Fix build with Node 20

.github/workflows/bump-version.yaml

@@ -15,5 +15,6 @@ jobs:
   bump:
     uses: IronCoreLabs/workflows/.github/workflows/bump-version.yaml@bump-version-v1
     with:
+      release_prereleases: false
       version: ${{ inputs.version }}
     secrets: inherit

.github/workflows/publish.yaml

@@ -0,0 +1,13 @@
+name: Typescript Publish
+on:
+  release:
+    types:
+      - "created" # triggered by Bump Version creating a release
+  workflow_dispatch:
+jobs:
+  typescript-ci:
+    # TODO: update to released workflow
+    uses: IronCoreLabs/workflows/.github/workflows/typescript-release.yaml@add-typescript-release
+    with:
+      pre_publish_steps: "./build.js; cd dist"
+    secrets: inherit

.github/workflows/typescript-ci.yaml

@@ -13,4 +13,5 @@ jobs:
       # this repo runs coverage in its default test command, which will fail if
       # under the thresholds defined in jest.config.js, so coverage delta doesn't matter as much
       run_coverage: false
+      additional_steps: "./build.js"
     secrets: inherit

RELEASING.md

@@ -1,8 +1,4 @@
-Release Checklist
-=================
+# Release Checklist
 
-* Decide on the new version number and update it within the `package.json` file. This will be used as the NPM version number.
-* Add the CHANGELOG.md entry for the release by looking at the PRs.
-* Commit `package.json` (for version number) and `CHANGELOG.md`.
-* Run the `./build.js` script to make sure the build runs successfully.
-* If it all looks good, run `./build.js --publish` which will compile the SDK, push it to NPM, and push a tag to the repo.
+-   PR and merge the `CHANGELOG.md` entry for the release by looking at the commits.
+-   Decide on the new version number and run the [Bump Version](https://github.com/IronCoreLabs/ironnode/actions/workflows/bump-version.yaml) action. This will create a GitHub release and trigger the Typescript Release action.

build.js

@@ -5,17 +5,14 @@
  * ========================
  *
  * This build file is responsible for compiling the IronNode SDK from TypeScript into ES6 JavaScript to work within Node applications. The
- * resulting build will be put into a top-level `dist` directory where it will be ready to perform an NPM publish step. If the `--publish` option
- * is provided then the entire dist directory will be pushed up to NPM as @ironcorelabs/ironnode and a tag of the released version will be added
- * to git. Otherwise we'll run a mock publish and leave the dist directory in place.
+ * resulting build will be put into a top-level `dist` directory where it will be ready to perform an NPM publish step.
  *
  * Running this build script will also run unit tests to ensure they pass before deploying any code.
  *
  * In addition, during the build process we'll also replace the API endpoint this SDK hits from the local environment to the production environment. Therefore
  * the published version of this SDK will only work against a production environment.
  */
 
-const fs = require("fs");
 const path = require("path");
 const shell = require("shelljs");
 const package = require("./package.json");
@@ -24,75 +21,18 @@ const package = require("./package.json");
 shell.set("-e");
 
 const args = process.argv.slice(2);
-const SHOULD_PUBLISH = args.indexOf("--publish") !== -1;
 
 if (args.indexOf("-h") !== -1 || args.indexOf("--help") !== -1) {
     shell.echo("Build script to compile IronNode SDK");
     shell.echo();
     shell.echo("  Usage: ./build.js");
-    shell.echo("    Options:");
-    shell.echo("      --publish If provided, publish service to NPM and tag repo with version from package.json file.");
     shell.exit(0);
 }
 
-/**
- * Publish the SDK. Will do a dry-run unless argument is provided to perform actual publish
- */
-function publishModule() {
-    shell.pushd("./dist");
-    shell.exec(SHOULD_PUBLISH ? "npm publish --access public" : "npm publish --dry-run");
-    shell.popd();
-}
-
-/**
- * Tag the repo with the current version that we're publishing
- */
-function tagRepo(version) {
-    if (SHOULD_PUBLISH) {
-        shell.exec(`git tag ${version}`);
-        shell.exec("git push origin --tags");
-    } else {
-        console.log(`\n\nWould publish git tag as version ${version}.`);
-    }
-}
-
-/**
- * Ensure that we're in a pristine, up-to-date repo and on the main branch before allowing user to continue. Only does
- * verification if user is actually trying to perform an NPM publish
- */
-function ensureNoChangesOnMainBeforePublish() {
-    //Let users try the build script as long as they're not doing an actual publish
-    if (!SHOULD_PUBLISH) {
-        return true;
-    }
-
-    shell.exec("git fetch origin", {silent: true});
-
-    const currentBranch = shell.exec("git symbolic-ref --short -q HEAD", {silent: true});
-    if (currentBranch.stdout.trim() !== "main") {
-        shell.echo("Modules can only be deployed off 'main' branch.");
-        shell.exit(-1);
-    }
-
-    const changesOnBranch = shell.exec("git log HEAD..origin/main --oneline", {silent: true});
-    if (changesOnBranch.stdout.trim() !== "") {
-        shell.echo("Local repo and origin are out of sync! Have you pushed all your changes? Have you pulled the latest?");
-        shell.exit(-1);
-    }
-
-    const localChanges = shell.exec("git status --porcelain", {silent: true});
-    if (localChanges.stdout.trim() !== "") {
-        shell.echo("This git repository is has uncommitted files. Publish aborted!");
-        shell.exit(-1);
-    }
-}
-
 //Ensure that we're at the root directory of the repo to start
 const buildScriptDirectory = path.dirname(process.argv[1]);
 shell.cd(path.join(buildScriptDirectory));
 
-ensureNoChangesOnMainBeforePublish();
-
 //Clean up any existing dist directory
 shell.rm("-rf", "./dist");
 
@@ -111,7 +51,4 @@ shell.cp("./package.json", "./dist");
 shell.cp("./ironnode.d.ts", "./dist");
 shell.cp("./README.md", "./dist");
 
-publishModule();
-tagRepo(package.version);
-
 console.log("\n\nBuild Complete!");

package.json

@@ -35,7 +35,7 @@
     "@types/inquirer": "^9.0.9",
     "@types/jest": "^26.0.7",
     "@types/jsonwebtoken": "^8.5.0",
-    "@types/node": "^24.8.0",
+    "@types/node": "^20.14.8",
     "inquirer": "^12.9.2",
     "jest": "^26.6.0",
     "jest-extended": "^0.11.5",
@@ -44,7 +44,7 @@
     "ts-jest": "^26.5.0",
     "ts-node": "^8.10.2",
     "tslint": "^6.1.2",
-    "typescript": "^3.9.7",
+    "typescript": "^4.9.5",
     "typestrict": "^1.0.2"
   },
   "resolutions": {

src/crypto/AES.ts

@@ -98,7 +98,7 @@ export function encryptBytes(documentHeader: Buffer, document: Buffer, documentS
         const cipher = crypto.createCipheriv(AES_ALGORITHM, documentSymmetricKey, iv);
         return Future.of(Buffer.concat([documentHeader, iv, cipher.update(document), cipher.final(), cipher.getAuthTag()]));
     } catch (e) {
-        return Future.reject(new SDKError(e, ErrorCodes.DOCUMENT_ENCRYPT_FAILURE));
+        return Future.reject(new SDKError(e as Error, ErrorCodes.DOCUMENT_ENCRYPT_FAILURE));
     }
 }
 
@@ -121,16 +121,14 @@ export function encryptStream(documentHeader: Buffer, inputStream: NodeJS.Readab
         try {
             inputStream.pipe(encryptionStream.getEncryptionStream()).pipe(outputStream);
         } catch (e) {
-            reject(new SDKError(e, ErrorCodes.DOCUMENT_ENCRYPT_FAILURE));
+            reject(new SDKError(e as Error, ErrorCodes.DOCUMENT_ENCRYPT_FAILURE));
         }
     });
 }
 
 /**
  * Decrypt the provided encrypted document package (ciphertext, IV, GCM tag) with the provided symmetric key.
  * @param {Buffer} cipherText           Document content to decrypt
- * @param {Buffer} iv                   Document IV
- * @param {Buffer} gcmTag               Document GCM auth tag
  * @param {Buffer} documentSymmetricKey Symmetric key to use to decrypt
  */
 export function decryptBytes(cipherText: Buffer, documentSymmetricKey: Buffer): Future<SDKError, Buffer> {
@@ -146,7 +144,7 @@ export function decryptBytes(cipherText: Buffer, documentSymmetricKey: Buffer):
         cipher.setAuthTag(gcmTag);
         return Future.of(Buffer.concat([cipher.update(content), cipher.final()]));
     } catch (e) {
-        return Future.reject(new SDKError(e, ErrorCodes.DOCUMENT_DECRYPT_FAILURE));
+        return Future.reject(new SDKError(e as Error, ErrorCodes.DOCUMENT_DECRYPT_FAILURE));
     }
 }
 
@@ -182,14 +180,14 @@ export function decryptStream(inputStream: NodeJS.ReadableStream, outfile: strin
                 fs.rmdirSync(tempDirectoryName);
                 resolve(undefined);
             } catch (e) {
-                reject(new SDKError(e, ErrorCodes.DOCUMENT_DECRYPT_FAILURE));
+                reject(new SDKError(e as Error, ErrorCodes.DOCUMENT_DECRYPT_FAILURE));
             }
         });
 
         try {
             inputStream.pipe(decryptionStream.getDecryptionStream()).pipe(tempWritable);
         } catch (e) {
-            readOrWriteFailure(e);
+            readOrWriteFailure(e as Error);
         }
     });
 }

src/crypto/StreamingAES.ts

@@ -71,7 +71,7 @@ export class StreamingEncryption {
 export class StreamingDecryption {
     decipher: crypto.DecipherGCM | undefined;
     aesKey: Buffer;
-    iv = Buffer.alloc(0);
+    iv: Buffer = Buffer.alloc(0);
     hasStrippedOffVersionHeader = false;
     authTagAndLastBlock = Buffer.alloc(0);