feat: add download Action for delegator (#2136)

Signed-off-by: laurentsimon <laurentsimon@google.com>

Author: laurentsimon

actions/delegator/secure-attestations-download/action.yml

@@ -0,0 +1,37 @@
+# Copyright 2023 SLSA Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+name: "Secure attestations download for delegator"
+description: "Download a set of attestations and verify their SHA256"
+inputs:
+  name:
+    description: "Artifact name. (Note: this is a name given to an upload, not the path or filename)."
+    required: true
+  path:
+    description: "The path to download the attestations into. (Must be under the GITHUB_WORKSPACE)"
+    required: false
+    default: "."
+  sha256:
+    description: "SHA256 of the file for verification."
+    required: true
+
+runs:
+  using: "composite"
+  steps:
+    - name: Download the attestations
+      uses: slsa-framework/slsa-github-generator/.github/actions/secure-download-folder@main
+      with:
+        name: ${{ inputs.name }}
+        path: ${{ inputs.path }}
+        sha256: ${{ inputs.sha256 }}