Use salt-local with `--file-root`, but include also your formula directory?

I do the following: salt-call --local --file-root="$(git rev-parse --show-toplevel)" --file-root="$(git rev-parse --show-toplevel)/formulas/firewalld-formula" --pillar-root="$(git rev-parse --show-toplevel)/pillar" state.test firewalld

This works fine for just the firewalld-formula directory to call the firewalld state. But the original root file is overwritten, so other states that were included in the original root are not found anymore. Is there a way to define multiple root entries? The man page seems to talk about a single path.

> --file-root=FILE_ROOT
> Set this directory as the base file root.

Putting everything in the same command switch makes Salt completely lost on where the state files are. So this doesn't work either --file-root="$(git rev-parse --show-toplevel) $(git rev-parse --show-toplevel)/formulas/firewalld-formula".

On the Salt master I can define multiple file roots:

file_roots:
  base:
    - /salt/srv
    - /salt/srv/formulas/firewalld-formula

How could I create a similar setup for the salt-local command?

salt-call cannot define multiple roots. There is an open feature request.

Note that your proposed structure also has a major security issue. You have nested your pillar inside your state tree. This exposes the secrets to every minion if this were used on a salt-master.