Merge branch...

Merge branch '30146-let-s-encrypt-integration-doesn-t-scale-and-does-not-give-any-feedback-to-user-on-errors-3' into 'master'

Stop obtaining Let's Encrypt certificates if we already failed

See merge request gitlab-org/gitlab!27775

app/workers/pages_domain_ssl_renewal_cron_worker.rb

@@ -10,6 +10,11 @@ class PagesDomainSslRenewalCronWorker # rubocop:disable Scalability/IdempotentWo
     return unless ::Gitlab::LetsEncrypt.enabled?
 
     PagesDomain.need_auto_ssl_renewal.with_logging_info.find_each do |domain|
+      # Ideally that should be handled in PagesDomain.need_auto_ssl_renewal scope
+      # but it's hard to make scope work with feature flags
+      # once we remove feature flag we can modify scope to implement this behaviour
+      next if Feature.enabled?(:pages_letsencrypt_errors, domain.project) && domain.auto_ssl_failed
+
       with_context(project: domain.project) do
         PagesDomainSslRenewalWorker.perform_async(domain.id)
       end

spec/workers/pages_domain_ssl_renewal_cron_worker_spec.rb

@@ -21,6 +21,10 @@ describe PagesDomainSslRenewalCronWorker do
     let!(:domain_without_auto_certificate) do
       create(:pages_domain, :without_certificate, :without_key, project: project, auto_ssl_enabled: true)
     end
+    let!(:domain_with_failed_auto_ssl) do
+      create(:pages_domain, :without_certificate, :without_key, project: project,
+             auto_ssl_enabled: true, auto_ssl_failed: true)
+    end
 
     let!(:domain_with_expired_auto_ssl) do
       create(:pages_domain, :letsencrypt, :with_expired_certificate, project: project)
@@ -34,7 +38,8 @@ describe PagesDomainSslRenewalCronWorker do
       end
 
       [domain,
-       domain_with_obtained_letsencrypt].each do |domain|
+       domain_with_obtained_letsencrypt,
+       domain_with_failed_auto_ssl].each do |domain|
         expect(PagesDomainSslRenewalWorker).not_to receive(:perform_async).with(domain.id)
       end
 

spec/workers/pages_domain_ssl_renewal_worker_spec.rb

@@ -26,6 +26,8 @@ describe PagesDomainSslRenewalWorker do
     shared_examples 'does nothing' do
       it 'does nothing' do
         expect(::PagesDomains::ObtainLetsEncryptCertificateService).not_to receive(:new)
+
+        worker.perform(domain.id)
       end
     end