Fix and enhance dependency management workflow

[rkingsbury]

Proximate issue: the introduction of pyEQL-phreeqc submodule has caused our Automated Dependency action to break. See https://github.com/KingsburyLab/pyEQL/actions/runs/20875350233/job/59983730871.

I believe this is because there is not yet a release of pyEQL-phreeqc on PyPi.

Separately, I would like to get @vineetbansal 's input on the cleanest way to manage dependency upgrades. I adopted the GitHub action from some other codes that attempt to manage all dependencies at once on a specific cadence (weekly, monthly, etc) as an alternative to one by one Dependabot PRs that arrive happenstance. But it appears that the Dependabot PRs have gotten turned back on, so we are in a bit of a messy situation at the moment.

Ideas welcome!

[vineetbansal]

hmm - I might be missing something here. This action updates platform specific dependencies in the requirements/ folder to their latest versions, but I don't see any other action that runs the test against the dependencies it finds in this folder. I would have expected to see something like pip install -r requirements/{matrix.os}-{py.version}.txt followed by pip install -e . --no-deps or something similar in another action.

In testing.yaml, we're doing:

pip install -e ".[testing]"

So essentially any PRs generated using this method are equivalent to the testing workflow being run by itself, ignoring any pinned dependencies?

[rkingsbury]

I think the platform-specific requirements are used in the test-comprehensive workflow that happens after a PR gets merged. See here.