Prevent Ansible running an out of date version of a playbook

Context

You've got a collection of Ansible Playbooks in a git repo shared between a team and want make sure that someone doesn't accidentally run an out of date version of a playbook.

Solution

Create a role "ensure-safe-to-run" or some such, and add it as the first role in any playbooks list.

- name: ensure local infrastructure repo is up to date
  local_action: shell git remote show origin
  register: command_result
  failed_when: "'local out of date' in command_result.stdout"
  sudo: no

This runs a local shell action, captures the result, and checks it for the text "local out of date". If it sees that in the output, it will fail and the rest of the playbook won't run. Leaving you to do a git pull manually.

It won't check on your own changes, so you can add new playbooks and modify existing ones freely