Error with aws signer plugin

[saintmalik]

Hello, i have been unable to use this notation github action with the AWS Signer plugin, just keep gettig errors Error: Error: downloaded plugin does not match user input plugin_name, expected "notation-aws-signer-plugin" not found

here is my config

      - name: setup Notation CLI
        if: steps.changed-files-specific.outputs.any_changed == 'true'
        uses: notaryproject/notation-action/setup@v1
        with:
          version: 1.0.0

      - name: sign releasd artifact with signing plugin
        uses: notaryproject/notation-action/sign@v1
        with:
          plugin_name: aws-signer-plugin
          plugin_url: https://d2hvyiie56hcat.cloudfront.net/linux/amd64/plugin/latest/notation-aws-signer-plugin.zip
          plugin_checksum: cccfe8fdcdf853d83fd57ffc80524eddda75ad7ae9d9a257b087007230ec02f9
          key_id: arn:aws:signer:region:xxxxxxxxx:/signing-profiles/ecr_signing_profile
          target_artifact_reference: 111122223333.dkr.ecr.Region.amazonaws.com/curl@sha256:ca78e5f730f9a789ef8c63bb55275ac12dfb9e8099e6EXAMPLE
          signature_format: cose
          plugin_config: |-
            self_signed=true

[dorozuker]

had the same issue, after some brute force i simply downloaded the plugin zip and checked the filename.
its:
notation-com.amazonaws.signer.notation.plugin
be advised, that the action code adds "notation-" as prefix so the value for plugin name shoudl be
"com.amazonaws.signer.notation.plugin"

[FeynmanZhou]

Hi @priteshbandi @vaninrao10 ,

Would you mind following up this issue and help resolve it?

[priteshbandi]

If the plugin binary already includes the notation- prefix in its name, there is no need to add an additional notation- prefix. The code needs to be updated.

Ref: https://github.com/notaryproject/notation-action/blob/570add314ee2874c3a8aaac2027548c6f14c0756/src/sign.ts#L37C7-L37C27

[dorozuker]

ideally, it would be great to simply have all this info in the readme examples. a note there about the prefix and an example with the actual plugin name and references to all relevant naming convention and limitations (for example, cose is not supported for aws plugin)

[priteshbandi]

      - name: setup Notation CLI
        uses: notaryproject/notation-action/setup@v1
        with:
          version: 1.0.0
      - name: Sign artifact using notation plugin
        uses: notaryproject/notation-action/sign@v1
        with:
          plugin_name: com.amazonaws.signer.notation.plugin
          plugin_url: https://d2hvyiie56hcat.cloudfront.net/linux/amd64/plugin/latest/notation-aws-signer-plugin.zip
          plugin_checksum: cccfe8fdcdf853d83fd57ffc80524eddda75ad7ae9d9a257b087007230ec02f9
          key_id: 'arn:aws:signer:us-west-2:xxxxxxxxx:/signing-profiles/account'
          target_artifact_reference: xxxxxxx.dkr.starport.us-west-2.amazonaws.com/go-http-server:latest

@saintmalik @dorozuker Can you please test with plugin_name: com.amazonaws.signer.notation.plugin ?

[saintmalik]

it works now, thank you