diff --git a/.github/workflows/github-actions-clang-tidy-bazel-post.yml b/.github/workflows/github-actions-clang-tidy-bazel-post.yml
index 881ea716040..e1d989bfee5 100644
--- a/.github/workflows/github-actions-clang-tidy-bazel-post.yml
+++ b/.github/workflows/github-actions-clang-tidy-bazel-post.yml
@@ -24,8 +24,11 @@ permissions:
 
 jobs:
   Post-Reviewdog:
-    # Skip if the upstream build failed before producing an artifact.
-    if: ${{ github.event.workflow_run.conclusion == 'success' }}
+    # Run on success AND failure: Stage A intentionally exits non-zero when
+    # clang-tidy findings exist on the PR diff (to fail the required PR
+    # check), but the artifact is uploaded *before* that fail step, so the
+    # findings are still posted as review comments. Only skip on cancelled.
+    if: ${{ github.event.workflow_run.conclusion != 'cancelled' }}
     runs-on: ${{ vars.USE_SELF_HOSTED == 'true' && 'self-hosted' || 'ubuntu-latest' }}
     steps:
       # Reviewdog's github-pr-review reporter resolves the local git root
diff --git a/.github/workflows/github-actions-clang-tidy-bazel.yml b/.github/workflows/github-actions-clang-tidy-bazel.yml
index 522120654e3..4166c770af3 100644
--- a/.github/workflows/github-actions-clang-tidy-bazel.yml
+++ b/.github/workflows/github-actions-clang-tidy-bazel.yml
@@ -110,3 +110,28 @@ jobs:
             pr-meta.txt
           retention-days: 7
           if-no-files-found: error
+
+      - name: Set up reviewdog
+        uses: reviewdog/action-setup@v1
+        with:
+          reviewdog_version: latest
+
+      - name: Fail check on clang-tidy findings in PR diff
+        # Runs after the artifact upload so the post workflow always has the
+        # findings to comment on, even when this step exits non-zero.
+        # Uses -reporter=local because the fork-PR token is read-only here;
+        # local mode just prints to stdout and exits with -fail-level=any if
+        # findings exist. The post workflow does the actual review posting.
+        env:
+          BASE_SHA: ${{ github.event.pull_request.base.sha }}
+          HEAD_SHA: ${{ github.event.pull_request.head.sha }}
+        run: |
+          reviewdog \
+            -efm="%E%f:%l:%c: error: %m" \
+            -efm="%W%f:%l:%c: warning: %m" \
+            -name="clang-tidy" \
+            -reporter=local \
+            -diff="git diff ${BASE_SHA}...${HEAD_SHA}" \
+            -filter-mode=added \
+            -fail-level=any \
+            < clang-tidy.txt