Download the same tarball with different URLs like '/repository/archive.tar.bz2?ref=v{version}'

Summary

Every time I download a tarball via URLs like 'https://gitlab.com/gitlab-org/gitlab-ce/repository/archive.tar.bz2?ref=v10.7.0' using different version numbers as an argument of ref I download the same file (despite of different version numbers in the URLs).

In particular, the link 'https://gitlab.com/gitlab-org/gitlab-ce/repository/archive.tar.bz2?ref=v{version}' currently always gives file gitlab-ce-master-627eba55d63daf7e725edc5425debfc3890f2f9f.tar.bz2 which is the current tip of the 'master' branch in the 'gitlab-ce' repository.

Steps to reproduce

Run the following commands:

# Download the files
$ curl --output gitlab_10_7_0.tar.bz2 --url https://gitlab.com/gitlab-org/gitlab-ce/repository/archive.tar.bz2?ref=v10.7.0
$ curl --output gitlab_10_6_0.tar.bz2 --url https://gitlab.com/gitlab-org/gitlab-ce/repository/archive.tar.bz2?ref=v10.6.0
# Compare hashes
$ sha512sum gitlab_10_*.tar.bz2

I get the following result with the same hash sums:

f09a637a1806d4a77cead94ea6c231a79a05fd4a0f1050a47a5d46e5120424bf3c04c90ede5eaefb10807eb939513bb022514594522054a30d18a14ae468d4a2 *gitlab_10_6_0.tar.bz2
f09a637a1806d4a77cead94ea6c231a79a05fd4a0f1050a47a5d46e5120424bf3c04c90ede5eaefb10807eb939513bb022514594522054a30d18a14ae468d4a2 *gitlab_10_7_0.tar.bz2

It does not matter what versions and/or projects I choose: gitlab-ce, gitaly, etc. Of course, for each different project I will get a different file, but within one project I always get the same file.

What is the current bug behavior?

The URLs like 'https://gitlab.com/gitlab-org/{project}/repository/archive.tar.bz2?ref=v{version}' response with the same file.

What is the expected correct behavior?

A different HTTP GET must response with a different versioned files.

Relevant logs and/or screenshots

I have started discussion of this issue on the GitLab's IRC channel, where pytony bumped into the same problem and shared the following log: https://bpaste.net/show/354c59833e4b.

Output of checks

Just compare the hashes of downloads from above, they are the same:

$ sha512sum gitlab_10_*.tar.bz2 | sed -e 's/\([^ ]\) .\+/\1/'
f09a637a1806d4a77cead94ea6c231a79a05fd4a0f1050a47a5d46e5120424bf3c04c90ede5eaefb10807eb939513bb022514594522054a30d18a14ae468d4a2
f09a637a1806d4a77cead94ea6c231a79a05fd4a0f1050a47a5d46e5120424bf3c04c90ede5eaefb10807eb939513bb022514594522054a30d18a14ae468d4a2

Possible fixes

If I use links like 'https://gitlab.com/gitlab-org/gitlab-ce/-/archive/v10.7.0/gitlab-ce-v10.7.0.tar.bz2' the problem disappears. The latter is a link from the "Tags" GitLab page.