_tag`
+  #         echo "DEV TAG is $value"
+  #         echo "::set-output name=DOCKER_DEV_TAG::$value"
+  #         value=`cat prod_tag_dated`
+  #         echo "DATED PROD TAG is $value"
+  #         echo "::set-output name=DOCKER_PROD_TAG_DATED::$value"
+  #         value=`cat mbed_os_version`
+  #         echo "MBED OS VERSION is $value"
+  #         echo "::set-output name=MBED_OS_VERSION::$value"
+
+  #     -
+  #       name: Checkout
+  #       uses: actions/checkout@v2
+  #       with:
+  #         ref: refs/tags/${{ steps.build_info.outputs.MBED_OS_VERSION }}
 
-            # build using CLI2
-            mbed-tools compile -m K64F -t GCC_ARM   
+  #     - 
+  #       name: copy dev tag to prod dated tag
+  #       run: |
+  #         set -x
+  #         echo ${{ needs.test-container.result }}
+  #         upto_patch_version=${{ steps.build_info.outputs.MBED_OS_VERSION }}-latest
+  #         upto_min_version=${upto_patch_version%.[0-9]*}-latest
+  #         upto_major_version=${upto_patch_version%.[0-9]*.[0-9]*}-latest
+  #         docker run quay.io/skopeo/stable --src-creds=${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} --dest-creds=${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} copy --all docker://ghcr.io/${{ github.actor }}/mbed-os-env-tmp:${{ steps.build_info.outputs.DOCKER_DEV_TAG }}  docker://ghcr.io/${{ github.actor }}/mbed-os-env:${upto_patch_version}
+  #         docker run quay.io/skopeo/stable --src-creds=${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} --dest-creds=${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} copy --all docker://ghcr.io/${{ github.actor }}/mbed-os-env-tmp:${{ steps.build_info.outputs.DOCKER_DEV_TAG }}  docker://ghcr.io/${{ github.actor }}/mbed-os-env:${upto_min_version}
+  #         if [ "workflow_dispatch" != "${{github.event_name}}" ];then
+  #           docker run quay.io/skopeo/stable --src-creds=${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} --dest-creds=${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} copy --all docker://ghcr.io/${{ github.actor }}/mbed-os-env-tmp:${{ steps.build_info.outputs.DOCKER_DEV_TAG }}  docker://ghcr.io/${{ github.actor }}/mbed-os-env:${upto_major_version}
+  #         fi
+  #         # copy to fixed tag
+  #         docker run quay.io/skopeo/stable --src-creds=${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} --dest-creds=${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} copy --all docker://ghcr.io/${{ github.actor }}/mbed-os-env-tmp:${{ steps.build_info.outputs.DOCKER_DEV_TAG }}  docker://ghcr.io/${{ github.actor }}/mbed-os-env:${{ steps.build_info.outputs.DOCKER_PROD_TAG_DATED }}
diff --git a/docker_images/mbed-os-env/Dockerfile b/docker_images/mbed-os-env/Dockerfile
index cdff7e7370d..65a95f64bab 100644
--- a/docker_images/mbed-os-env/Dockerfile
+++ b/docker_images/mbed-os-env/Dockerfile
@@ -30,17 +30,21 @@ RUN set -x \
     && update-alternatives --install /usr/bin/python python /usr/bin/python3.8 1 \
     && : # last line
 
-# Cmake (Mbed OS requires >=3.19.0-rc3 version which is not available in Ubuntu 20.04 repository)
+
 RUN set -x \
-    && (cd /tmp \
-    && [ "$(uname -m)" = "aarch64" ] && \
-        CMAKE_SCRIPT="cmake-3.19.3-Linux-aarch64.sh" || \
-        CMAKE_SCRIPT="cmake-3.19.3-Linux-x86_64.sh" \  
-    && wget --progress=dot:giga https://github.com/Kitware/CMake/releases/download/v3.19.3/${CMAKE_SCRIPT} \
-    && sh ${CMAKE_SCRIPT} --exclude-subdir --prefix=/usr/local \
-    && rm -rf ${CMAKE_SCRIPT}) \
-    && exec bash \
-    && : # last line
+    && pip3 install -U cmake
+
+# Cmake (Mbed OS requires >=3.19.0-rc3 version which is not available in Ubuntu 20.04 repository)
+# RUN set -x \
+#     && (cd /tmp \
+#     && [ "$(uname -m)" = "aarch64" ] && \
+#         CMAKE_SCRIPT="cmake-3.19.3-Linux-aarch64.sh" || \
+#         CMAKE_SCRIPT="cmake-3.19.3-Linux-x86_64.sh" \  
+#     && wget --progress=dot:giga https://github.com/Kitware/CMake/releases/download/v3.19.3/${CMAKE_SCRIPT} \
+#     && sh ${CMAKE_SCRIPT} --exclude-subdir --prefix=/usr/local \
+#     && rm -rf ${CMAKE_SCRIPT}) \
+#     && exec bash \
+#     && : # last line
 
 # Set up mbed environment
 WORKDIR /tmp/
@@ -96,5 +100,4 @@ RUN /bin/bash -c \
     && (echo -n 'mbed-tools ' && mbed-tools --version) | tee -a env_settings \
     && : # LAST LINE"
 
-
 WORKDIR /root

From aca7b709c331f9d9b91c777110c96675c8c14d90 Mon Sep 17 00:00:00 2001
From: Saheer Babu <saheer.babu@arm.com>
Date: Tue, 13 Jul 2021 14:28:38 +0100
Subject: [PATCH 16/17] Update docker_management.release.yml

---
 .github/workflows/docker_management.release.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/docker_management.release.yml b/.github/workflows/docker_management.release.yml
index c9d72d92441..aa6e4c5e653 100644
--- a/.github/workflows/docker_management.release.yml
+++ b/.github/workflows/docker_management.release.yml
@@ -7,6 +7,7 @@ name: Release or update docker image for a released mbed-os version
 # and replace with ARMmbed with your organisation/account name
 
 
+
 on:    
   push:
     tags: 

From fd0f4e39b84d159c6056b4d2555e20653fa04c91 Mon Sep 17 00:00:00 2001
From: Saheer Babu <saheer.babu@arm.com>
Date: Tue, 13 Jul 2021 14:34:00 +0100
Subject: [PATCH 17/17] Update docker_management.branch.yml

---
 .github/workflows/docker_management.branch.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/docker_management.branch.yml b/.github/workflows/docker_management.branch.yml
index 6956a7e417a..65d3ff2e48c 100644
--- a/.github/workflows/docker_management.branch.yml
+++ b/.github/workflows/docker_management.branch.yml
@@ -4,6 +4,7 @@ name: Publish or Update docker image for head of branch
 # and replace with ARMmbed with your organisation/account name
 # Read more details in TODO: add design link
 
+
 on:
 
   # passive update once a week