diff --git a/hack/make-rules/verify.sh b/hack/make-rules/verify.sh
index 41ab4adcb7f..1d5556ac8a2 100755
--- a/hack/make-rules/verify.sh
+++ b/hack/make-rules/verify.sh
@@ -33,6 +33,7 @@ source "${KUBE_ROOT}/third_party/forked/shell2junit/sh2ju.sh"
 EXCLUDED_PATTERNS=(
   "verify-all.sh"                # this script calls the make rule and would cause a loop
   "verify-*-dockerized.sh"       # Don't run any scripts that intended to be run dockerized
+  "verify-golangci-lint-pr.sh"   # Don't run this as part of the block pull-kubernetes-verify yet. TODO(pohly): try this in a non-blocking job and then reconsider this.
   "verify-licenses.sh"           # runs in a separate job to monitor availability of the dependencies periodically
   )
 
diff --git a/hack/verify-golangci-lint-pr.sh b/hack/verify-golangci-lint-pr.sh
new file mode 100755
index 00000000000..a3491585c28
--- /dev/null
+++ b/hack/verify-golangci-lint-pr.sh
@@ -0,0 +1,37 @@
+#!/usr/bin/env bash
+
+# Copyright 2022 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# This script checks a PR for the coding style for the Go language files using
+# golangci-lint. It does nothing when invoked as part of a normal "make
+# verify".
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+if [ ! "${PULL_NUMBER:-}" ]; then
+  echo 'Not testing anything because this is not a pull request.'
+  exit 0
+fi
+
+KUBE_ROOT=$(dirname "${BASH_SOURCE[0]}")/..
+
+# TODO (https://github.com/kubernetes/test-infra/issues/17056):
+# take this additional artifact and convert it to GitHub annotations
+# to make it easier to see these problems during a PR review.
+#
+# -g "${ARTIFACTS}/golangci-lint-githubactions.log"
+"${KUBE_ROOT}/hack/verify-golangci-lint.sh" -r "${PULL_BASE_SHA}" -s
diff --git a/hack/verify-golangci-lint.sh b/hack/verify-golangci-lint.sh
index 01d8ca728c2..5d4925ea899 100755
--- a/hack/verify-golangci-lint.sh
+++ b/hack/verify-golangci-lint.sh
@@ -26,6 +26,8 @@ Usage: $0 [-r <revision>|-a] [-s] [-c none|<config>] [-- <golangci-lint run flag
    -a: automatically select the common base of origin/master and HEAD
        as revision
    -s: select a strict configuration for new code
+   -g <github action file>: also write results with --out-format=github-actions
+       to a separate file
    -c <config|"none">: use the specified configuration or none instead of the default hack/golangci.yaml
    [packages]: check specific packages or directories instead of everything
 EOF
@@ -58,7 +60,7 @@ golangci_config="${KUBE_ROOT}/hack/golangci.yaml"
 base=
 strict=
 githubactions=
-while getopts "ar:sc:" o; do
+while getopts "ar:sg:c:" o; do
   case "${o}" in
     a)
       base="$(git merge-base origin/master HEAD)"
@@ -75,6 +77,9 @@ while getopts "ar:sc:" o; do
       golangci_config="${KUBE_ROOT}/hack/golangci-strict.yaml"
       strict=1
       ;;
+    g)
+      githubactions="${OPTARG}"
+      ;;
     c)
       if [ "${OPTARG}" = "none" ]; then
         golangci_config=""
@@ -131,19 +136,31 @@ popd >/dev/null
 cd "${KUBE_ROOT}"
 
 res=0
-if [[ "${#targets[@]}" -gt 0 ]]; then
+run () {
+  if [[ "${#targets[@]}" -gt 0 ]]; then
     echo "running ${golangci[*]} ${targets[*]}" >&2
     "${golangci[@]}" "${targets[@]}" >&2 || res=$?
-else
+  else
     echo "running ${golangci[*]} ./..." >&2
     "${golangci[@]}" ./... >&2 || res=$?
     for d in staging/src/k8s.io/*; do
-        MODPATH="staging/src/k8s.io/$(basename "${d}")"
-        echo "running ( cd ${KUBE_ROOT}/${MODPATH}; ${golangci[*]} --path-prefix ${MODPATH} ./... )"
-        pushd "${KUBE_ROOT}/${MODPATH}" >/dev/null
-            "${golangci[@]}" --path-prefix "${MODPATH}" ./... >&2 || res=$?
-        popd >/dev/null
+      MODPATH="staging/src/k8s.io/$(basename "${d}")"
+      echo "running ( cd ${KUBE_ROOT}/${MODPATH}; ${golangci[*]} --path-prefix ${MODPATH} ./... )"
+      pushd "${KUBE_ROOT}/${MODPATH}" >/dev/null
+        "${golangci[@]}" --path-prefix "${MODPATH}" ./... >&2 || res=$?
+      popd >/dev/null
     done
+  fi
+}
+# First run with normal output.
+run "${targets[@]}"
+
+# Then optionally do it again with github-actions as format.
+# Because golangci-lint caches results, this is faster than the
+# initial invocation.
+if [ "$githubactions" ]; then
+  golangci+=(--out-format=github-actions)
+  run "$${targets[@]}" >"$githubactions" 2>&1
 fi
 
 # print a message based on the result