diff --git a/tests/unit/oidc/models/test_gitlab.py b/tests/unit/oidc/models/test_gitlab.py
index 6d1d9c074efd..8e23e14521b2 100644
--- a/tests/unit/oidc/models/test_gitlab.py
+++ b/tests/unit/oidc/models/test_gitlab.py
@@ -36,6 +36,8 @@
             "gitlab.com/foo/bar//@.yml.foo.yml@bar.yml@/some/ref",
             "@.yml.foo.yml@bar.yml",
         ),
+        ("gitlab.com/foo/bar//a.yml@/some/ref", "a.yml"),
+        ("gitlab.com/foo/bar//a/b.yml@/some/ref", "a/b.yml"),
         # Malformed `ci_config_ref_uri`s.
         ("gitlab.com/foo/bar//notnested.wrongsuffix@/some/ref", None),
         ("gitlab.com/foo/bar//@/some/ref", None),
diff --git a/warehouse/oidc/models/gitlab.py b/warehouse/oidc/models/gitlab.py
index b3e9160a7c4a..078f89e8ff07 100644
--- a/warehouse/oidc/models/gitlab.py
+++ b/warehouse/oidc/models/gitlab.py
@@ -33,8 +33,8 @@
                       # component of the claim.
 
     (                 # our capture group
-        .+            # match one or more of any character, including slashes
-        [^/]          # match at least one non-slash character, to prevent
+        .*            # match zero or more of any character, including slashes
+        [^/]          # match exactly one non-slash character, to prevent
                       # empty basenames (e.g. `foo/.yml`)
         \.(yml|yaml)  # match the literal suffix `.yml` or `.yaml`
     )