pixi publish

Build a conda package and publish it to a channel.

pixi publish is a convenience command that builds a conda package from your workspace and uploads it to a channel in a single step. It combines the functionality of pixi build and pixi upload.

The --to flag determines the target channel. The upload backend is automatically detected from the URL:

URL pattern	Backend
https://prefix.dev/<channel>	prefix.dev
https://anaconda.org/<owner>	Anaconda.org
s3://bucket-name/channel	S3-compatible storage
file:///path/to/channel	Local filesystem
quetz://server/<channel>	Quetz
artifactory://server/<channel>	JFrog Artifactory

Usage

pixi publish [OPTIONS] --to <TO>

Options

• --target-platform (-t) <TARGET_PLATFORM>

  The target platform to build for (defaults to the current platform)
  default: current_platform

• --build-platform <BUILD_PLATFORM>

  The build platform to use for building (defaults to the current platform)
  default: current_platform

• --build-dir (-b) <BUILD_DIR>

  The directory to use for incremental builds artifacts

• --clean (-c)

  Whether to clean the build directory before building

• --path <PATH>

  The path to a directory containing a package manifest, or to a specific manifest file

• --to <TO>

  The target channel URL to publish packages to
  required: true

• --force

  Force overwrite existing packages

• --skip-existing <SKIP_EXISTING>

  Skip uploading packages that already exist on the target channel. This is enabled by default. Use --no-skip-existing to disable
  default: true
  options: true, false

• --generate-attestation

  Generate sigstore attestation (prefix.dev only)

Config Options

• --auth-file <AUTH_FILE>

  Path to the file containing the authentication token

• --concurrent-downloads <CONCURRENT_DOWNLOADS>

  Max concurrent network requests, default is 50

• --concurrent-solves <CONCURRENT_SOLVES>

  Max concurrent solves, default is the number of CPUs

• --pinning-strategy <PINNING_STRATEGY>

  Set pinning strategy
  options: semver, minor, major, latest-up, exact-version, no-pin

• --pypi-keyring-provider <PYPI_KEYRING_PROVIDER>

  Specifies whether to use the keyring to look up credentials for PyPI
  options: disabled, subprocess

• --run-post-link-scripts

  Run post-link scripts (insecure)

• --tls-no-verify

  Do not verify the TLS certificate of the server

• --tls-root-certs <TLS_ROOT_CERTS>

  Which TLS root certificates to use: 'webpki' (bundled Mozilla roots), 'native' (system store), or 'all' (both)
  env: PIXI_TLS_ROOT_CERTS

• --use-environment-activation-cache

  Use environment activation cache (experimental)

Update Options

• --no-install

  Don't modify the environment, only modify the lock-file

• --frozen

  Install the environment as defined in the lockfile, doesn't update lockfile if it isn't up-to-date with the manifest file
  env: PIXI_FROZEN

• --locked

  Check if lockfile is up-to-date before installing the environment, aborts when lockfile isn't up-to-date with the manifest file
  env: PIXI_LOCKED

• --as-is

  Shorthand for the combination of --no-install and --frozen

Description

Build a conda package and publish it to a channel.

This is a convenience command that combines pixi build and pixi upload.

Supported target channel URLs: - prefix.dev: https://prefix.dev/<channel-name> - anaconda.org: https://anaconda.org/<owner>/<label> - S3: s3://bucket-name - Filesystem: file:///path/to/channel - Quetz: quetz://server/<channel> - Artifactory: artifactory://server/<channel>

Examples

Publishing to prefix.dev

The most common use case is publishing packages to a channel on prefix.dev.

# Build and publish to your prefix.dev channel
pixi publish --to https://prefix.dev/my-channel

# Build for a specific target platform and publish
pixi publish --to https://prefix.dev/my-channel --target-platform linux-64

# Publish with sigstore attestation for supply chain security
pixi publish --to https://prefix.dev/my-channel --generate-attestation

# Force overwrite existing packages
pixi publish --to https://prefix.dev/my-channel --force

For authentication, either log in first with pixi auth login, or set the PREFIX_API_KEY environment variable:

# Option 1: Log in (credentials are stored in the keychain)
pixi auth login --token $MY_TOKEN https://prefix.dev
pixi publish --to https://prefix.dev/my-channel

# Option 2: Use trusted publishing in CI (no credentials needed)
pixi publish --to https://prefix.dev/my-channel

See the prefix.dev deployment guide for more details on setting up channels and trusted publishing.

Publishing to Anaconda.org

# Build and publish to your Anaconda.org account
pixi publish --to https://anaconda.org/my-username

# Publish to a specific label/channel
pixi publish --to https://anaconda.org/my-username/dev

Publishing to S3

When publishing to S3, the channel is automatically initialized (if new) and indexed after the upload.

# Build and publish to an S3 bucket (using AWS credentials from environment)
pixi publish --to s3://my-bucket/my-channel

S3 credentials are resolved from the standard AWS credential chain (environment variables, shared credentials file, instance profiles, etc.).

Publishing to a local filesystem channel

Local channels are useful for development and testing. The channel directory is automatically created and indexed.

# Build and publish to a local channel
pixi publish --to file:///path/to/my-channel

# Force overwrite if the package already exists
pixi publish --to file:///path/to/my-channel --force

Publishing from a specific manifest

# Publish a package from a specific recipe
pixi publish --to https://prefix.dev/my-channel --path ./my-recipe/recipe.yaml

# Publish from a different workspace
pixi publish --to https://prefix.dev/my-channel --path ./my-project/

Clean rebuild and publish

# Clean the build directory before building and publishing
pixi publish --to https://prefix.dev/my-channel --clean

Authentication

pixi publish uses the same authentication system as other pixi commands. Credentials can be configured in three ways:

1. Keychain / auth-file: Use pixi auth login to store credentials

   pixi auth login --token $MY_TOKEN https://prefix.dev
   

2. Trusted publishing (CI): On GitHub Actions, GitLab CI, or Google Cloud, prefix.dev supports OIDC-based trusted publishing — no stored secrets required. See the prefix.dev trusted publishing guide.

3. Environment variables:

   • PREFIX_API_KEY for prefix.dev
   • ANACONDA_API_KEY for Anaconda.org
   • QUETZ_API_KEY for Quetz
   • ARTIFACTORY_TOKEN for Artifactory
   • Standard AWS environment variables for S3

Comparison with pixi build + pixi upload

pixi publish is a shorthand for running pixi build followed by pixi upload. Use it when you want a single command to build and deploy. If you need more control over the build output before uploading (e.g., testing the package locally), use pixi build and pixi upload separately.